Q&A How can a software update cause such chaos?
Check-in desks at American Airlines start to build in Dublin Airport Terminal 2 as a major cyber problem affects many airlines and and companies around the world. Picture: Collins
With systems across the world hit by a global IT outage being blamed on an update to Crowdstrike software, Dr Simon Woodworth, lecturer in Business Information Systems at University College Cork, explains what is happening.
“Crowdstrike software is designed to protect Windows systems from cyberattack. The software keeps an eye out for viruses, malware, and attempts to attack the system from outside. When a Windows system boots up, if Crowdstrike is installed, then the software runs just after the PC is powered on. What happened here is that a specific piece of software called Falcon Sensor, after a faulty update, causes Windows to fail on startup."
“The exact cause is unknown, but one possible cause is that the update was inadequately tested and a coding error crept through to the software that was released to users overnight. The fault seems to be with a specific piece of software called Falcon Sensor, which watches for suspicious internet traffic either to or from the Windows PC. It appears that the faulty Falcon Sensor caused Windows to crash when booting up.”
“A fix has already been announced and obviously companies affected will work to deploy it as quickly as possible. Unfortunately, the knock-on effects will take much longer to clean up. This includes recovering from the huge business disruption caused.”
“They should be. We don't know how this fault got through but it is possible someone made a coding error and for whatever reason the normal suite of software tests failed to catch it.”
If the security software isn't working then, yes, there is an increase risk that an attack will be successful. But if the system affected isn't running then it can't easily be attacked. The problem here is that everyone will usually want to apply security updates as soon as possible, and if those updates are faulty, then they'll have exactly the opposite to the desired effect.
"In this case it doesn't seem to be. But yes, it is a possible mode of attack where malicious software is introduced in an otherwise innocuous software update."
“It depends on the update policy of the companies concerned. Some may have decided to delay the update for their own reasons. This isn't an unreasonable thing to do, as this is not the first time software updates have caused problems, thought not on this scale.
Also, not everyone uses Crowdstrike and a lot of systems do not use Windows. In particular, mission-critical systems that control aircraft, for example, do not use Windows at all.”
