The software bug caused an exceptionally wide range of problems worldwide. Aalto University professor Tuomas Aura tells what can be concluded from chaos.
The consequences of the global software error are still being fixed for days.
A faulty antivirus update from the US security company Crowdstrike spread to Windows operating systems on Thursday evening Finnish time and caused worldwide problems.
The incorrect update concerned the information security of large companies. At least a few Finnish companies also suffered from problems. US newspaper The New York Times newsthat in many companies it may take days or even weeks to correct the error.
We asked the Aalto University professor From Tuomas Aurawhat can be concluded from the chaos and whether something can be done differently to avoid problems in the future.
1. Operating systems are more stable than ever
Despite worldwide problems, widely used software and operating systems are surprisingly stable these days. Over the past decades, software has become more secure, and major problems rarely occur.
– For example, Windows systems and others crashed constantly in the 90s, says Aura, who studied information security and data processing.
According to him, Crowdstrike’s security program monitors all computer events. The program acts at the core of the operating system and has access to everything.
If there is a bug in the software, it might break the operating system badly. Even so that the computer won’t start at all. The error made by Crowdstrike, where when loading the driver, the machine no longer starts correctly, is quite common. According to Aura, it is surprising that the basic error has gotten through the company’s processes.
2. Was it carelessness or haste?
The problems affecting many countries may have been the result of Crowdstrike’s carelessness.
Another possibility is that the reason is a new feature that has been wanted quickly to be used all over the world. In this case, the company’s own testing has not detected an error in the software.
The more precise reason for the error will probably remain hidden from the public.
– They don’t say what the technical reason was exactly why they made this mistake, says Aura.
According to Aura, information security companies are in constant competition with criminals. The company tries to defend its customers’ systems in such a way that it detects attacks and implements the necessary new features as quickly as possible.
3. The operation is concentrated
Aura believes that Crowdstrike and its competitors will learn from the mistake. In the future, testing and introduction of new versions will probably be implemented better.
– The basic solution is to introduce new versions with a small number of customers and see what happens. Then you can’t get the whole world to be my model.
Global problems show that information security activities are concentrated around the world. If there was more competition, one small player wouldn’t get services worldwide.
According to Aura, the extraordinary scale of the problems shows that Crowdstrike is a very successful information security company. The more customers they have, the more effectively they can implement their control.
Therefore, concentration cannot necessarily be prevented, Aura reflects.