is my plane about to crash that's the thought that went through my head let me rewind when the crowd strike Microsoft bug hit millions of computers worldwide a massive Global Technical outage caused chaos and confusion around the world crowd strike says it identified a critical problem caused by a faulty software update I was high up in the air uh somewhere between Singapore and taipe at the time thankfully the plane was fine but Airlines in fact seemed to be the hardest hit forcing the cancellation or delay of thousands of flights and it wasn't just flights when millions of computers were inadvertently hit with what was ultimately a bad security software update Banks and businesses using Windows got slammed with the blue screen of death even 9911 service in some areas was compromised and then more pain for Microsoft this time its Suite of subscription office tools fell to a Cyber attack intentionally hit with a flood of traffic meaning actual users got slow service or couldn't connect at all you can see the outage indicators for Microsoft's cloud computing platform down across the board again worldwide it all has more and more people wondering just how dependent on Microsoft have we really become and does this dependency open us up to all kinds of problems when Microsoft has a problem as I started looking into this I very quickly realized this is not a simple question to answer because not all of this is Microsoft's fault but there is a vulnerability so let's work through [Music] it if you're like most people you might have a few very obvious touch points with Microsoft that you can think of very easily you might use Windows that's a big one or maybe you use Microsoft Word or or you're crunching numbers in Excel or if you have a gamer in your household you might have an Xbox or you play Minecraft that's all Microsoft if you use teams at work or Skype to call Family Outlook to get emails or Edge just to browse the internet you're exposed to Microsoft and hopefully this never happens but if everything Microsoft was to Simply disappear or break one day The Fallout would be catastrophic a lot of the business world would grind to a halt ATMs use them so you wouldn't be able to get cash from your bank um some industrial control systems that are used for manufacturing or controlling shipyards those would stop working also Manufacturing Systems even some some Vehicles use Windows for some of their purposes last year Microsoft stated there were more than 1.4 billion Windows PCS worldwide as an operating system that's something around a 72% global market share on desktop PCS and laptops and this spans all kinds of industries from office work to hospitals and Health Care schools research government Finance manufacturing retail media Logistics Transportation basically anything you can imagine now there's a long history of how Microsoft put itself in this position Microsoft the Monopoly computer makers had to buy Windows from Microsoft the new browser would automatically come with it in one year Microsoft's share of the browser Market Rose like a rocket a monopolist engaged in predatory and anti-competitive behavior by every measure they are monopolist Microsoft could face more EU fines for failing to comply with an anti-rust settlement to give Windows users a choice of web browsers Microsoft faces a new antitrust complaints in Europe but when we're asking ourselves are we too dependent on Microsoft to work in order for our lives to work what I think has been less clear with the crowd strike outage is how much of that was Microsoft's [Music] fault the crowd strike Fiasco has been held up as an example of how we're too reliant on Microsoft but I think it helps to understand exactly where things went wrong there crowd strike is a company that produces security software which detects malware on Windows computers and other operating systems and then tries to prevent it from doing harm crowd strike creates software that pinpoints and neutralizes cyber threats viruses malware that sort of thing but unlike most apps you'll ever install it has very privileged access on your computer you can think of a computer security like concentric circles windows for example has a couple of layers of security the core or the kernel operates at the highest privilege level they actually call that ring zero it's where the operating system talks to Hardware manages memory basically handles all of the core functions of your computer but one layer out that's you that's the user layer it's where most applications run except the kind of stuff crowd strike makes because its security software needs to monitor everything your computer does it needs under the hood access to be effective it operates at the kernel level so to take the analogy one step further it's the difference between you driving your car and a mechanic looking at your engine you can drive all day and and do all the things in your car that you're meant to do in a car but the mechanic that's where the real control is right he or she can Tinker modify change the very nature of how your car drives whereas you at the steering wheel only have so much control the problem is when the mechanic goes Rogue in the case of crowd strike a faulty update that was downloaded to millions of computers caused a logic error a crash if that had happened at the user security level it wouldn't be that big of a deal you'd probably just get an error message and the program would crash end of story but at the kernel level when something in kernel mode crashes the whole system crashes and that's by Design the kernel is the most trusted part of the operating system it lets things like your other programs actually run and isolates them from each other when something goes wrong there it doesn't have anything to do other than stop in most cases so to bring back the mechanic analogy if something goes wrong let's say the mechanic botches the crankshaft timing on the engine you can imagine how that could lead to all kinds of disastrous consequences when you get your car out of the shop and drive it down the highway multiplied by billions of cars around the world you've got a serious Safety and Security problem so if the mechanic is tinkering with something as important as your car's engine and something goes wrong wouldn't it be better if the whole car just shuts down like maybe it's best for the car to become undrivable until the mechanic is able to resolve the issue that's this the blue screen of death what protects your computer and its files from things going bad at the kernel level that's what happened to at least 8.5 million computers around the world when crowd strike software failed at a privilege level where nothing is supposed to fail Microsoft needs a better API here and needs to do a lot more to fix this situation um but it's also clear that crowd strike has just been intensely negligent with how they acted but the question remains are we too reliant on Microsoft if such a small thing can cause such a big problem Apple devices wouldn't have had this problem because they're much more restrictive on who gets kernel access at all and it's true the windows kernel isn't as protected but Microsoft says that's not our fault blame the EU Microsoft has finally given in and will comply with antitrust rulings from the European Union after a three-year battle the software giant agreed to make the technical data of Windows available to its competitors 15 years ago Microsoft made a deal with the European commission that requires it to give thirdparty security companies the same kind of access that Microsoft's own products get so if windows and its own security soft software can operate at the kernel level so too should others the EU I think quite rightfully looked at this and said this is not appropriate that this company should be able to use its Monopoly and operating systems to force other people out of another market like web browsers all in the interest of fairness but clearly the more you open up your kernel there is a vulnerability there Microsoft wants to fix it in a blog post saying it's looking at reducing the need for kernel drivers to access important security data there's some technical jargon in there but what they're basically saying is that they want to find a way for third- party security companies like crowd strike to be able to do their jobs without giving them direct access to the kernel which is where everything went so wrong to begin with but despite all of this even if Microsoft wasn't directly at fault for what happened that hasn't stopped the world from asking whether we need to diversify Beyond Microsoft [Music] to be clear it would be a tall order to force some kind of large scale societal switch over from Windows to Apple OS or Linux or what have you because for starters a lot of business software is designed for Windows it infrastructure maintenance training all of that would have to be changed over and at whose cost so there are a bunch of organizations that have moved away from Windows to Linux and usually there's pain so allowing people to log on um allowing people to change their password all that functionality would need to be replicated so it' be a huge amount of effort and probably quite disruptive but it is possible over a period of about 10 years France's national police force did exactly this it gradually switched over from Windows to Linux it was a colossal effort and required the buyin and the training of all of its staff but in the and more than 70,000 desktop PCS were converted and there have been cases in Canada but also in Europe and other even in parts of the United States where uh large organizations have switched from Windows to Linux and remember the European commission which Microsoft believes forced it to compromise on security to encourage competition it's worked in stop there it's been a big proponent of open-source software sharing code with in the European Union breaking away from Big Tech like Microsoft and ultimately mitigating dependence on any one company there are tons and tons of excellent open- Source Products out there what it does do is give people the ability to move and then that reduces the control that companies have so what's the bottom line are we too dependent on Microsoft maybe but changing that on a large scale while doable wouldn't be easy if you think that should change at all and it's worth noting Microsoft wouldn't go quietly into the night it's currently worth more than3 trillion the second most valuable company on the planet [Music]