[cqqxo4zV46cp]

Except for owner consent, which in the case of corporate machines is unambiguously and irrefutably the corporation, as much as everyone here seems to despise that reality.

All these “blah blah blah is indistinguishable from malware” things aren’t profound, smart, or even witty. They’re spouted by the peanut gallery that has the luxury of not being responsible for deciding whether or not to use one of these systems.

Needing to explain to techies that ‘informed consent matters’ speaks to an utterly saddening stereotype.

[llm_trw]

Techies are the only ones who can give informed consent and we're constantly over ruled by the risk department, because the glue eaters over there think that a sleek presentation means the saleswoman on the other end knows what she's talking about.

[nonrandomstring]

> Except for owner consent

There isn't any. None that is meaningful. Sure, you can trick someone into 'signing' something, out of desperation and confusion. But the average person has no capacity. It's not that people are stupid, they are simply not informed nor are they ever entreated to anything that even looks like an actual contract. This is the colossal elephant in the room of digital tech.

[akerl_]

Crowdstrike isn’t installed by the average person. It’s selected and installed by an organization’s IT and/or Infosec teams. Just like everything other enterprise security software.

Those teams 100% have the capacity to make an informed decision.

[nonrandomstring]

> 100%

Not sure about that. Groups of professionals don't appear better at navigating this space than individuals. I'm sure you've sat in such agonising meetings too. Common experience: They're hellholes of group-think, risk aversion, inertia, legacy constraints, resistance to change, pressure to reach fast decisions, duress or undue influence from salesmen and 'partners'.

Have you ever seen a company of any size actually sit down, open-mindedly weigh up a real and serious evidence-based long term security plan built around risk analysis, a full network and service overview, with all real software options on the table and all stakeholders present. Companies made up of well educated people with impressive job titles are as vulnerable to pitfalls and shortcuts as anyone else. They just operate, and fall victim to scams, on an organisational scale. Crowdstrike and other protection rackets are a way to make a problem go away, not to face its complexity head on.

[noduerme]

For sure. After something that looked like a data breach (but turned out to be a hilariously funny glitch caused by a Chrome update that suddenly started translating one part of an app into Romanian) I was in on a lengthy pitch meeting for a similar endpoint security package from a company larger and more recognizable than CrowdStrike. After which I told the CEO of the company I worked for hell no there is no way we are putting this on all our machines and giving these idiots root access. They have no clue what they're talking about. Most of these machines don't even face users and they're talking about checking for suspicious links in emails employees open.

[teeheelol]

No they don’t. Most barely understand what they are proposing or the risks associated with the mechanisms being introduced.