Over the last few days, tech news has been dominated by one thing: the CrowdStrike outage. On July 19, businesses around the world were affected by a major computer failure, as banks, airports, hospitals and more saw their vital systems go offline, leaving customers stranded without help.
The root cause was quickly pinpointed to a faulty update to the CrowdStrike antivirus software. Affected computers had been running this app and were unable to boot after the update was installed, leading to chaos around the world.
But there was one curious wrinkle in this story: only Windows computers seemed to be affected, with CrowdStrike’s CEO explicitly saying that macOS and Linux systems were safe. Why was that the case, and what does it say about the resilience — or vulnerability — of Windows versus other operating systems?
A faulty update
Since the problem was caused by a faulty antivirus update, you might be tempted to think that this is what shielded Macs from the fallout. After all, Windows has a much worse reputation than macOS when it comes to viruses, with many people believing that Apple’s computers simply don’t need antivirus apps, either because they’re better protected against malware already or because hackers don’t bother attacking Macs.
But that doesn’t properly explain the CrowdStrike situation. I spoke to Joshua Long, chief security analyst at Mac antivirus firm Intego, who noted that “the incident was caused by a faulty CrowdStrike content update, a configuration file that CrowdStrike pushed out to Windows endpoints. This file triggered a logic error in CrowdStrike’s Windows software, which caused impacted PCs to crash with a blue screen of death.”
That suggests that the problem wasn’t actually inherent to Windows, and its absence from macOS was not down to the superior security of that system. As Long told me, “Macs are not immune to software bugs, including problems caused by third-party endpoint protection software. It is entirely plausible that similar problems could occur on Macs at some point in the future.”
According to developer and author Howard Oakley, however, this specific issue would not happen in macOS. That’s because Apple has configured its operating system to reduce the likelihood of the type of kernel panics that caused the CrowdStrike outage.
The Wall Street Journal has made a similar claim, noting that Microsoft told the outlet that “it cannot legally wall off its operating system in the same way Apple does because of an understanding it reached with the European Commission following a complaint. In 2009, Microsoft agreed it would give makers of security software the same level of access to Windows that Microsoft gets.”
In other words, the level of access that software makers get to Windows’ core functions is far greater than what Apple allows — and there’s nothing Microsoft can do about it. As Tony Law, cybersecurity expert and IT Infrastructure manager at security firm CovertSwarm told me: “That isn’t to say that macOS is immune to such issues … just that there is a layer of abstraction in place to reduce the likelihood and limit the impact.”
While Macs could still be vulnerable to other problems caused by poorly configured software updates, they might not be as devastating as the CrowdStrike outage was for Windows.
Some problems will continue to affect both Windows and macOS, though. Long explained that “the real issue here is that CrowdStrike evidently did not carefully validate the faulty update file. As CrowdStrike has learned the hard way, it is critically important for software companies to thoroughly test updates before deploying them to customers. And that’s true regardless of whether you develop Windows, Mac, or Linux software.”
Switching to Mac?
There’s another factor that comes into play here: the sheer prevalence of Windows PCs around the world. PCs still heavily outnumber Macs in industry settings, making the potential impact of a Windows-specific bug in CrowdStrike’s update all the more lethal.
But the fact that enterprises that use Macs came out of the incident unscathed doesn’t mean they can rest easy. For one thing, as we alluded to earlier, the CrowdStrike bug could just as easily have affected macOS as it did Windows. While the global impact would not be as large, it would still be potentially devastating for the companies involved.
For another thing, Long cautions against complacency, warning that the fact that Macs remained unaffected “does not indicate that Macs are more secure than Windows PCs.” Macs can still crash and fail, whether that’s at the hands of hackers or a rogue software update.
Sydney Airport flight displays have all BSOD'd. #microsoft #crowdstrike pic.twitter.com/ZL9QwGdi1a
— techAU (@techAU) July 19, 2024
There’s another question on my mind: Might this event cause some companies to switch from Windows to macOS, considering how only Windows was affected? That seems unlikely, due chiefly to the high cost such a move would entail, especially for larger firms.
That might not be the case in every instance, though. As Long says: “For some organizations that may not have a specific need to use Windows endpoints, switching to Macs may certainly be something to consider. Although macOS is not inherently more secure than Windows, Macs certainly have a number of advantages over Windows PCs, such as tight integration between the operating system and the hardware, high-quality hardware that holds its value longer than PCs, better built-in accessibility features, and more.”
Ultimately, the CrowdStrike outage was caused by a poorly crafted software update that could have devastated Macs as much as it did PCs, meaning its use as fodder in the eternal Windows versus macOS debate may be misplaced. Mac users got lucky this time, but that doesn’t mean that will always be the case.
