On Friday, July 19th, CrowdStrike pushed out an update for its Falcon endpoint monitoring software and took out about a billion computers worldwide. Airlines had to cancel flights; hospitals couldn't perform surgeries or dispense medications; restaurants closed; websites went down; and the fix was far from user-friendly. In the paranoid rush to secure computer systems companies have unknowingly created a new, much worse, and much more structured vulnerability.
What is CrowdStrike and what does their Falcon software do? Falcon is a form of endpoint monitoring software that proactively looks for attacks, breaches, and vulnerabilities. In order for Falcon to do this it is given access and permission within the Windows operating system so it can monitor the entire system. Yes, I know you are thinking it. Falcon looks at everything happening on the machine — it is monitoring every operation and can produce detailed reports on how a computer or server is being used. It is about as anti-privacy as a piece of software can get.
Thousands of businesses around the globe have purchased endpoint monitoring and/or managed device services from 3rd parties in the hopes of warding off sypware, viruses, hacks, and ransomeware. But the level of access and permissions needed for this type of software to function opens up a back door where bad actors could potentially take down hundreds or thousands of business at once by hobbling their computer systems in much of the way that CrowdStrike did with a simple line of bad code. Instead of protecting these companies these types of software can be just the achilles heel these businesses have been spending billions to avoid.
What About Macs? The good news is the Apple Macintosh computer is architected completely differently from a Windows PC. On a Mac, the highest level of access is disabled by default, and protecting your administrator password is a simple way to make sure your Mac stays safe. This password is the one that you use to log into your computer. Just being mindful of when and for what you are entering the password for can secure your Mac more than just about anything else.
What the CrowdStrike outage has taught everyone is that there is no simple answer to security. Just purchasing a piece of software and expecting some 3rd party to “just take care of it” is a recipe for disaster. Security takes training. It takes an investment in time, and it also takes a rethink of deploying Microsoft Windows, which we have learned over the past three decades is a difficult platform to secure. It is a complex issue, and one for which us Mac users are not totally immune.
And that goes to my final point: It is important to take ownership of your personal digital security. You don’t have to be an expert — there is no need for that, but it does take effort from managing passwords to understanding when the computer is asking for your administrator credentials. It is the only way. | 
