The recent issue with the Crowdstrike Falcon agent on Windows platforms and the resulting recovery challenges, including the primary requirement to have a console connection to the Windows devices and access to the BitLocker key to get into the Recovery Console is causing some IT leaders to consider migrating critical systems away from Windows to other OSs, primarily Linux based ones. This sounds like a fine idea, as Linux varieties (which include derivatives like MacOS, iOS, and Android) don’t have the same type of kernel access that Windows 10 and 11, the current supported desktop releases, allow for.
However, I still urge caution on this strategy because Linux is not immune to kernel faults, or “kernel panics” as they’re called on those platforms. As evidence, the Crowdstrike Falcon agent/sensor caused kernel panics on several Linux distributions earlier this year. And kernel panic are not solely related to Crowdstrike. Other endpoint security vendors have experienced similar issues and on MacOS. iOS is susceptible to kernel panics and kernel exploits and so is Android with panics and exploits. I mentioned this on a recent Forrester client webinar about the Crowdstrike issue.
In the wake of a global crisis like this, it’s easy to look at the common culprits and remove them so this type of problem doesn’t reoccur. In this case, we have the Falcon agent and Windows OS. While the Falcon agent has not previously had similar issues, removing or replacing Crowdstrike from your enterprise is not going to solve the problem completely. What about replacing Windows with Linux or MacOS? Windows presents its own technical issues, including continual patching needs, being a top target of ransomware, and application compatibility issues. so moving to Linux or MacOS, even if just for your most critical application, seems like a no-brainer. But there are a few things to consider first :
- Why didn’t you do this sooner? Any challenges that businesses may have with Windows they’ve had for a long time. Yes, the recent Crowstrike issue caused significant disruption on Windows (with a challenging, but quick resolution), but since 2009, Microsoft has allowed 3rd party access to the kernel at a low level, so this type access isn’t a “new thing”. Don’t switch OSes because of a single IT incident, switch because you believe it’s right for your organization as a whole.
- As the dominant desktop OS, Windows will always be a top target for attackers. Want to have the greatest impact, you go where the people are. If 70%+ of users are using Windows, attackers are going to target Windows. Similarly, if 70%+ of mobile devices run Android, you target Android. If organizations made a large global migration to Linux, attackers will follow. If your desktop OS is being attacked now or impacted by faults, it’ll be attacked regardless of the OS. Instead of just switching OSes, increase your defenses and improve your processes.
- Will another OS provide the same flexibility of devices and apps as Windows? Your organization most likely went or stayed with Windows because of functionality, application compatibility, user experience, and a robust device market. Will a move to a Linux distribution or MacOS provide that same level of flexibility? Yes, many users have moved to using the browser for the majority of their work, but that only resolves one of a host of requirements. Proper assessment of all business functions needs to be done before any organization makes a significant move as this.
Remember that all operating systems have flaws and benefits. Your organization should make the decision to switch OSes with a clear head and recognize that the green grass next door may contain its own cow patties. Forrester’s Technology Infrastructure and Security & Risk analysts can provide guidance and insight to help you understand your options, so feel free to schedule an inquiry to discuss further.