CS didn’t have at the time, an option to disable channel file updates

Yes, that’s the crux of the accusation. Given the large number of people who seemed to be under the impression that selecting a staggered release cadence would protect them from a faulty update, it’s not unreasonable to think that people were caught off guard by a second autoupdate system that they couldn’t configure that could also tank their system.

https://www.crowdstrike.com/en-us/blog/falcon-content-update-preliminary-post-incident-report/

Might want to let crowdstrike know.

Rapid Response Content Deployment

Implement a staggered deployment strategy for Rapid Response Content in which updates are gradually deployed to larger portions of the sensor base, starting with a canary deployment. Improve monitoring for both sensor and system performance, collecting feedback during Rapid Response Content deployment to guide a phased rollout. Provide customers with greater control over the delivery of Rapid Response Content updates by allowing granular selection of when and where these updates are deployed. Provide content update details via release notes, which customers can subscribe to.

https://www.theregister.com/2024/07/23/crowdstrike_lessons_to_learn/

Maybe you’re thinking of changes that they made as a result of the incident?

It’s absolutely not required behavior! Software for servers has very different requirements from software for end users, and if you have a lot of them you also want to manage your end user machines differently.

Updates can go wrong, and if you roll out a bad update to everything at once you can crash everything and lose a lot of money. As aptly demonstrated by cloudstrike.

That’s why Delta and many other companies disabled the auto update functions: so they could control the rollout cadence.
They reasonably believed that disabling autoupdates disabled them. They didn’t expect a second autoupdate system that wasn’t documented, wasn’t controlled by the autoupdate system settings and couldn’t be disabled.

There was an additional auto update function that wasn’t disclosed. Delta had disabled the auto update because, like many large companies, they prefer to deploy changes incrementally so that an issue doesn’t blow-up all their systems at once.

So…

Isn’t autoupdating software by definition an authorized backdoor by virtue of enabling it?

Yes. Which is why they contend disabling it makes it unauthorized.