Microsoft is taking steps to make its Windows operating system more resilient to buggy software after a recent incident involving a faulty update from CrowdStrike caused a global IT outage. The company has been discussing with partners about adapting security procedures to better withstand software errors that can lead to crashes. However, critics argue that these changes would amount to an admission of shortcomings in Windows’ handling of third-party security software and could have been addressed sooner. The proposed changes would also impact security vendors and require Microsoft customers to adapt their software.
The July outages, estimated to have caused billions of dollars in damages, have put a spotlight on the extent of access that third-party software vendors have to the core of Windows operating systems. Microsoft has received increased scrutiny from regulators and business leaders, leading the company to organize a summit next month to discuss concrete steps for improving security and resiliency for joint customers. The summit will involve government representatives and cybersecurity companies, including CrowdStrike.
Bugs in the kernel, the core component of an operating system, can quickly crash the entire system, resulting in countless “blue screens of death” experienced globally during the CrowdStrike incident. Microsoft is considering various options to make its systems more stable, including the possibility of completely blocking access to the Windows kernel. This is a concern for rivals who fear that it would put their software at a disadvantage compared to Microsoft’s internal security product, Microsoft Defender.
Competitors in the cybersecurity industry worry that Microsoft may use this opportunity to prefer its own products over third-party alternatives. Ryan Kalember, head of cybersecurity strategy at Proofpoint, explained the concerns: “All of the competitors are concerned that [Microsoft] will use this to prefer their own products over third-party alternatives.” This fear may lead Microsoft to demand new testing procedures from cybersecurity vendors instead of making changes to the Windows system itself.
In contrast, Apple blocks all third-party providers from accessing the kernel of its MacOS operating system, forcing them to operate in a more limited “user-mode.” Microsoft previously stated that it couldn’t do the same, as it had made an agreement with the European Commission to provide third parties with the same kernel access as Microsoft Defender. However, some experts argue that this voluntary commitment to the EU did not prevent Microsoft from making changes to kernel access. These experts believe that Microsoft has the freedom to implement the changes currently under consideration.
Although blocking kernel access may enhance system resilience, it could also bring trade-offs in compatibility with other software, which has made Windows popular among business customers. Forrester analyst Allie Mellen explains that operating exclusively outside the kernel would limit security vendors’ effectiveness against hackers, as operating within the kernel provides them with more information about potential threats and enables their defensive tools to react before malware takes hold.
An alternative approach could be to replicate the model used by the open-source operating system Linux, which incorporates a filtering mechanism to create a segregated environment within the kernel. This segregated environment allows software, including cybersecurity tools, to run safely. However, implementing such changes and ensuring compatibility with existing security software would be complex.
Overall, any changes made by Microsoft to enhance Windows’ resilience to software errors will require careful consideration. Regulators will need to monitor these changes to ensure fair competition in the cybersecurity industry. Microsoft should also prioritize the security and compatibility of third-party security products to maintain trust among its customers. Finding a balance between system stability and effectiveness against threats will be crucial for Microsoft’s success in improving the overall security of its operating system.
Source link
