Microsoft's global sprawl under fire from regulators after Windows outage

I’m not a regulator, but I think the solution may actually be to break up Microsoft.

Right now, there is a product that is critical to the economy: Windows. By “Windows” I mean the OS, its security mechanisms, and its update mechanisms. Changing Windows to a multi-source model seems challenging, to say the least. Right now, though, Windows is not merely single-source, but that single source also makes OneDrive, Office, a not-very-secure cloud offering, ads, AI, etc. Most of the revenue comes from crap layered on top of Windows.

If just the base Windows were split out, then the company behind it could focus on making a secure base. Maybe they could actively mitigate attacks, even from the rest of the layers (e.g. the “AI” recording crap, OneDrive, telemetry, etc). And maybe CrowdStrike would become unnecessary because the Windows company itself could offer adequate endpoint security.

Getting this right would be hard, but having the base OS for much of the world in the hands of Microsoft is not going so well.

It seems baffling that Microsoft is getting heat for this. They didn't cause the issue, a third party vendor's software did. Even if you were trying to make an argument of "if we had more diversity it wouldn't be as bad", shouldn't you be focusing on the EDR vendors rather than the OS vendor?

>In a blog post Saturday, Microsoft estimated that the update affected 8.5 million devices, which amounts to less than 1 percent of computers running Windows

Cute, but the 1% were the systems that matter most, who cares if people could still watch LOL Cat Videos at home.

No one I know who works at a company using a Windows system was unaffected.

Actually wrong, 1 person was fine, he got a brand new PC the day before, but it had no corporate mandated "security items" (per the help desk), so he could work. He was still able to connect to the corporate intranet.

Many in this industry have been saying this for a while now.

"I think that I am familiar with the fact that you are going to ignore this particular problem until it swims up and bites you on the ass."

The saving grace is that this situation was salvageable by mortals.

Imagine the world where black box AI systems are deployed, and humanity gets too cozy and complicit with the amenities it offers--too lazy and too convenient to care. Then suddenly, a BSoD-equivalent happens. And nobody knows how to reason with it--or worse, through it; and nobody knows how write a 'hello world' nor to fire up a debugger any more.

It was inevitable that something like this would happen sooner or later, either through security complacency or sheer bad luck. We were just fortunate it only happened to Windows.

Did Crowdstrike PR write this?

> airlines in India handed out handwritten plane tickets https://x.com/akothari/status/1814202068531552666

In related news, auto manufacturers under fire after aftermarket modifications to mufflers cause engines to burst into flames.

Seriously, I don't know what Microsoft was supposed to do about this. People bought an operating system from them, then they gave a third party permission to modify the internals of that operating system's configuration, then those modifications broke their installations. Where is the regulatory intervention story regarding how Microsoft's behavior should change here?

Do some of these news agencies own Crowdstrike stock? How can you blame Windows here? For simply allowing an application that can crash the OS?

I truly don't understand the angle here, besides ignorance.

Microsoft's culpability lies in the fact that their OS is still ridiculously brittle. How it can't seem to manage to be able to automatically roll back changes from something as serious as a kernel change is ludicrous.

It's CrowdStrike's fault that the kernel was faulty. It's Microsoft's fault that it caused a never ending bootloop that needed manual intervention to fix.