EU gave CrowdStrike the keys to the Windows kernel, claims Microsoft
Microsoft raised concerns about EU granting CrowdStrike access to Windows kernel in 2009. Third-party software's deep integration in the system architecture is questioned, highlighting risks of disruptions. Microsoft's response to CrowdStrike chaos is pending.
Read original article
Microsoft claims that the EU gave CrowdStrike access to the Windows kernel through a 2009 agreement on interoperability. This has raised questions about why third-party software like CrowdStrike is allowed to operate at such a low level within the system. While Microsoft is not directly responsible for recent chaos caused by a now-pulled update, the architecture allowing third-party software to run deeply integrated in the kernel is under scrutiny. The agreement with the EU ensures third-party security vendors have access to the same APIs as Microsoft's products, aiming for fair competition. However, Microsoft could have created a separate API for security vendors to use outside the kernel. The incident highlights the risks of third-party software running at a low level in Windows, potentially causing widespread disruptions. Microsoft has not yet responded to inquiries about its stance on the CrowdStrike update chaos.
Related
Microsoft points finger at the EU for not being able to lock down Windows
Microsoft blames the EU for hindering Windows security due to an agreement allowing security software access. Recent disruptions affected 8.5 million PCs. EU restrictions differ for tech giants like Apple and Google.
Crashes and Competition
The article explores Windows OS design, kernel access impact on security firms, CrowdStrike crash consequences, Microsoft's limitations due to agreements, and regulatory implications for system security and functionality balance.
Microsoft blames EU rules for allowing biggest IT outage to happen
Microsoft attributes the world's largest IT outage to EU regulations hindering security changes, causing disruptions in travel and healthcare. CrowdStrike update affected 8.5 million Windows devices, emphasizing tech companies' struggle with security and regulations.
Microsoft says EU to blame for the worst IT outage
Microsoft attributes a major IT outage affecting 8.5 million Windows devices to a faulty security update from Crowdstrike, citing EU restrictions on security changes. The incident disrupted flights, NHS services, and payments. CrowdStrike acknowledged the glitch, while Europe seeks more digital market access.
Why Did CrowdStrike Update Only Hit Windows? Blame the EU, Microsoft Says
Microsoft linked the CrowdStrike update problem on 8.5 million Windows devices to a 2009 EU agreement. The incident, caused by a Falcon content update defect, disrupted industries but was not a cyberattack.
3 comments> In other words, third-party security vendors must get the same access as Microsoft's own products. Which, on the face of it, is fair enough.
Indeed, and that should be the end of this line of argumentation.
The issue here is not that Windows users are able to run highly privileged code, or that EU regulators (supposedly?) forces interoperability. There may be an issue in the specific way they chose to solve for it (as alluded to in the article and discussed on HN at length already) and in what software users end up running (duh).
I have a long list of criticisms of Microsoft and EU regulators both but the major issue here is systemic and cultural. There are other more direct and obvious ways in which running Windows for security-critical infrastructure is a terrible idea even disregarding that your antivirus updates could cause availability issues.
Most Linux users are one bad `curl https://whatever.com | sudo bash` away from having their machines completely pwned. This is not a fault of Linux distributions.
Related
Microsoft points finger at the EU for not being able to lock down Windows
Microsoft blames the EU for hindering Windows security due to an agreement allowing security software access. Recent disruptions affected 8.5 million PCs. EU restrictions differ for tech giants like Apple and Google.
Crashes and Competition
The article explores Windows OS design, kernel access impact on security firms, CrowdStrike crash consequences, Microsoft's limitations due to agreements, and regulatory implications for system security and functionality balance.
Microsoft blames EU rules for allowing biggest IT outage to happen
Microsoft attributes the world's largest IT outage to EU regulations hindering security changes, causing disruptions in travel and healthcare. CrowdStrike update affected 8.5 million Windows devices, emphasizing tech companies' struggle with security and regulations.
Microsoft says EU to blame for the worst IT outage
Microsoft attributes a major IT outage affecting 8.5 million Windows devices to a faulty security update from Crowdstrike, citing EU restrictions on security changes. The incident disrupted flights, NHS services, and payments. CrowdStrike acknowledged the glitch, while Europe seeks more digital market access.
Why Did CrowdStrike Update Only Hit Windows? Blame the EU, Microsoft Says
Microsoft linked the CrowdStrike update problem on 8.5 million Windows devices to a 2009 EU agreement. The incident, caused by a Falcon content update defect, disrupted industries but was not a cyberattack.