Microsoft backs down over rivals' Vista access (2006)
Microsoft will provide security software developers access to Windows Vista's kernel for monitoring, addressing antitrust concerns. However, skepticism remains regarding the availability of necessary APIs before Vista's launch.
Read original article
Microsoft has announced it will provide security software developers with access to the kernel of 64-bit versions of Windows Vista for security-monitoring purposes. This decision comes in response to antitrust concerns raised by the European Commission, particularly from Symantec, a leading antivirus software company. Microsoft will also allow third-party security consoles to disable certain features of the Windows Security Center when installed. However, security companies remain skeptical, with Symantec stating they have yet to see the promised application program interfaces (APIs) that would enable this access.
The technology to suppress Windows Security Center alerts is expected to be available soon, but the APIs for kernel protection are still under development and may not be ready before Vista's release to manufacturers. Microsoft emphasizes that it will not permit vendors to modify the kernel in unauthorized ways, particularly to avoid circumventing its PatchGuard technology.
While companies like McAfee and Check Point Software have welcomed Microsoft's announcement, they also express caution, indicating they need more specific information before forming a definitive opinion. Security providers are eager to have compatible products ready for Vista's launch, which is scheduled for large business users next month and for the general public in January. Symantec has urged Microsoft to release the APIs immediately to ensure that security solutions are available upon Vista's release.
Related
Microsoft points finger at the EU for not being able to lock down Windows
Microsoft blames the EU for hindering Windows security due to an agreement allowing security software access. Recent disruptions affected 8.5 million PCs. EU restrictions differ for tech giants like Apple and Google.
Crashes and Competition
The article explores Windows OS design, kernel access impact on security firms, CrowdStrike crash consequences, Microsoft's limitations due to agreements, and regulatory implications for system security and functionality balance.
EU gave CrowdStrike the keys to the Windows kernel, claims Microsoft
Microsoft raised concerns about EU granting CrowdStrike access to Windows kernel in 2009. Third-party software's deep integration in the system architecture is questioned, highlighting risks of disruptions. Microsoft's response to CrowdStrike chaos is pending.
EU gave CrowdStrike keys to Windows kernel, Microsoft claims
Microsoft claims EU granted CrowdStrike access to Windows kernel in 2009 for interoperability. Concerns arise over third-party software's deep integration. Microsoft not blamed for recent chaos caused by CrowdStrike update.
Microsoft calls for Windows changes and resilience after CrowdStrike outage
Microsoft is reconsidering security vendor access to the Windows kernel after a CrowdStrike update outage affected 8.5 million PCs, emphasizing the need for improved resilience and collaboration in security practices.
6 commentsAs another comment pointed out, Apple don't provide the same level of access for app developers for iPhones, yet don't have the same scrutiny. I'd wager this is partially because antivirus vendors for iPhone never existed, which weakens their standing in a legal sense.
Unlike browser and antivirus vendors for Windows, you'd be demanding the courts create a new market for you, as opposed to preventing a monopoly from removing one.
I don't have an answer, or even a specific opinion, to this. Just making an observation.
The main fall down here was a lack of rigor on their part, and Crowdstrike's. Thorough testing of all configurations of Windows is likely impossible - but it's clear this one affected so many it was a common one - why was this not caught?
As for the EU - I'd say where their problems lie is in applying rules and regulations, but only in the context of that time and space - there is no regulatory follow-up from the initial conditions to ensure that software continues to be safe, and few certifications offered outside private companies own certification. It's just been announced they are diverting budget away from FOSS projects towards AI ones in their Horizon 2025 budget, once again weakening the software ecosystem in favour of the-popular-thing-at-the-moment.
For their own sake they should be funding independent Red/Blue teams, and securing the internal supply chain of software - both to protect it from current threats, and future geo-political changes. But this is where they leave it up to market forces and this is why this situation will absolutely happen again and again.
Related
Microsoft points finger at the EU for not being able to lock down Windows
Microsoft blames the EU for hindering Windows security due to an agreement allowing security software access. Recent disruptions affected 8.5 million PCs. EU restrictions differ for tech giants like Apple and Google.
Crashes and Competition
The article explores Windows OS design, kernel access impact on security firms, CrowdStrike crash consequences, Microsoft's limitations due to agreements, and regulatory implications for system security and functionality balance.
EU gave CrowdStrike the keys to the Windows kernel, claims Microsoft
Microsoft raised concerns about EU granting CrowdStrike access to Windows kernel in 2009. Third-party software's deep integration in the system architecture is questioned, highlighting risks of disruptions. Microsoft's response to CrowdStrike chaos is pending.
EU gave CrowdStrike keys to Windows kernel, Microsoft claims
Microsoft claims EU granted CrowdStrike access to Windows kernel in 2009 for interoperability. Concerns arise over third-party software's deep integration. Microsoft not blamed for recent chaos caused by CrowdStrike update.
Microsoft calls for Windows changes and resilience after CrowdStrike outage
Microsoft is reconsidering security vendor access to the Windows kernel after a CrowdStrike update outage affected 8.5 million PCs, emphasizing the need for improved resilience and collaboration in security practices.