Microsoft looking to remove security vendor access to it’s Windows Kernel following CrowdStrike incident.

Microsoft is building new Windows security features to prevent another CrowdStrike incident and are in talks to enable them to do to more to allow them to better protect the core of their OS to prevent outages and widespread impact like the CrowdStrike incident which impacted more then 8.5 million devices and is estimated to have caused more than $10b financial impact.

Fighting against the anti monopolies commissions.

In an ideal world, Microsoft would have right to protect their core kernel code and prevent any third parties interfering or accessing it.

Today, however, law is preventing them from doing this to ensure they adhere to the anti monopolies and anti compete laws in many parts of globe. Instead Microsoft are doing all they can to further harden security around the kernel and Windows security in general.

Their goal is of course to find a comprised way to protect Windows from software issues caused by security vendors to ensure OS integrity without killing third party security vendors but to avoid them needed kernel level access in the first place…

Enhancing Security without Kernel Access

Since July, Microsoft has been in talks with leading security vendors, including CrowdStrike, Broadcom and Sophos, to develop a new security  platform in Windows that still allows security vendors to do their thing, but without Microsoft having to expose full kernel access.

Then last week ( September 10th, 2024), Microsoft, CrowdStrike, and many other security  partners who provide endpoint security technologies got together to discuss ways to boost resiliency and protect our mutual customers’ critical infrastructure.  Aidan Marcuss, Corporate VP of Microsoft Windows and Devices said  “Our objective is to discuss concrete steps we will all take to improve security and resiliency for our joint customers.”

The goal is to  prevent incidents similar to the CrowdStrike outage and enhance the overall security framework of Windows without monopolosing the endpoint and XDR markets.

Benefits to Consumers

For everyday users, this would promises a more secure and stable computing experience in a world where attacks on identity and data theft are increasing at pace. By further reducing the risk of security breaches and system outages, whilst reducing the risk of third party apps and services causing system failures, Microsoft is ensuring that consumers continue to trust them to protect their personal data and maintain smooth operation. Enhanced security measures mean fewer disruptions and a safer online environment, which is crucial in an era where cyber threats are increasingly sophisticated.

Benefits to Business Users

For commerciall/business users, they of course would gain significantly from these new security measures. With sensitive corporate data and identity consistency at risk from attack or breach, Microsoft’s enhanced security framework will provide businesses with greater peace of mind and further increase the trust they already have with Microsoft to protect their data, applications and emails.

Of course, reduced risk of breaches and downtime caused by third party apps and services also translates to increased choice (without fear), and lower costs associated with security incidents and system outages incidents.

Whilst this should enable businesses to  focus more on their core operations, knowing that their IT infrastructure is robust and secure, it doesn’t remove the need for full business continuity planning….

Microsoft’s Perspective and Benefit

For Microsoft, this move is a strategic step to reinforce its commitment to security and reliability. Arguably, Microsoft is the biggest security company in the world and with over a billion devices running the Windows operating system, they have a duty to continue to protect their products from outages caused by, well things out of their control, such as the CrowdStrike update fail!

By working closely with security vendors and regulatory bodies, Microsoft is not only positioning itself as a leader in the cybersecurity space, but also as a partner that works with its software houses (ISVs) and customers to ensure they still have choice over the aspects of Windows they use (or subscribe too) and the third party vendors they choose to work with.

So what about the third party security vendors then?

Security vendors like CrowdStrike, Broadcom, Sophos, Cisco, and Trend Micro also benefit from this collaboration by being part of a more secure and standardised platform. This partnership allows them to continue to innovate and develop advanced security solutions without the complexities and risks associated with kernel access..it also. Means they will continue to get support and help from Microsoft (as a Isv partner) in developing and supporting their products. 

Potential Concerns and Regulatory Involvement

Naturally, there are concerns about potential monopolistic practices. Vendors (and those less. Involved in their initiative) may fear that Microsoft might restrict kernel access for third-party products while retaining it for its own, which could limit their ability to compete effectively, pushing customers to jump. Ship and just adopt Microsoft security products and services.

To address such concerns and ensure transparency, Microsoft has involved US and European government officials in discussions. This move is aimed at addressing regulatory concerns and demonstrating Microsoft’s commitment to a fair and secure computing environment. While the initiative is largely seen as positive, it is crucial for Microsoft to maintain an open and competitive landscape for all security vendors.

Conclusion

Microsoft’s new security measures would represent a significant step towards a safer Windows environment. By working closely with security vendors and involving regulatory bodies, Microsoft is striving to create a secure and fair platform for all users making kernel acess more controlled than it is today. This promises numerous benefits for consumers, business users, and security vendors alike, while also addressing potential concerns about competition and transparency.

Read more. The Register has also covered this story in depth of you want to read more here.

Leave a Reply