Is anyone really gullible enough to blame the EU for CrowdStrike rolling out a faulty update? What is Microsoft PR thinking? I also find it amusing that George Kurtz (CrowdStrike CEO) was perfectly capable of causing a global IT disaster in 2010 as McAfee CTO without kernel access (the update just deleted critical Windows XP system files).
I don't find that particularly credible. If Microsoft would boot all security products (including their own) out of the kernel and force them to use specific interfaces for this there is no anti-trust concern at all there. It would only be a problem if they wanted Windows Defender to remain having privileged access while taking it away from everyone else.
Microsoft has a very solid point here. MS has wanted to kick AV vendors out of kernel space for a long time because it isn't necessary, and can lead to the type of incident we are talking about here.<p>MS provides a userspace interface[0] for AV vendors to do what they need to do, but they can't be forced to use it.<p>So yes, due to EU regulations, AV vendors can still play in kernel space, and can bring much of the world to a halt when they make a mistake as a result.<p>[0] <a href="https://learn.microsoft.com/en-us/windows/win32/amsi/antimalware-scan-interface-portal" rel="nofollow">https://learn.microsoft.com/en-us/windows/win32/amsi/antimal...</a>
The true reason is a regulatory environment where snake-oil peddling corporations lobby for governments to mandate the use of their crapware in the name of security and reliability.<p>This causes senior management to push for the installation of this crapware/malware on their systems, overriding the objection of their system administrators who know better.<p>Senior management want to cover their asses, and the administrators shrug their shoulders and respond "if you say so".<p>In sum it is mostly a regulatory racket that is profitable for the peddlers of this crapware and for management who can claim that they did what they were required to do to stop shit from happening. Everybody wins except shareholders, customers and IT staff who have to fix this mess without getting the righteously justified overtime and bonuses.<p>Why do you think insurance companies have backing out of the business of insuring against these kind of disasters? They've clearly learned better.<p>Why do you think I stopped using Norton, MacAfee, etc, etc, and etc and opted for just decent backups and Windows own built-in stuff?
Oh yeah, if Microsoft was so worried about other companies tinkering with its kernel then why didn't it introduce routines that would ensure that a reboot would actually occur on a boot load error? (Upon error, a reload would then omit the faulty code as well as tell users there was a problem with the update.)<p>I'd suggest that there is no reason a BSOD—Blue Screen of Death—should ever occur on a system that was already working as the OS should be constructed in such a way that it can undo a faulty patch. As you'd know, there is already such a thing as Volume Shadow Copy, VSS, in MS Windows. Microsoft could have adopted this and similar techniques to ensure that the system either stayed up or rebooted.<p>Yes, I can hear Microsoft's retort now that doing that would make Windows more vulnerable to viruses, infiltration, etc.<p>To that I'd say utter bullshit, the real problem—as it has always been with Microsoft—is that it doesn't properly finish or bootstrap its code against errors before it releases it to the public. Microsoft is thus doing cheapskate engineering as it's much more profitable.<p>Hopefully, eventually regulators will require hardening of such software together with guarantees against such faults—guarantees that if not honored would result in enforceable financial penalties.<p>Only loss of income/profit is likely to fix this problem.<p>EU, for everyone's sake quickly debunk that deliberately misleading PR crap from Microsoft before it takes hold.
That's cute, but I don't know of any EU rule that requires a Windows to give the blue screen of death when a third party kernel module fails.
The headline, as always, is disingenuous. They were asked why they couldn't lock third parties out of this level of unprotected system access, and said that the 2009 ruling prevented them from doing so. Which is simply factually correct.
Yeah, of course they would.<p>"Just regulate us less, seriously!".<p>Their solution to this situation is quite literally monopoly, which is hilarious.