Microsoft calls for Windows changes and resilience after CrowdStrike outage
www.theverge.com
external-link
Microsoft drops subtle hints about the future direction of Windows security.

CrowdStrike’s Falcon software uses a special driver that allows it to run at a lower level than most apps so it can detect threats across a Windows system. Microsoft tried to restrict third parties from accessing the kernel in Windows Vista in 2006 but was met with pushback from cybersecurity vendors and EU regulators. However, Apple was able to lock down its macOS operating system in 2020 so that developers could no longer get access to the kernel.

Now, it looks like Microsoft wants to reopen the conversations around restricting kernel-level access inside Windows.

Why not have a structure in place that has Microsoft review/test code from third parties. At the end of the day it is Microsoft that took the public hit so they should be the last line of defence in this process.

Those that wish to have their code sit at the privileged/kernel level should either pay up or supply Microsoft with resources to do the tests Microsoft would require.

What shouldn’t happen is third parties doing their work at a privileged level without the oversight.

@dueuwuje @mudle

If I understand it correctly, it already has been (at least formally) reviewed by microsoft before signing and allowing that signed code run kernel-mode. But the crowdstrike’s driver module was not just running malware scanner on itself, it was interpreting what is basically unsigned code that was easier and faster to update. This unsigned files were the ones containing faulty update.

At least that what I understand from https://www.youtube.com/watch?v=wAzEJxOo1ts , it may not be entirely correct or I may have misunderstood.

But if it is true, it may be more sensible to make an API so software with specific permissions could access information needed to effectively function as antivirus, without being run in kernel mode.

@mudle@lemmy.ml
mod
creator
link
fedilink
24M

But if it is true, it may be more sensible to make an API so software with specific permissions could access information needed to effectively function as antivirus, without being run in kernel mode.

I’ve come to this conclusion as well. I believe Apple has similar functionality with their “kernel-extensions”, I believe it’s called.

Create a post

Gaming on the GNU/Linux operating system.

Recommended news sources:

Related chat:

Related Communities:

Please be nice to other members. Anyone not being nice will be banned. Keep it fun, respectful and just be awesome to each other.

  • 0 users online
  • 18 users / day
  • 139 users / week
  • 381 users / month
  • 1.43K users / 6 months
  • 1 subscriber
  • 878 Posts
  • 9.25K Comments
  • Modlog