Microsoft calls for Windows changes and resilience after CrowdStrike outage
www.theverge.com
external-link
Microsoft drops subtle hints about the future direction of Windows security.

CrowdStrike’s Falcon software uses a special driver that allows it to run at a lower level than most apps so it can detect threats across a Windows system. Microsoft tried to restrict third parties from accessing the kernel in Windows Vista in 2006 but was met with pushback from cybersecurity vendors and EU regulators. However, Apple was able to lock down its macOS operating system in 2020 so that developers could no longer get access to the kernel.

Now, it looks like Microsoft wants to reopen the conversations around restricting kernel-level access inside Windows.

This is exactly how ebpf was implemented for the Linux kernel. You can build watchdog processes that can see what’s happening in the kernel and build kernel interrupts but it’s actually all executed in user space and not rewriting the kernel itself. Since it’s a proper api, it also means it’s incredibly hard to fundamentally break the system, unlike when you’re just blowing away kernel code with your own shit like all these security products do.

Create a post

Gaming on the GNU/Linux operating system.

Recommended news sources:

Related chat:

Related Communities:

Please be nice to other members. Anyone not being nice will be banned. Keep it fun, respectful and just be awesome to each other.

  • 0 users online
  • 18 users / day
  • 139 users / week
  • 381 users / month
  • 1.43K users / 6 months
  • 1 subscriber
  • 864 Posts
  • 9.23K Comments
  • Modlog