There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

Microsoft looking to restrict kernel level access after CrowdStrike incident might help us with our current Anti-Cheat dilemma

CrowdStrike’s Falcon software uses a special driver that allows it to run at a lower level than most apps so it can detect threats across a Windows system. Microsoft tried to restrict third parties from accessing the kernel in Windows Vista in 2006 but was met with pushback from cybersecurity vendors and EU regulators. However, Apple was able to lock down its macOS operating system in 2020 so that developers could no longer get access to the kernel.

Now, it looks like Microsoft wants to reopen the conversations around restricting kernel-level access inside Windows.

dueuwuje ,

Why not have a structure in place that has Microsoft review/test code from third parties. At the end of the day it is Microsoft that took the public hit so they should be the last line of defence in this process.

Those that wish to have their code sit at the privileged/kernel level should either pay up or supply Microsoft with resources to do the tests Microsoft would require.

What shouldn’t happen is third parties doing their work at a privileged level without the oversight.

untsuki ,
@untsuki@udongein.xyz avatar

@dueuwuje @mudle

If I understand it correctly, it already has been (at least formally) reviewed by microsoft before signing and allowing that signed code run kernel-mode. But the crowdstrike's driver module was not just running malware scanner on itself, it was interpreting what is basically unsigned code that was easier and faster to update. This unsigned files were the ones containing faulty update.

At least that what I understand from https://www.youtube.com/watch?v=wAzEJxOo1ts , it may not be entirely correct or I may have misunderstood.

But if it is true, it may be more sensible to make an API so software with specific permissions could access information needed to effectively function as antivirus, without being run in kernel mode.

lemmyknow ,

Can someone more knowledgeable explain to me this? Why do certain security software require access to the kernel? To keep malware from getting to the kernel or something? Doesn’t restricting access to the kernel offer more security? Wouldn’t malware also be unable to access the kernel? Or is that not the case? (Kernel is what connects software and hardware, correct? Just to be sure)

DrWeevilJammer ,
@DrWeevilJammer@lemmy.ml avatar

My understanding is that EU regulators had an issue because Windows Defender rolled out kernel mode/kernel data protection, which gave Microsoft a de-facto monopoly in that market segment if no one else was allowed to use the same technology in their products.

Microsoft complaining that the Crowdstrike incident was the EU’s fault is an argument in favor of a Microsoft monopoly, which the EU has been pretty consistently against, and EU opposition to this should not have been a surprise to Microsoft.

Hexbear2 ,

I think that the way we’re splitting up software monopolies is pretty damn ridiculous in this field. I’m Linux gang all the way, but let Microsoft own the OS how they see fit, and especially the kernel, and instead go after the third party hardware vendors being locked into MS contracts. Just make it not legal for third party hardware vendors to sell computers with pre-installed operating systems, and it solves a lot of the monopoly issues. So no more Dell, HP, etc, with forced windows, make the consumer buy the OS separately.

Could also go after bundling, like OS can’t be sold with office suite software.

squid ,

A legal precedent should be established to hold companies as large as CrowdStrike liable for their actions. This liability should be significant enough to ensure that future companies will think twice before releasing faulty code. We should not be asking for or supporting Microsoft’s efforts to further lock down their product.

brainw0rms ,
@brainw0rms@hexbear.net avatar

waow-based

BedSharkPal ,

But will the EU allow it?

Fiivemacs ,

kubica ,

Sure, "restrict" the kernel access. And the first company to be granted the requisites for kernel access, CrowdStrike.

r00ty Admin ,
r00ty avatar

Exactly. Either they're going to make Windows Defender have the monopoly on antivirus and endpoint protection (EU will shut them down faster than a crowdstrike bluescreen), or they will need to grant the access to those providers.

If Microsoft think they will be able to curate every single device driver and other kernel module (like antivirus etc) and catch the kind of bug that caused this error? They're deluded.

I'll wait and see what they actually propose before outright ruling it out. But, I can't see how they do this in any realistic way.

CalcProgrammer1 ,
@CalcProgrammer1@lemmy.ml avatar

Please, get this garbage out of the kernel. If it isn’t there to talk to hardware, third party code has no place in the kernel. The same shit that Crowdstrike did could easily happen with any of these useless anticheats.

slacktoid ,
@slacktoid@lemmy.ml avatar

Damn… They can be taught?!

bsergay ,
Justice!
electricprism ,

They should. How much of a hit to GDP is it when entire continents can’t work.

Nighed ,
@Nighed@feddit.uk avatar

In that case, the entire windows ecosystem collapses when Microsoft messes up windows defender… at least if its spread out it hurts less people

  • All
  • Subscribed
  • Moderated
  • Favorites
  • [email protected]
  • random
  • lifeLocal
  • goranko
  • All magazines
    •