There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

Microsoft looking to restrict kernel level access after CrowdStrike incident might help us with our current Anti-Cheat dilemma

CrowdStrike’s Falcon software uses a special driver that allows it to run at a lower level than most apps so it can detect threats across a Windows system. Microsoft tried to restrict third parties from accessing the kernel in Windows Vista in 2006 but was met with pushback from cybersecurity vendors and EU regulators. However, Apple was able to lock down its macOS operating system in 2020 so that developers could no longer get access to the kernel.

Now, it looks like Microsoft wants to reopen the conversations around restricting kernel-level access inside Windows.

CalcProgrammer1 ,
@CalcProgrammer1@lemmy.ml avatar

Please, get this garbage out of the kernel. If it isn’t there to talk to hardware, third party code has no place in the kernel. The same shit that Crowdstrike did could easily happen with any of these useless anticheats.

teawrecks ,

In b4 msft creates a level between kernel and user level for this stuff to sit at. It will have read-only access to all of kernel memory, and will otherwise function the same, but when it crashes it won’t take the OS down, just certain programs that rely on it.

What will they call it? “Observer” level? “Big Brother” level? “Overseer” level? Probably just something to do with “Verifying Trust/Integrity”. Google will also want to quietly stick something for “Web Integrity” there.

Tak ,
@Tak@lemmy.ml avatar

That last line is some monkey’s paw type shit

kubica ,

Sure, "restrict" the kernel access. And the first company to be granted the requisites for kernel access, CrowdStrike.

r00ty Admin ,
r00ty avatar

Exactly. Either they're going to make Windows Defender have the monopoly on antivirus and endpoint protection (EU will shut them down faster than a crowdstrike bluescreen), or they will need to grant the access to those providers.

If Microsoft think they will be able to curate every single device driver and other kernel module (like antivirus etc) and catch the kind of bug that caused this error? They're deluded.

I'll wait and see what they actually propose before outright ruling it out. But, I can't see how they do this in any realistic way.

electricprism ,

They should. How much of a hit to GDP is it when entire continents can’t work.

Nighed ,
@Nighed@feddit.uk avatar

In that case, the entire windows ecosystem collapses when Microsoft messes up windows defender… at least if its spread out it hurts less people

DrWeevilJammer ,
@DrWeevilJammer@lemmy.ml avatar

My understanding is that EU regulators had an issue because Windows Defender rolled out kernel mode/kernel data protection, which gave Microsoft a de-facto monopoly in that market segment if no one else was allowed to use the same technology in their products.

Microsoft complaining that the Crowdstrike incident was the EU’s fault is an argument in favor of a Microsoft monopoly, which the EU has been pretty consistently against, and EU opposition to this should not have been a surprise to Microsoft.

Hexbear2 ,

I think that the way we’re splitting up software monopolies is pretty damn ridiculous in this field. I’m Linux gang all the way, but let Microsoft own the OS how they see fit, and especially the kernel, and instead go after the third party hardware vendors being locked into MS contracts. Just make it not legal for third party hardware vendors to sell computers with pre-installed operating systems, and it solves a lot of the monopoly issues. So no more Dell, HP, etc, with forced windows, make the consumer buy the OS separately.

Could also go after bundling, like OS can’t be sold with office suite software.

umbrella , (edited )
@umbrella@lemmy.ml avatar

yes please. NO third party should have ring 0 access to your computer.

bonus: no kernel level anticheat to fuck with linux users

slacktoid ,
@slacktoid@lemmy.ml avatar

Damn… They can be taught?!

umbrella ,
@umbrella@lemmy.ml avatar

yeah when they lose money

every corporation can learn if they lose enough money

slacktoid ,
@slacktoid@lemmy.ml avatar

maybe if we had a system where they lost similar amounts of money when they do bad things. imagine the world!

squid ,

A legal precedent should be established to hold companies as large as CrowdStrike liable for their actions. This liability should be significant enough to ensure that future companies will think twice before releasing faulty code. We should not be asking for or supporting Microsoft’s efforts to further lock down their product.

brainw0rms ,
@brainw0rms@hexbear.net avatar

waow-based

Wahots ,
@Wahots@pawb.social avatar

Imo, third party companies just shouldn’t have access to the kernel level. Someone is always getting hacked, and having this level of access to potentially hundreds of millions of computers is a huge risk. Especially if it’s for something trivial, like anticheat in Helldivers 2.

soundconjurer ,
@soundconjurer@mstdn.social avatar

@Wahots @mudle , I hold that same relative feeling, but people do own their computers and if they want to play League of Legends and let someone into the kernel, who am I to tell them no? I ran league in Lutris, so no chance of making that decision even if I wanted to.

drbluefall ,

MiHoYo knows that all too well.

dueuwuje ,

Why not have a structure in place that has Microsoft review/test code from third parties. At the end of the day it is Microsoft that took the public hit so they should be the last line of defence in this process.

Those that wish to have their code sit at the privileged/kernel level should either pay up or supply Microsoft with resources to do the tests Microsoft would require.

What shouldn’t happen is third parties doing their work at a privileged level without the oversight.

untsuki ,
@untsuki@udongein.xyz avatar

@dueuwuje @mudle

If I understand it correctly, it already has been (at least formally) reviewed by microsoft before signing and allowing that signed code run kernel-mode. But the crowdstrike's driver module was not just running malware scanner on itself, it was interpreting what is basically unsigned code that was easier and faster to update. This unsigned files were the ones containing faulty update.

At least that what I understand from https://www.youtube.com/watch?v=wAzEJxOo1ts , it may not be entirely correct or I may have misunderstood.

But if it is true, it may be more sensible to make an API so software with specific permissions could access information needed to effectively function as antivirus, without being run in kernel mode.

bsergay ,
Justice!
WerySkok ,
@WerySkok@mastodon.ml avatar

@mudle somehow, I don't think that's the way to resolve future problems, it just looks like Apple's way, which sometimes isn't great for customers

taanegl ,

Facts. But, at the same time… 3rd party vendors who have that access should be held liable in court and have their pocketbooks pounded like a $5k sex worker.

At least if it’s a commercial service, or SaaS, which should hold a ton more livability behind it.

BedSharkPal ,

But will the EU allow it?

Fiivemacs ,

The_Worst ,

Sure, as long as Microsoft doesn’t give its own products more access to the kernel than competitors.

ElHexo ,

Microsoft is the Windows ME of corporations

lemmyknow ,

Can someone more knowledgeable explain to me this? Why do certain security software require access to the kernel? To keep malware from getting to the kernel or something? Doesn’t restricting access to the kernel offer more security? Wouldn’t malware also be unable to access the kernel? Or is that not the case? (Kernel is what connects software and hardware, correct? Just to be sure)

  • All
  • Subscribed
  • Moderated
  • Favorites
  • [email protected]
  • random
  • lifeLocal
  • goranko
  • All magazines
    •