Microsoft plans to block access to the Windows kernel for third-party security providers. The company intends to take such actions after a large-scale failure due to CrowdStrike. This was reported by The Verge.
Working at the kernel level - the main part of the operating system - gives the software unlimited access to system memory and hardware. It is because of this that CrowdStrike malware was able to cause the "blue screen of death" on Windows computers.
CrowdStrike's Falcon software uses a special driver that allows it to run at a lower level than most programs, enabling it to detect threats on Windows.
Microsoft attempted to restrict third-party access to the kernel in Windows Vista in 2006, but faced resistance from cybersecurity service providers and EU regulators. However, Apple did manage to restrict access to the kernel in the MacOS operating system in 2020.
“This incident shows clearly that Windows must prioritize change and innovation in the area of end-to-end resilience,” says John Cable, vice president of program management for Windows servicing and delivery,
Although Microsoft hasn't said what improvements will be made to Windows in the wake of the CrowdStrike issues, Cable gives some clues as to the direction Microsoft wants to see things go. He cites the new VBS enclaves feature, "which does not require kernel-mode drivers to be tamper-resistant," and Microsoft's Azure Attestation service as examples of new security innovations.
This could be the beginning of a major change in access to the Windows kernel, even if Microsoft claims that it cannot wall off its operating system in the same way that Apple does.