Microsoft's 2009 EU Agreement Limits Security Enhancements in Windows

An article published by The Wall Street Journal today ended with an interesting point raised by a Microsoft spokesman regarding the security of the Windows operating system. The spokesman, while not quoted verbatim, is said to have told the WSJ that a 2009 deal with the European Commission is the reason why Microsoft can’t lock down its operating system more to boost security.

Following a complaint, the spokesman said, Microsoft agreed back in 2009 with the European Commission that it would give makers of security software the same level of access to Windows that Microsoft gets. This decision means security software vendors have a greater ability to muck up systems as CrowdStrike did this week when it crippled 8.5 million Windows PCs worldwide. Microsoft has since come to the rescue with an auto-fix tool for affected users.

Details of the Agreement

The document that outlines the agreement between Microsoft and the European Commission is available as a Doc file on Microsoft’s website. The document states that Microsoft is obligated to make available its APIs in its Windows Client and Server operating systems that are used by its security products to third-party security software makers. The document says that Microsoft has to also document the APIs on the Microsoft Developer Network except where they create security risks.

Giving security software vendors access to these APIs, while good for a level playing field, which is what the EU was concerned about, it’s not great for security as we saw this week when CrowdStrike knocked very important machines offline causing chaos worldwide.

Comparisons with Apple and Google

Ironically, while the EU was aiming to make things fair, Apple and Google which make macOS and ChromeOS are not bound by the same restrictions… yet. According to the WSJ, Apple told developers in 2020 that its operating system would no longer give them kernel-level access. While this change meant developers had to change their software, it also meant less could go wrong.

The European Union has been ramping up measures to tackle so-called anti-competitive behavior by big tech in recent years so it’s pretty unlikely to go down a path where it allows Microsoft to lock down Windows further, despite the benefits that would offer.

What is windows 10 iot enterprise ltsc 2021?

Windows 10 IoT Enterprise LTSC 2021 is a specialized version of the Windows 10 operating system designed for embedded and IoT (Internet of Things) devices. LTSC stands for Long-Term Servicing Channel, which means this version receives security updates for an extended period (up to 10 years) but does not get feature updates. This ensures stability and consistency, making it ideal for devices that require high reliability and minimal change over time, such as ATMs, digital signage, and medical equipment.

What is the difference between windows 10 enterprise and ltsc?

The primary difference between Windows 10 Enterprise and LTSC (Long-Term Servicing Channel) is that LTSC versions do not receive feature updates, only security updates for up to 10 years. In contrast, Windows 10 Enterprise receives regular feature updates along with security updates. LTSC is designed for specialized devices that require high stability, while Windows 10 Enterprise is aimed at general-purpose business use, supporting the latest features, security advancements, and update policies.

Update: 21 Jul 2024