In a proactive response to the recent turmoil caused by a faulty software update from CrowdStrike, Microsoft is exploring the development of a dedicated platform within the Windows operating system aimed at enhancing antivirus monitoring. This initiative was a focal point of discussions held during a closed summit with antivirus industry leaders on September 10, where Microsoft sought to engage with the community and share insights into potential new capabilities for Windows.
Addressing Kernel Access Concerns
The impetus for this summit stemmed from a significant incident in July, when a problematic update from CrowdStrike inadvertently led to widespread outages, affecting millions of Windows machines. The core of the issue lay in the access that antivirus programs, including CrowdStrike’s, have to the Windows kernel—the critical component that governs the operating system. While this access is essential for monitoring and safeguarding against malicious alterations, it also poses risks if the software malfunctions.
Initially, Microsoft contemplated restricting kernel access for antivirus programs, potentially shifting Windows towards a more closed model similar to Apple’s macOS. However, the recent blog post detailing the summit’s outcomes indicates a more collaborative approach. Microsoft acknowledged the feedback from both customers and partners, who expressed a desire for enhanced security capabilities that operate outside of kernel mode.
During the summit, discussions revolved around the requirements and challenges of establishing a new platform that would cater to the needs of security vendors. Key areas of focus included:
- Performance requirements and challenges outside of kernel mode
- Anti-tampering mechanisms for security applications
- Security sensor requirements for effective antivirus monitoring
While specifics regarding this new security layer remain sparse, Microsoft emphasized its commitment to designing and developing this capability in collaboration with ecosystem partners. The goal is to enhance reliability while maintaining robust security measures.
Participants at the summit reached a consensus on the importance of providing options for Windows users and a diverse array of security products. ESET, an antivirus provider, underscored the necessity of retaining kernel access as a viable option for cybersecurity solutions, highlighting its role in fostering innovation and effectively countering emerging cyber threats.
In the interim, Microsoft and antivirus vendors utilized the summit to exchange best practices aimed at ensuring the safe deployment of security updates. Topics included strategies for improving the testing of critical components, enhancing compatibility testing across various configurations, and fostering better information sharing regarding the health of both in-development and market-ready products.