close
close

Windows needs to become more like Mac to prevent future failures

Posted on by darion

Last weekend’s massive IT outage wasn’t a bad look for CrowdStrike — but neither was Microsoft. To avoid future large-scale problems, Microsoft is considering blocking third-party security software from accessing the Windows kernel, according to a blog post by John Cable, vice president of program management for Windows Operations and Delivery.

If this change were to be implemented, the restriction would mimic Apple’s move in 2020 to restrict third-party software from accessing its core operating system. The change was introduced in macOS Big Sur, ensuring that every system partition (or volume) containing the core operating system is cryptographically verified, down to the last file. The goal, of course, is to prevent changes by outside parties that could destroy the entire system. Sound familiar?

Of course, that’s easier said than done. Microsoft tried to do the exact same thing back in 2006 with Windows Vista, by preventing third parties from accessing the kernel. However, the plan backfired amid resistance from EU regulators and complaints from — you guessed it — cybersecurity vendors.

In a blog post, John Cable states, “Examples of innovation include the recently announced VBS Enclaves, which provide an isolated computing environment that does not require kernel-mode drivers to be tamper-resistant, and the Microsoft Azure Attestation service, which can help determine the security posture of a boot path.” He goes on to state that they will continue to build on these capabilities and increase the resiliency of the Windows ecosystem.

Theoretically, by preventing security software from accessing the kernel, Windows would never again experience the worldwide outage it recently experienced, which brought down 8.5 million computers due to the CrowdStrike bug. The downside, of course, is that by preventing access to the kernel, security software would not be able to monitor for potential threats. Finally, going down this path does not mean that other types of attacks are impossible.

Let’s be clear: Microsoft hasn’t confirmed it will go down this route from now on. But this blog post certainly threw the idea in the air, and that’s significant. More than ever, there may be a stronger incentive to consider locking down Windows now that we’ve seen the devastation of the situation.