Microsoft has shared details about the recent closed Windows Endpoint Security Ecosystem Summit. This event was organized as a response to the significant Windows outage that occurred in July, which resulted from an incorrect update of the CrowdStrike antivirus software. During the summit, Microsoft and its partners discussed developing a new platform specifically for antivirus monitoring, which would remove security products from the Windows operating system (OS) kernel.
The Impact of Kernel Access
A key topic of discussion was the cause of the July incident, which revolved around the privileged access antivirus software has to the Windows kernel. The kernel is a critical component of the OS that allows antiviruses to monitor and prevent malicious changes deep within the system. However, this access also poses risks to system stability. In the case of CrowdStrike, an error in the update validation process led to a system crash on computers worldwide.
Initially, Microsoft considered restricting third-party programs from accessing the kernel entirely. Such a decision would make Windows more like Apple’s macOS in terms of being a closed system. However, following the summit, Microsoft decided against this approach. Instead, they are focusing on creating a new platform that enhances security without requiring kernel-level access, thus addressing the needs of both customers and partners, notes NIX Solutions.
A Long-Term Approach to Windows Security
At the summit, technical discussions revolved around key issues such as maintaining system performance while avoiding kernel-level access, preventing unauthorized entry for security programs, and defining the requirements for antivirus monitoring sensors. While the summit did not lead to any final decisions, Microsoft emphasized the importance of transparency and collaboration with the security community.
Microsoft has acknowledged the long-term nature of this project, and the company will continue to work closely with its partners in building this advanced security platform. As developments continue, Microsoft reassures that “we’ll keep you updated” on the progress of this initiative.