Microsoft is looking to create a new platform inside the Windows OS that is tailored for antivirus monitoring. This platform would prevent security products from accessing the kernel, as Microsoft mentioned in an Experience Blog post. Microsoft is making this move to avoid a repeat of the infamous CrowdStrike incident in July.
The new platform idea was mentioned during a summit held on September 10, 2024, at the tech giant’s Redmond, Washington, headquarters. Microsoft mentioned the summit’s purpose by saying: “This forum brought together a diverse group of endpoint security vendors and government officials from the U.S. and Europe to discuss strategies for improving resiliency and protecting our mutual customers’ critical infrastructure.”
Microsoft also clarified that this wasn’t a decision-making meeting, but wanted to share the consensus points and key themes. The software giant also shared the requirements and challenges it faced in creating the new platform. For example, Some of the areas discussed included:
- Performance needs and challenges outside of kernel mode
- Anti-tampering protection for security products
- Security sensor requirements
- Development and collaboration principles between Microsoft and the ecosystem
- Secure-by-design goals for future platform
Microsoft is not confirming that it will make the kernel inaccessible, but is laying the groundwork for designing the security platform to transfer CrowdStrike and others out of the kernel. This is a long-term project, but it will continue working to achieve enhanced reliability without compromising security.
At the summit, antivirus provider ESET also said, ” It remains imperative that kernel access remains an option for use by cybersecurity products to allow continued innovation and the ability to detect and block future cyberthreats. We look forward to the continued collaboration on this important initiative.”
They also gave tips that customers can use to stay safe, such as backing up data securely and having a business continuity plan and a major incident response plan. The disastrous CrowdStrike failure crashed 8.5 million Windows PCs and servers, affecting various industries, but airlines were hit the hardest.