Microsoft considers surprising change to prevent future outages

By Judy Sanhz Published July 26, 2024

The Blue Screen of Death seen on a laptop. — Maxim Tolchinskiy / Unsplash

The massive IT outage from last weekend was not a bad look for CrowdStrike — but Microsoft too. To avoid future large-scale issues, Microsoft is evaluating blocking third-party security software from accessing the Windows Kernel, according to a blog post by John Cable, VP of program management for Windows servicing and delivery.

If this change were to be put in place, the restriction would imitate Apple’s 2020 move, which limited third-party software from accessing its core operating system. The change was introduced in macOS Big Sur, ensuring that every system partition (or volume) that contains the core operating system is cryptographic verified, down to every last file. The goal, of course, is preventing changes from third-party entities that could melt down the whole system. Sound familiar?

Recommended Videos

Of course, it’s a change easier said than done. Microsoft attempted to do exactly this in 2006 with Windows Vista, preventing third parties from having kernel access. However, the plan failed due to resistance from EU regulators and complaints from — you guessed it — cybersecurity vendors.

In the blog post, John Cable states, “Examples of innovation include the recently announced VBS enclaves, which provide an isolated compute environment that does not require kernel mode drivers to be tamper resistant, and the Microsoft Azure Attestation service, which can help determine boot path security posture.” He goes on to state that they will continue to develop these capabilities and enhance the resiliency of the Windows ecosystem.

In theory, by preventing security software from accessing the kernel, Windows would never again experience the worldwide outage it recently experienced, and that caused 8.5 million PCs to crash due to a CrowdStrike bug. The downside, of course, is that preventing kernel access would also mean that the security software would not be able to monitor for any potential threats. After all, moving in this direction doesn’t mean that other types of attacks are impossible.

Let’s be clear: Microsoft did not confirm that this is the path it will take from now on. But this blog post certainly threw the idea in the air, and that’s significant. More than ever before, there may be a stronger incentive to consider locking down Windows now that we’ve seen the wreckage of the situation.

Topics

Computing Writer

Judy Sanhz is a Digital Trends computing writer covering all computing news. Loves all operating systems and devices.

Computing

Microsoft plans to charge for Windows 10 updates in the future

Windows 11 and Windows 10 operating system logos are displayed on laptop screens.

Microsoft has confirmed it will offer security updates for Windows 10 after the end-of-life date for the operating system for consumer users but for a fee.

The brand recently announced plans to charge regular users for Extended Security Updates (ESU) who intend to continue using Windows 10 beyond the October 14, 2025 support date.

Computing

I’m worried about the future of the Microsoft Surface

Panos Panay with a Surface

I've always rooted for the Surface. What started exclusively as a way to push the concept of the Windows 2-in-1 has grown into a full-fledged premium laptop brand, with options at nearly every price point.

But after a year like 2023, it's hard not to feel like we may be reaching a turning point for the brand.
Lack of momentum

Computing

Microsoft admits defeat on its controversial OneDrive change

Microsoft OneDrive files can sync between a PC and a phone

Microsoft has canceled plans to update how photos are stored on OneDrive after heavy criticism from its users.

The changes, which were set to go into place on October 16, would have made it so photos uploaded to your OneDrive account would count toward your data quota for every location they existed in your account, according to Neowin.