This week, a significant incident involving devices running Windows and Crowdstrike software emerged, affecting 8.5 million systems – perhaps you’ve heard of it? A software update from Crowdstrike included a logic error in a sensor, causing Windows to crash. This event underscores a broader issue concerning the privileged access security software like Crowdstrike Falcon has to the Windows operating system’s kernel.
The kernel is the core component of any operating system, including Windows, Mac OS, and Linux. It has unrestricted access to every part of the system, making it the most critical and protected aspect of the OS. Security software requires deep access to the kernel to provide comprehensive protection, but this level of access also poses significant risks if mishandled.
The recent Crowdstrike issue has sparked discussions about Microsoft’s policies on third-party access to the kernel. The history behind this goes back to the era of Windows Vista. Microsoft attempted to enhance security by restricting how third-party applications could access the kernel, similar to the approaches taken by Mac OS and Linux. However, this initiative was met with resistance from companies like Symantec and McAfee, who argued that such restrictions would unfairly disadvantage them. They launched a legal and public campaign in the European Union, resulting in Microsoft being prevented from implementing these security measures.
Ironically, this lobbying effort by third-party security companies led to a less secure Windows environment, all to allow these companies to market their protective software without costly changes to their business model. Notably, George Kurtz, the CEO of Crowdstrike, played a significant role in this effort during his tenure at McAfee. This historical context highlights a long-standing tension between operating system security and third-party software access.
As a managed services provider, we at Systemic Digital have observed the complexities and implications of these decisions. The legacy of the Vista era’s legal battles continues to impact Windows security today, leading to situations like the recent Crowdstrike incident. It’s a reminder of the delicate balance between accessibility for third-party developers and the security of the operating system.
This incident serves as a critical reminder of the ongoing challenges in maintaining secure digital environments, especially when third-party software has deep system access. As the industry evolves, these issues will likely continue to surface, emphasizing the need for vigilant security practices and robust risk management strategies.