Microsoft to Limit Antivirus Access in Windows Following Major Outage
Following a recent incident where a faulty antivirus update crippled millions of computers, Microsoft is taking steps to restrict third-party software access to the Windows operating system's core.
Just last week, a flawed update to CrowdStrike's Falcon antivirus software caused widespread outages, impacting 8.5 million computers globally. Airports, banks, and other critical institutions were forced to halt operations due to the malfunctioning software.
While CrowdStrike attributed the issue to an error in a test build, the root of the problem lies in the software's deep system-level access. Falcon, like many other antivirus programs, operates within the operating system's kernel. This privileged access grants the software unrestricted control over system memory and hardware. Consequently, any issues within such software can have catastrophic consequences for the entire system, as witnessed on July 19th.
This isn't the first time Microsoft has attempted to restrict third-party kernel access. Back in 2006, the release of Windows Vista aimed to achieve this. However, pushback from antivirus developers and pressure from EU regulators forced the company to backpedal. Notably, Apple successfully implemented similar restrictions within macOS back in 2020. Now, it seems Microsoft is ready to try again.
“This incident clearly shows that Windows needs to prioritize changes and innovations in the area of end-to-end sustainability,”
wrote John Cable, Corporate Vice President of Program Management for Windows Servicing and Delivery, in a blog post.