Microsoft is taking steps to prevent future security issues like the one caused by CrowdStrike in July, where a faulty software update led to a widespread Windows outage.
During a private summit on September 10, the company discussed plans to create a new security platform within the Windows operating system, designed to handle antivirus monitoring while reducing the reliance on kernel access.
The July incident was caused by a CrowdStrike update that temporarily disabled millions of Windows computers. This happened because antivirus programs, like CrowdStrike’s, often have deep access to the Windows kernel—the central part of the operating system—to monitor potential threats. However, this same access can become problematic when a software malfunction occurs, as it did in CrowdStrike’s case, leading to system crashes.
Microsoft Considers New Antivirus Monitoring Methods
In response, Microsoft is considering a new security layer within Windows that allows antivirus software to operate without relying on kernel access. At the summit, the company explored the idea of offering new platform capabilities in Windows to provide an additional layer of security outside the kernel. Microsoft emphasized that the summit was not intended for decision-making but to engage the antivirus industry and promote transparency.
The company acknowledged that there are significant challenges in moving security operations outside the kernel. These include performance concerns and the need to develop an anti-tampering mechanism to protect security software. One of the central discussions involved creating a system that meets the “security sensor requirements” of antivirus programs while ensuring reliable performance.
Microsoft Reconsiders Kernel Access for Antivirus Programs
Microsoft stressed that customers and security vendors had called for more options in how security is implemented in Windows. Rather than closing off kernel access completely—like Apple’s macOS—Microsoft stopped short of such a move, preferring to explore ways to enhance security through additional platform features. Microsoft described this initiative as a long-term project, with plans to continue designing the new platform in collaboration with its partners.
At the summit, Microsoft and its partners also addressed immediate concerns, sharing best practices to prevent faulty updates from affecting users’ systems. Topics included improving compatibility testing and increasing information sharing between Microsoft and security vendors.
Notably, ESET, a leading antivirus provider, voiced its support for maintaining kernel access for cybersecurity programs, emphasizing that this access is crucial for detecting and blocking cyberthreats. ESET also expressed a desire for continued collaboration on Microsoft’s new initiative.
The summit marks a significant step in Microsoft’s efforts to improve the reliability of Windows security without compromising the system’s ability to protect against emerging threats.