CrowdStrike’s Falcon software uses a special driver that allows it to run at a lower level than most apps so it can detect threats across a Windows system. Microsoft tried to restrict third parties from accessing the kernel in Windows Vista in 2006 but was met with pushback from cybersecurity vendors and EU regulators. However, Apple was able to lock down its macOS operating system in 2020 so that developers could no longer get access to the kernel.
Now, it looks like Microsoft wants to reopen the conversations around restricting kernel-level access inside Windows.
My understanding is that EU regulators had an issue because Windows Defender rolled out kernel mode/kernel data protection, which gave Microsoft a de-facto monopoly in that market segment if no one else was allowed to use the same technology in their products.
Microsoft complaining that the Crowdstrike incident was the EU’s fault is an argument in favor of a Microsoft monopoly, which the EU has been pretty consistently against, and EU opposition to this should not have been a surprise to Microsoft.
I think that the way we’re splitting up software monopolies is pretty damn ridiculous in this field. I’m Linux gang all the way, but let Microsoft own the OS how they see fit, and especially the kernel, and instead go after the third party hardware vendors being locked into MS contracts. Just make it not legal for third party hardware vendors to sell computers with pre-installed operating systems, and it solves a lot of the monopoly issues. So no more Dell, HP, etc, with forced windows, make the consumer buy the OS separately.
Could also go after bundling, like OS can’t be sold with office suite software.
microsoft could get away with this monopoly accusations by opening up official read-only APIs for that, so you can have antiviruses use it and have a proper procedure for user to give consent for the antivirus to have access to said API.
I agree, all they need to make sure is for their own tool to have the same access as everyone else.