Microsoft is using a 2009 EU anti-competition ruling as a defense regarding a recent incident where a third-party product caused Windows to crash. On July 19th, 8.5 million PCs experienced the Blue Screen of Death due to a buggy update in third-party anti-virus software called Falcon from CrowdStrike. This software runs at Ring Zero, giving it full access to the Windows operating system.
Rich Gibbons, a Microsoft software licensing expert, pointed out that the 2009 ruling required Microsoft to allow third-party products to interoperate with their software products at the same level of access. He believes that Microsoft may use this incident to push back against the ruling and future similar interventions from the EU.
Prior to this incident, Microsoft had not publicly raised concerns over the security risks of providing such deep access to third-party products like CrowdStrike’s Falcon. Although Linux servers also experienced issues with CrowdStrike in April, only Windows systems were affected by the recent crash.
While Apple MacOS was not impacted, as it runs on a different security framework that does not require such deep access, questions have been raised about why Microsoft has not provided a similar solution. Some industry experts argue that the EU ruling may have hindered Microsoft from implementing tighter security controls.
Former Windows developer David Plummer mentioned that Microsoft does offer APIs for third-party antivirus security, but some functionalities require kernel-level access. He suggested that Microsoft had developed advanced APIs for security applications like CrowdStrike’s Falcon but were restricted due to the EU ruling.
Independent consultant Ian Brown believes that Microsoft should focus on improving security controls rather than blaming the EU anti-competition commission for the CrowdStrike crash. He emphasized the importance of thorough testing and control of OS kernel-level software, particularly in critical infrastructure systems.
Overall, the incident with CrowdStrike has highlighted the challenges and complexities involved in maintaining security and interoperability within the Windows operating system.