top | item 41394703

(no title)

Part of the reason why Crowdstrike have access, why MS wasn't allowed to shut them out with Vista was a regulatory decision, one where they argued that somebody needs to do the job of keeping Windows secure in a way that biased Microsoft can't.

So, I guess you could have some sort of escrow third party that isn't Crowdstrike or MS to do this "audit"?

Or see this for a much better write up: https://stratechery.com/2024/crashes-and-competition/

discuss

not2b|1 year ago

MS could have provided security hooks similar to BPF in Linux, and similar mechanisms with Apple, rather than having Crowdstrike run arbitrary buggy code at the highest privilege level.

IcyWindows|1 year ago

Crowdstrike configured Windows to not start if their driver could not run successfully.

That's not the default option for kernel drivers on Windows, so this was an explicit choice on Crowdstrike's part.

cratermoon|1 year ago

They could have, however the timeline the regulators gave Microsoft to comply was incompatible with the amount of work required to build such system. With a legal deadline hanging over their heads Microsoft chose to hand over the keys to their existing tools.

tedunangst|1 year ago

Crowdstrike could have included a BPF interpreter in their driver and used it for all the dangerous logic.

preciousoo|1 year ago

Replied in another comment, but I’m aware of the regulation that made msft give access. To my knowledge though, there’s nothing in the regulation that stops them from saying “you have to pass xyz (reasonable) tests before we allow you to distribute kernel level software to millions of people”

immibis|1 year ago

So, all companies must gatekeep like Apple? By law?