CrowdStrike's buggy software update and its kernel-level access to Windows lethally combined to cause the massive outage last week. One of the ways that Microsoft could avoid this type of unfortunate event in the future is to restrict kernel access to third-party developers. However, the company cannot legally do this because of an understanding it struck with the EU in 2009. Thus, this type of outage that affected 8.5 million Windows devices could happen again, especially if it involves widely-used enterprise security software.
The Microsoft-EU agreement states that the former must make the Windows Client and Server operating system APIs that its security software, like Microsoft Defender for Endpoint uses, available to other developers. Neowin also said that the company must document the APIs it deploys on the Microsoft Developer Network unless they create security risks.
Microsoft made this move after a complaint was filed against it in Europe, and it allowed other vendors to create products that affect Windows at the kernel level. This agreement with the European Commission resulted in a freer market for security products and prevented Microsoft from gaining a monopoly on antivirus and other security suites.
However, it also paved the way for the global CrowdStrike disaster that affected the world last week. Any error at the kernel level could potentially disable any operating system, that’s why Apple locked macOS and stopped giving developers access to its kernels. This move inherently hardens macOS from third-party software-induced crashes, as no one else but Apple can make changes to its kernel. However, it also meant that security providers had to revamp their apps to ensure they would continuously protect their clients, even without access to the kernel level of Macs, MacBooks, and iMacs.
Apple and Google still do not have an agreement with the European Commission regarding kernel-level access to their operating systems. Nevertheless, this could change at any moment, especially as Europe has been wary about and making moves against big tech.
We cannot directly blame Microsoft or the EU for the CrowdStrike crash, especially as neither was at fault for the event. In the end, the event last week lies solely on the shoulders of CrowdStrike for releasing an unstable update without testing it first. As Microsoft said in its press release, "It's also a reminder of how important it is for all of us across the tech ecosystem to prioritize operating with safe deployment and disaster recovery using the mechanisms that exist."
