undefined | Better HN

0 pointsalephnerd1y ago0 comments

> Apple is also irrelevant in the corporate world

MacOS endpoints are a prominent market as well. There's a reason CRWD, S1, Tanium, and others offer MacOS protection as well.

And anyhow, it seems you are ignoring my point - the settlement with the EU tied MS's hands.

0 comments

5 comments · 1 top-level

detaro1y ago· 4 in thread

Nothing in that wording says that Microsoft can't restrict access to kernel modules, as long as they don't give their own product an exception to that restriction. They had the choice to give Windows APIs that allow to implement such software in a safer way and use them for their own product, but choose not to.

alephnerdOP1y ago

"Microsoft shall ensure on an ongoing basis and in a Timely Manner that the APIs in the Windows Client PC Operating System and the Windows Server Operating System that are called on by Microsoft Security Software Products are documented and available for use by third-party security software products"

Everything is an API. This means they cannot restrict access to the underlying kernel.

> They had the choice to give Windows APIs that allow to implement such software in a safer way

An indirect method would still inevitably have a potential issue. If a third-party vendor made a mistake, it's the third-party vendor's fault - in this case CRWD.

sottol1y ago

You can create an appropriate API to run the code outside the kernel. Nobody is forcing MS to run everyone's the security code in the kernel, MS choose to (because it's easier). The law is about fairness and equal access for all. Apple and Linux have shown alternatives.

Sure, it's safer if only a single vendor is allowed to do this but it's also unfair.

detaro1y ago

You are skipping

> that are called on by Microsoft Security Software Products

Nothing says that Microsofts Security Software needs to be implemented in a way that runs in the kernel, which is inherently more vulnerable. Other platforms have APIs for security software to hook into kernel actions without directly running in kernel space (Windows does too, but to my understanding more limited to logging, not intercepting activity, and hence limited in usefulness).

Hence the claim that it was impossible for Microsoft to prevent this is false. That doesn't mean they take all the blame for someone elses mistake, but it still means that they made a choice leading to it: Deciding that security software, whoever made it, running in kernel modules was the way to do it.

CRConrad1y ago

> This means they cannot restrict access to the underlying kernel.

No it doesn't. It just means they should restrict their own products from doing so, too.

j / k navigate · click thread line to collapse