undefined | Better HN

0 pointsniklasrde1y ago0 comments

Part of the reason why Crowdstrike have access, why MS wasn't allowed to shut them out with Vista was a regulatory decision, one where they argued that somebody needs to do the job of keeping Windows secure in a way that biased Microsoft can't.

So, I guess you could have some sort of escrow third party that isn't Crowdstrike or MS to do this "audit"?

Or see this for a much better write up: https://stratechery.com/2024/crashes-and-competition/

0 comments

not2b1y ago

MS could have provided security hooks similar to BPF in Linux, and similar mechanisms with Apple, rather than having Crowdstrike run arbitrary buggy code at the highest privilege level.

IcyWindows1y ago

Crowdstrike configured Windows to not start if their driver could not run successfully.

That's not the default option for kernel drivers on Windows, so this was an explicit choice on Crowdstrike's part.

cratermoon1y ago

They could have, however the timeline the regulators gave Microsoft to comply was incompatible with the amount of work required to build such system. With a legal deadline hanging over their heads Microsoft chose to hand over the keys to their existing tools.

more_corn1y ago

^ This statement cannot be accepted without proof. It sounds outlandish and weird. Which regulator? Under what authority. Also Microsoft doesn’t listen to ANYBODY.

not2b1y ago

I've seen this stated before, but I haven't been able to find reliable data on when regulators required Microsoft to provide the access that they provided, or whether there's been time to provide a more secure approach. Do you know?

tedunangst1y ago

Crowdstrike could have included a BPF interpreter in their driver and used it for all the dangerous logic.

preciousoo1y ago

Replied in another comment, but I’m aware of the regulation that made msft give access. To my knowledge though, there’s nothing in the regulation that stops them from saying “you have to pass xyz (reasonable) tests before we allow you to distribute kernel level software to millions of people”

immibis1y ago

So, all companies must gatekeep like Apple? By law?

j / k navigate · click thread line to collapse

0 comments

not2b1y ago

MS could have provided security hooks similar to BPF in Linux, and similar mechanisms with Apple, rather than having Crowdstrike run arbitrary buggy code at the highest privilege level.

IcyWindows1y ago

Crowdstrike configured Windows to not start if their driver could not run successfully.

That's not the default option for kernel drivers on Windows, so this was an explicit choice on Crowdstrike's part.

cratermoon1y ago

more_corn1y ago

^ This statement cannot be accepted without proof. It sounds outlandish and weird. Which regulator? Under what authority. Also Microsoft doesn’t listen to ANYBODY.

not2b1y ago

tedunangst1y ago

Crowdstrike could have included a BPF interpreter in their driver and used it for all the dangerous logic.

preciousoo1y ago

immibis1y ago

So, all companies must gatekeep like Apple? By law?

j / k navigate · click thread line to collapse