A 2009 EU Ruling Used by Microsoft as Defence in Windows Crash Incident
Microsoft has cited a 2009 EU anti-competition ruling in response to questions arising from a recent incident where a third-party product caused Windows to crash.
On July 19, 8.5 million PCs encountered the infamous Blue Screen of Death, triggered by a faulty update in third-party anti-virus software known as Falcon, developed by CrowdStrike. The bug in Falcon led to a system crash, despite it being designed to detect such issues.
What made this incident unique was the fact that Falcon operates at a kernel mode level, providing it with the same level of access to the Windows OS as core Microsoft components. This level of access was granted to CrowdStrike as a result of the 2009 EU ruling, which mandated Microsoft to ensure interoperability with third-party products on equal terms as its own.
Microsoft software licensing expert Rich Gibbons commented on the situation, highlighting the potential implications of the EU ruling on Windows security and the company’s response to such incidents.
While Microsoft had not previously raised concerns about the security risks associated with providing deep access to third-party products, the recent crash with CrowdStrike has brought these issues to light. Similar incidents were reported on Linux servers, indicating a need for better quality control and collaboration between software providers.
Unlike MacOS, which utilizes an API for telemetry data, Windows offers backwards compatibility, posing challenges for security integration. Despite offering various APIs for security applications, Microsoft’s efforts to enhance integration were limited by the EU ruling.
However, some experts argue that the focus should be on improving security controls rather than shifting blame to regulatory bodies. As technology continues to play a crucial role in society, the need for robust security measures at the OS level becomes increasingly important.
In conclusion, the incident involving CrowdStrike and Windows has raised questions about the balance between interoperability and security in the tech industry, shedding light on the complexities of regulatory compliance and system integrity.