Microsoft is building new Windows security features to prevent another CrowdStrike incident

kac77

2[H]4U
Joined
Dec 13, 2008
Messages
3,447

Microsoft is building new Windows security features to prevent another CrowdStrike incident

Microsoft is announcing plans to make changes to Windows that will help CrowdStrike and other security vendors operate outside of the Windows kernel. The announcement stems from a Microsoft-hosted security summit earlier this week at the company’s Redmond, Washington, headquarters, where it discussed changes to Windows in the wake of the disastrous CrowdStrike incident in July.
By Tom Warren, a senior editor and author of Notepad, who has been covering all things Microsoft, PC, and tech for over 20 years.
Sep 12, 2024, 2:30 PM EDT
 
They're switching to Linux? :woot:

Mental Outlaw thinks this could help Linux gaming since anti-cheat would be outside of the kernel........? Silver Lining After The CrowdStrike Incident But have to love the quote from Cloudflare's CEO
Regulators need to be paying attention. A world where only Microsoft can provide effective endpoint security is not a more secure world.
Agree with his statement, but CrowdStrike downing millions of PC's makes us more secure.........too? 🤷‍♂️
 
Didn't some of Crowdies competitors already run with much less software inside the kernel?
 
They're switching to Linux? :woot:

Mental Outlaw thinks this could help Linux gaming since anti-cheat would be outside of the kernel........? Silver Lining After The CrowdStrike Incident But have to love the quote from Cloudflare's CEO

Agree with his statement, but CrowdStrike downing millions of PC's makes us more secure.........too? 🤷‍♂️
They've been following the footsteps of Linux for at least the past decade. But the problem is that Windows is a big girl. She chunky and it's not easy to replace all of that on a whim.
 
They're switching to Linux? :woot:

Mental Outlaw thinks this could help Linux gaming since anti-cheat would be outside of the kernel........? Silver Lining After The CrowdStrike Incident But have to love the quote from Cloudflare's CEO

Agree with his statement, but CrowdStrike downing millions of PC's makes us more secure.........too? 🤷‍♂️
We joke but Microsoft is working to close off the Kernel.
Microsoft called out the EU and hung them to dry because it is an EU ruling from 2009 that legally requires Microsoft to keep it open.
I get the impression that the EU is revising that decision now.
Supposedly the legal process for determining fault and ultimately some degree of financial responsibility hit brick wall when lawyers tried to shift the blame to Microsoft, who simply pointed to the EU ruling that says "We're not legally allowed to implement the fixes that would prevent this" and left. Which then set the lawyers back to pointing at CrowdStrike and the EU, they aren't getting money out of the EU, and CrowdStrike... Might as well squeeze blood from a stone because they can't cover those losses.

https://www.euronews.com/next/2024/07/22/microsoft-says-eu-to-blame-for-the-worlds-worst-it-outage
 
They're switching to Linux? :woot:

Mental Outlaw thinks this could help Linux gaming since anti-cheat would be outside of the kernel........? Silver Lining After The CrowdStrike Incident But have to love the quote from Cloudflare's CEO

Agree with his statement, but CrowdStrike downing millions of PC's makes us more secure.........too? 🤷‍♂️
MS own cumulative patches can down 10's of thousands of computers at any given month.....

Crowdstrike has made Windows far more secure than it is on its own, or even using defender. Yes it sucks this happened, but unless MS finds a way to secure such tools outside of the kernel, while also not allowing easy disable ability by malicious tools that also run outside the kernel...
 
The Crowdstrike catastrophe just made Microsoft's shoddy coding more obvious to everyone. Their Windows updates have been absolute garbage the last several years, with some issues that Microsoft has openly refused to fix, which is very telling. If it took millions of computers going down to expose Microsoft's vulnerabilities and to finally get them to do something, then that's a good thing. Maybe Microsoft will start focusing on making a more stable and secure operating system instead of working on features nobody cares or asked for. Ransomware is also something that Microsoft needs to get a handle on. It shouldn't be this easy for hackers to exploits billions of dollars out of everyone. They should use all their AI features to circumvent all these jerk wads trying to attack people and companies all around the world, like letting people know when an email message, app, or whatever is probably shady and letting the user know that they shouldn't have anything to do with them. They could probably leverage Windows Recall to do this in some way. It's time Microsoft dislodged their heads from their arses.
 
We joke but Microsoft is working to close off the Kernel.
Microsoft called out the EU and hung them to dry because it is an EU ruling from 2009 that legally requires Microsoft to keep it open.

There shouldn't be a need to close off the kernel, aka forcing vendors.

There need to be facilities in the kernel that allow vendors to run the complicated parts of their code in userland and still have an interface to the kernel to access what they are accessing now. Unix derivatives are way ahead here, with Dtrace and eBPF.
 
There shouldn't be a need to close off the kernel, aka forcing vendors.

There need to be facilities in the kernel that allow vendors to run the complicated parts of their code in userland and still have an interface to the kernel to access what they are accessing now. Unix derivatives are way ahead here, with Dtrace and eBPF.
Linux, Unix, Apple, are all examples of a closed kernel.
The kernel has restrictions and access is controlled via UID.

Windows just let you run things in Kernel mode.
 
Well, fundamentally they face the same problems of running things in or out of kernel.

But there is one big difference: tracing and inspecting frameworks like Dtrace and eBPF are built while their use cases are known and most of the time the source code for the prospective usage is available.

That is not the case for random closed-source security products in the Windows world. So Microsoft has to shoot a little blind. It is great that they hold meetings like the one that opened this thread, but it's not a replacement for actually knowing what the vendors are doing.
 

Microsoft is building new Windows security features to prevent another CrowdStrike incident

Microsoft is announcing plans to make changes to Windows that will help CrowdStrike and other security vendors operate outside of the Windows kernel. The announcement stems from a Microsoft-hosted security summit earlier this week at the company’s Redmond, Washington, headquarters, where it discussed changes to Windows in the wake of the disastrous CrowdStrike incident in July.
By Tom Warren, a senior editor and author of Notepad, who has been covering all things Microsoft, PC, and tech for over 20 years.
Sep 12, 2024, 2:30 PM EDT
All I see when I read stuff like this is... all of us being pushed out of our PC platforms because anything prior to a certain generation won't be compatible with this crap. Honestly, this stuff always reads to me like forced obsolescence. I assume you are all aware that Windows 11 will run on old school single core Pentium processors from the dawn of time... Adoption of another one of these standards will likely be pushing new computer systems along with it on Windows 12. None of these announcements are consumer friendly.
 
All I see when I read stuff like this is... all of us being pushed out of our PC platforms because anything prior to a certain generation won't be compatible with this crap. Honestly, this stuff always reads to me like forced obsolescence. I assume you are all aware that Windows 11 will run on old school single core Pentium processors from the dawn of time... Adoption of another one of these standards will likely be pushing new computer systems along with it on Windows 12. None of these announcements are consumer friendly.
They’ve already done that with the TPM nonsense and Windows 11.
 
All I see when I read stuff like this is... all of us being pushed out of our PC platforms because anything prior to a certain generation won't be compatible with this crap. Honestly, this stuff always reads to me like forced obsolescence. I assume you are all aware that Windows 11 will run on old school single core Pentium processors from the dawn of time... Adoption of another one of these standards will likely be pushing new computer systems along with it on Windows 12. None of these announcements are consumer friendly.

If they don't change things enough, people complain that it's stuck in the past and calls for removal of backwards compatibility so that it works better. Get rid of the legacy stuff, remove backwards compatibility, remove all that old garbage and you'd have a much more secure, reliable, slim OS.

If they DO change things, people complain its forced obsolescence. Which is kind of nonsense. No one is forcing you to upgrade to the latest and greatest. If you're comfortable using your Pentium 2 CPU with 64MB of RAM with Windows 95 and are upset you can't upgrade to Windows 11 because they're forcing you to upgrade your hardware and software? That's on you. I also don't expect them to keep supporting older versions beyond a decade (or more) as many want them to do. It's not just the nature of most things, including technology, it's always been the nature of things with computers.

But, Linux, MAC, Chrome OS, Android, iOS, routers, switches, so much more... If you want the latest and greatest firmware or software, you're going to have to upgrade the hardware at some point. Forced obsolescence? Nah, keep using your old stuff with it's limit of it's time. But, if you want the latest and greatest - yes, you need to upgrade. Kind of the "Can it play Crysis?" thing. 486? Can't say it's forced obsolescence and they're making you upgrade/anti-consumer just because a game that requires a lot of processing power can't work on your outdated machine. Yes, you're forced to upgrade if you want to play the game. Same with the OS. At least they keep the same CPU arch support, unlike Apple that bounces around every so often (68000, PowerPC, x86, ARM).
 
If they don't change things enough, people complain that it's stuck in the past and calls for removal of backwards compatibility so that it works better. Get rid of the legacy stuff, remove backwards compatibility, remove all that old garbage and you'd have a much more secure, reliable, slim OS.

If they DO change things, people complain its forced obsolescence. Which is kind of nonsense. No one is forcing you to upgrade to the latest and greatest. If you're comfortable using your Pentium 2 CPU with 64MB of RAM with Windows 95 and are upset you can't upgrade to Windows 11 because they're forcing you to upgrade your hardware and software? That's on you. I also don't expect them to keep supporting older versions beyond a decade (or more) as many want them to do. It's not just the nature of most things, including technology, it's always been the nature of things with computers.

But, Linux, MAC, Chrome OS, Android, iOS, routers, switches, so much more... If you want the latest and greatest firmware or software, you're going to have to upgrade the hardware at some point. Forced obsolescence? Nah, keep using your old stuff with it's limit of it's time. But, if you want the latest and greatest - yes, you need to upgrade. Kind of the "Can it play Crysis?" thing. 486? Can't say it's forced obsolescence and they're making you upgrade/anti-consumer just because a game that requires a lot of processing power can't work on your outdated machine. Yes, you're forced to upgrade if you want to play the game. Same with the OS. At least they keep the same CPU arch support, unlike Apple that bounces around every so often (68000, PowerPC, x86, ARM).
Does anything about Windows 11 seem slim to you? Lol ;) (y)
 
But, Linux, MAC, Chrome OS, Android, iOS, routers, switches, so much more... If you want the latest and greatest firmware or software, you're going to have to upgrade the hardware at some point.

Errr, with Linux? Not so much. Some old drivers for hardware that was crap even when it was new get kicked out sometime before they are as old as the pyramids, but the base computer keeps working.

For Android you have alternative OS packages that allow you to have fixes from recent OSes on supposedly too-old hardware.
 
Does anything about Windows 11 seem slim to you? Lol ;) (y)

Absolutely not. But, it can run programs from several decades ago (some definitely won't run). If they were to update, build from the ground up, and remove a lot of that backward compatibility, it'd be a lot slimmer. But, like with XP and Vista, it'd be called crap because it wouldn't run some hardware devices due to the way driver security was implemented in those OS's (printers and scanners were a big one).
 
They've been following the footsteps of Linux for at least the past decade. But the problem is that Windows is a big girl. She chunky and it's not easy to replace all of that on a whim.
You might be surprised what MS has running already internally. Their Linux cloud OS has given them a lot of valuable experience. And the rumors of internal workstation MS Linux distros are true. All windows really has to be is a desktop environment. Linux has a ton of compositors, MS I have no doubt could make their own but they could fork anything they want really. Running windows software on Linux with wine fairly seamless but for sure Microsoft could bake in a proper compatibility mode of their own. Its not like the windows API can't work on Linux, MS just hasn't done that. (or at least they haven't released that) It wouldn't be the first time MS has had a mode to support older versions of windows. There really isn't any core MS tech that is incompatible with Linux. Without any help from MS Linux is in many ways the superior gaming OS these days.... but MS could for sure run their own tools to make it 100%.... they also aren't required to share those tools. I mean just because MS decides to swap out their kernel... Linux distros don't instantly become a flavor of windows 12/13.

End of the day all it would mean is MS can rely on the general industry for security... perhaps take a bit of blame and responsibility directly off them (not in all regards). IMO they should have done it already, the main advantage for MS is cost savings. No more need to worry about developing next gen file systems (which they have sucked at). Training time goes down... its much easier to hire a kernel engineer with a ton of Linux experience then to hire an external MS kernel experience engineer (as they don't exist). They could also go the super lean way and hire no one at all to do that work... and just support projects that support their goals. (this is the method Valve as an example has employed DXVK Gamescope and other bits that make Linux gaming so good these days were funded by Valve but not done by them) Same advantages in terms of file system development and the like.
 
You might be surprised what MS has running already internally. Their Linux cloud OS has given them a lot of valuable experience
And Externally, I’ve got 3 boxes running it for their hyper converged environment.
CBL-Mariner is actually pretty solid as long as you are using supported hardware.
There is no room to explore with this OS it’s very cut and dry.

https://github.com/microsoft/azurelinux
https://microsoft.github.io/CBL-Mariner/docs/

I won’t be keeping the OS running for much longer though. It doesn’t provide me anything at my scale other than increased headaches.
 
About this update. Sometimes you just have to learn from experience. I recall reading something like this once. "In the railroad industry, new safety rules are written in blood," meaning after an accident that causes injury or death.
 
1730783128749.png
 
Back
Top