Some anti-competitive concerns raised from potential kernel access restrictions.
Microsoft has been considering enabling security solution operations outside the kernel mode.
The decision follows the massive global IT outage in July that stemmed from a botched update of the CrowdStrike Falcon platform, which has kernel-level operations, SC US reports.
Allowing out-of-kernel operations for security solutions would reduce the likelihood of widespread blue screen of death occurrences from faulty software updates, according to Microsoft vice president of enterprise and operating system security, David Weston, who noted that the firm has been exploring anti-tampering protections, secure-by-design goals, and security sensor requirements needed for such capabilities.
"Both our customers and ecosystem partners have called on Microsoft to provide additional security capabilities outside of kernel mode which, along with [Safe Deployment Practices], can be used to create highly available security solutions," said Weston.
However, such a development has raised anti-competitive concerns stemming from potential kernel access restrictions.
"Regulators need to be paying attention. A world where only Microsoft can provide effective endpoint security is not a more secure world. The problem isn't [locking] your kernel down. It's locking it down for everyone else but still letting your own solution have privileged access," said Cloudflare co-founder and CEO Matthew Prince.
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
