An article published by The Wall Street Journal today ended with an interesting point raised by a Microsoft spokesman regarding the security of the Windows operating system. The spokesman, while not quoted verbatim, is said to have told the WSJ that a 2009 deal with the European Commission is the reason why Microsoft can't lock down its operating system more to boost security.
Following a complaint, the spokesman said, Microsoft agreed back in 2009 with the European Commission that it would give makers of security software the same level of access to Windows that Microsoft gets. This decision means security software vendors have a greater ability to muck up systems as
CrowdStrike did this week when it crippled 8.5 million Windows PCs worldwide. Microsoft has since come to the rescue with an
auto-fix tool for affected users.
The document that outlines the agreement between Microsoft and the European Commission is available as a
Doc file on Microsoft's website.
The document states that Microsoft is obligated to make available its APIs in its Windows Client and Server operating systems that are used by its security products to third-party security software makers. The document says that Microsoft has to also document the APIs on the Microsoft Developer Network except where they create security risks.
Giving security software vendors access to these APIs, while good for a level playing field, which is what the EU was concerned about, it's not great for security as we saw this week when CrowdStrike knocked very important machines offline causing chaos worldwide.
Ironically, while the EU was aiming to make things fair, Apple and Google which make macOS and ChromeOS are not bound by the same restrictions... yet. According to the WSJ, Apple told developers in 2020 that its operating system would no longer give them kernel-level access. While this change meant developers had to change their software, it also meant less could go wrong.
www.neowin.net
