Security News Microsoft points finger at the EU for not being able to lock down Windows

Gandalf_The_Grey

Level 81
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,082
An article published by The Wall Street Journal today ended with an interesting point raised by a Microsoft spokesman regarding the security of the Windows operating system. The spokesman, while not quoted verbatim, is said to have told the WSJ that a 2009 deal with the European Commission is the reason why Microsoft can't lock down its operating system more to boost security.

Following a complaint, the spokesman said, Microsoft agreed back in 2009 with the European Commission that it would give makers of security software the same level of access to Windows that Microsoft gets. This decision means security software vendors have a greater ability to muck up systems as CrowdStrike did this week when it crippled 8.5 million Windows PCs worldwide. Microsoft has since come to the rescue with an auto-fix tool for affected users.

The document that outlines the agreement between Microsoft and the European Commission is available as a Doc file on Microsoft's website.

The document states that Microsoft is obligated to make available its APIs in its Windows Client and Server operating systems that are used by its security products to third-party security software makers. The document says that Microsoft has to also document the APIs on the Microsoft Developer Network except where they create security risks.

Giving security software vendors access to these APIs, while good for a level playing field, which is what the EU was concerned about, it's not great for security as we saw this week when CrowdStrike knocked very important machines offline causing chaos worldwide.

Ironically, while the EU was aiming to make things fair, Apple and Google which make macOS and ChromeOS are not bound by the same restrictions... yet. According to the WSJ, Apple told developers in 2020 that its operating system would no longer give them kernel-level access. While this change meant developers had to change their software, it also meant less could go wrong.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top