Microsoft has been considering enabling security solution operations outside the kernel mode following the massive global IT outage in July that stemmed from a botched update of the CrowdStrike Falcon platform, which has kernel-level operations, SC Media reports.
Allowing out-of-kernel operations for security solutions would reduce the likelihood of widespread blue screen of death occurrences from faulty software updates, according to Microsoft Vice President of Enterprise and Operating System Security David Weston, who noted that the firm has been exploring anti-tampering protections, secure-by-design goals, and security sensor requirements needed for such capabilities.
"Both our customers and ecosystem partners have called on Microsoft to provide additional security capabilities outside of kernel mode which, along with [Safe Deployment Practices], can be used to create highly available security solutions," said Weston. However, such a development has raised anticompetitive concerns stemming from potential kernel access restrictions.
"Regulators need to be paying attention. A world where only Microsoft can provide effective endpoint security is not a more secure world. The problem isn't [locking] your kernel down. It's locking it down for everyone else but still letting your own solution have privileged access," said Cloudflare co-founder and CEO Matthew Prince.