Microsoft on Thursday announced plans to make Windows more resilient to incidents caused by security firms, such as the global outage caused by CrowdStrike earlier this year that took millions of Windows computers offline for more than a day. At a security summit hosted by the company, the Windows maker said it would assist these security vendors in modifying their solutions to operate outside kernel mode on Windows, which provides an elevated level of access to the system along with more advanced functionality.
In a statement issued after its recently concluded Windows Endpoint Security Ecosystem Summit, Microsoft said that it discussed the creation of new platform capabilities on Windows that would enable security vendors to offer more features outside of the Windows kernel, which in turn would improve security on the operating system.
Existing security solutions for Windows involve the use of software that runs at the Windows kernel level, which provides these apps with a greater degree of access to the system compared to regular applications. They can also scan other apps that are loaded into memory in order to intercept security threats or modify system files if necessary.
While kernel level access offers benefits for security vendors, a badly configured software update can adversely affect systems — such as the one rolled out by CrowdStrike in July that led to a massive global outage. In order to keep customers' devices protected from these incidents, Microsoft would need to make sure these security vendors operate outside the Windows kernel.
At Microsoft's security summit, the company discussed the requirements of security vendors and the key challenges to implementing a more secure Windows environment, while allowing these firms to continue offering security features. These include potential performance issues and challenges outside kernel mode, sensor requirements, and anti-tampering protection, according to the Windows maker.
"As a next step, Microsoft will continue to design and develop this new platform capability with input and collaboration from ecosystem partners to achieve the goal of enhanced reliability without sacrificing security," Microsoft said on Thursday.
