When almost a year of the catastrophe caused by a Crowdstrike update that left more than 8.5 million computers and Windows systems throughout the world, Microsoft wants to make sure it doesn’t give again A situation or remotely similar.
Therefore, after a meeting with security suppliers last year, those of Redmond are finalizing the development of a Windows update, which will soon be launched in a private test phase, with changes that would take out the applications of Antivirus and EDR (Endpoint Detection and Response) outside the Windows kernel.
This new Windows Endpoint security platform, according to The Verge, is developed in collaboration in various security tools suppliers, among which Crowdstrike is.
Of course, the company has stressed that this does not imply that from Microsoft they will put rules that expect everyone to continue immediately, but is rather a process in which all interested parties develop the rules jointly, and that, according to David Weston, Vice President of Company and Operating System Security in Microsoftthe company is not «To tell others how the API should work, but we are to listen and offer security and reliability«.
For decades, Microsoft has developed Windows so that it has allowed developers to create integrated security software at a deep level in the operating system, running at the Kernel level in Windows. That is why the ruling in the Crowdstrike update caused such a serious problem, and showed how easy it is that when a driver at the kernel level has a problem, leave a computer out of combat.
The company has put to work in the solution and safety changes to get it to several of its engineers with more knowledge. Among others, some of the Windows Kernel architects, and also people who do not usually work in the security sector, but on that of operating systems.
The private test version will give security suppliers the opportunity to ask for changes. Weston expects several versions to be still ready for suppliers to be online to make their changes. In addition, he acknowledges that he will not solve all the problems with the drivers at Kernel level. Weston emphasizes that his goal «It is starting with AV and EDR, but there will probably be kernel drivers for a while, while we move forward to work with the following use cases«.
It will still take time to both Microsoft and security suppliers some time adapt to these Windows changes, although Microsoft is confident that by its customers the new system will achieve great adoption and acceptance, since customers have been asking for changes in the system from the Crowdstrike incident.
Besides, Microsoft will launch a Windows update at the end of this summer that will include one New rapid system recovery functiondesigned to restore machines that cannot be started quickly. It makes a device enter the Windows recovery environment mode, where the system can access the network and offer Microsoft information about diagnosis. According to Weston, it would have liked to have for last year’s incident.