Microsoft is preparing a major change to Windows that will fundamentally alter the way antivirus and endpoint security work.
This significant shift was recently highlighted by The Verge, stemming from a troubling incident last year when a flawed update from CrowdStrike led to the crash of over 8.5 million Windows machines. In light of such vulnerabilities, Microsoft has decided to restrict security software from operating at the kernel level, aiming to mitigate future risks.
In a collaborative effort with notable security firms including CrowdStrike, Bitdefender, ESET, and Trend Micro, Microsoft is crafting a new security platform. This partnership is particularly noteworthy as it brings together competitors to collectively shape the future of endpoint security. David Weston, who oversees OS security at Microsoft, emphasized that this initiative is a cooperative venture, with Microsoft not dictating terms but rather establishing new standards in conjunction with industry leaders.
Microsoft wants to limit risks
Historically, antivirus and detection software have enjoyed deep access to the kernel, the core of the operating system that interfaces directly with hardware and memory. While this access empowers the software, it also introduces significant vulnerabilities. The repercussions of a misstep can be severe, as demonstrated by the previous incident. To address this, Microsoft is implementing a strategy that will keep security software outside the kernel moving forward.
The transition will commence with a private preview, allowing security companies to provide valuable feedback on the forthcoming changes. The rollout will be gradual, initially impacting antivirus and endpoint detection software, with other applications—such as anti-cheat systems in gaming—set to follow. This latter category presents unique challenges, particularly in the gaming sector where users often attempt to bypass security measures themselves.
Microsoft is responding to a growing demand for these changes, especially from clients who were affected by the CrowdStrike incident. Concurrently, the company is set to introduce a new recovery feature in an upcoming Windows update: Quick Machine Recovery. This tool aims to swiftly restore systems that fail to boot, utilizing the Windows recovery environment.
In a further evolution of the user experience, the iconic blue crash screen will be retired. Microsoft is replacing the familiar “Blue Screen of Death” with a sleek black screen as part of its broader platform updates, marking a new era in Windows stability and security.
