By using this site, you agree to the Privacy Policy and Terms of Use.
Accept

News Junction

Notification Show More
Font ResizerAa
  • Home
  • World News
    World NewsShow More
    FIFA president Gianni Infantino criticised by European football chiefs over decision to join Donald Trump tour | World News
    FIFA president Gianni Infantino criticised by European football chiefs over decision to join Donald Trump tour | World News
    May 16, 2025
    Arctic Worries: Melting Ice, and a Russia-China Partnership
    Arctic Worries: Melting Ice, and a Russia-China Partnership
    May 16, 2025
    Largest US retailer Walmart warns of price hikes because of tariffs | Trade War News
    Largest US retailer Walmart warns of price hikes because of tariffs | Trade War News
    May 15, 2025
    EU nation slams Russia over ‘slap in the face’ — RT World News
    EU nation slams Russia over ‘slap in the face’ — RT World News
    May 15, 2025
    Fed’s Powell cautions about higher long-term rates as ‘supply shocks’ provide policy challenges
    Fed’s Powell cautions about higher long-term rates as ‘supply shocks’ provide policy challenges
    May 15, 2025
  • Business
    BusinessShow More
    Ukraine blows up bridges to consolidate its positions in Russia
    Ukraine blows up bridges to consolidate its positions in Russia
    August 18, 2024
    Commentary: AI phones from Google and Apple will erode trust in everything
    Commentary: AI phones from Google and Apple will erode trust in everything
    August 18, 2024
    The most famous Indian Dishes – Insights Success
    The most famous Indian Dishes – Insights Success
    August 18, 2024
    Life on the road as a female long rides cyclist
    Life on the road as a female long rides cyclist
    August 18, 2024
    UK inflation rises to 2.2%
    UK inflation rises to 2.2%
    August 18, 2024
  • Cryptocurrency
    CryptocurrencyShow More
    FTX Token surges 14% ahead of B creditor distribution
    FTX Token surges 14% ahead of $5B creditor distribution
    May 16, 2025
    Could Ruvi AI (RUVI) Be the Next Dogecoin (DOGE)? Analysts Suggest it Will Skyrocket by 20,000% During Altcoin Season
    Could Ruvi AI (RUVI) Be the Next Dogecoin (DOGE)? Analysts Suggest it Will Skyrocket by 20,000% During Altcoin Season
    May 16, 2025
    Bitcoin Long-Term Holders Supply Sees Second Consecutive Decline After Period Of Growth
    Bitcoin Long-Term Holders Supply Sees Second Consecutive Decline After Period Of Growth
    May 16, 2025
    U.S. Senate’s Stablecoin Push Still Alive as Bill May Return to Floor: Sources
    U.S. Senate’s Stablecoin Push Still Alive as Bill May Return to Floor: Sources
    May 15, 2025
    BTC, ETH, XRP, BNB, SOL, DOGE, ADA, SUI, LINK, AVAX
    BTC, ETH, XRP, BNB, SOL, DOGE, ADA, SUI, LINK, AVAX
    May 15, 2025
  • Technology
    TechnologyShow More
    How to Improve Your Spotify Recommendations
    How to Improve Your Spotify Recommendations
    August 18, 2024
    X says it’s closing operations in Brazil
    X says it’s closing operations in Brazil
    August 18, 2024
    Supermoon set to rise: Top tips for amateur photographers | Science & Tech News
    Supermoon set to rise: Top tips for amateur photographers | Science & Tech News
    August 18, 2024
    Scientists Want to See Videos of Your Cat for a New Study
    Scientists Want to See Videos of Your Cat for a New Study
    August 18, 2024
    OpenAI’s new voice mode let me talk with my phone, not to it
    OpenAI’s new voice mode let me talk with my phone, not to it
    August 18, 2024
  • Entertainment
  • Sports News
  • People
  • Trend
Reading: Why is CrowdStrike allowed to run in the Windows kernel?
Share
Font ResizerAa

News Junction

  • World News
  • Business
  • Technology
  • Cryptocurrency
  • Trend
  • Entertainment
Search
  • Recent Headlines in Entertainment, World News, and Cryptocurrency – NewsJunction
  • World News
  • Business
  • Cryptocurrency
  • Technology
  • Entertainment
  • Sports News
  • People
  • Trend
Have an existing account? Sign In
Follow US
News Junction > Blog > Technology > Why is CrowdStrike allowed to run in the Windows kernel?
Why is CrowdStrike allowed to run in the Windows kernel?
Technology

Why is CrowdStrike allowed to run in the Windows kernel?

Published July 26, 2024
Share
7 Min Read
SHARE

A 2009 EU anti-competition ruling has been used as a line of defence by Microsoft as questions are being asked over why a third-party product was able to take down Windows.

On Friday 19 July, 8.5 million PCs experienced the so-called Blue Screen of Death, which occurs when the Windows operating system (OS) experiences a major fault and halts to prevent further damage.

Such events do occur, but the root cause has been identified as a buggy update in third-party anti-virus software called Falcon, provided by CrowdStrike. The buggy file should have been detected by Falcon, but it too had a bug which read the file and caused it to crash.

Crashes are a regular occurrence for PC users, but very rarely do they cause the system to halt. In this case, however, as Computer Weekly has previously reported, Falcon runs as a kernel mode device driver at what is known as Ring Zero. This gives it full access to the Windows operating system, which is the same access core Windows components developed by Microsoft have.

The reason, according to Microsoft, that CrowdStrike, has this access, is due to a 2009 European Commission ruling, which stipulates that Microsoft must ensure that third-party products can interoperate with Microsoft’s relevant software products using the same interoperability information on an equal footing as other Microsoft products.

Microsoft software licensing expert Rich Gibbons said: “Microsoft has received some criticism for the fact that a third party was able to affect Windows at such a deep technical level. It’s interesting that Microsoft has pointed out the fact this stems from a 2009 EU anti-competition ruling that means Microsoft must give other security companies the same access to the Windows kernel as they have themselves.”

Gibbons believes that given the 2009 interoperability ruling means it is possible for other organisations to disrupt Windows in the same way the CrowdStrike kernel device driver did, Microsoft may use the catastrophe to push-back on EU intervention.

“Will Microsoft use the CrowdStrike situation to push back on this ruling and/or future such rulings around interoperability of Microsoft products, and will it use this as an additional lever to move customers towards their own security products?” he questioned.

What is clear is that prior to CrowdStrike, Microsoft had not publicly raised security concerns over the security risks of providing the access to the same application programming interfaces (APIs) that Microsoft uses internally.

It is understood that Linux servers experienced a similar issue in April with CrowdStrike, which, according to some industry commentators, highlighted a failure in quality control that neither CrowdStrike nor Microsoft adequately addressed.

Apple MacOS was not affected by Friday’s crash, as it runs Apple Endpoint Security Framework, an API that anti-virus providers use to obtain telemetry information from the core MacOS operating system. This means that they do not need to have their code running within the core MacOS at Ring Zero, which is where the Windows version of CrowdStrike’s Falcon needed to run.

There are questions over why Microsoft has not provided something similar. Part of the problem is that Windows, unlike MacOS, offers backwards compatibility, spanning many years. But anti-competition regulations may also have had a role to play.

According to former Windows developer David Plummer, Microsoft does, in fact, offer a number of APIs for third-party antivirus security. “CrowdStrike defaults to kernel mode, presumably because it needs to do things that can’t be done from user mode,” Plummer said in a YouTube video.

“And to me, that’s where Microsoft could be responsible, because on the Windows platform, to the best of my knowledge, some of the CrowdStrike security functionality requires deep integration with the operating system that can only be currently achieved on the kernel side.”

Microsoft has a number of APIs including Windows Defender Application Control API and the Windows Defender Device Guard, which Plummer said provide mechanisms for controlling application execution and ensuring that only trusted code runs on the operating system.

He said that the Windows Filtering Platform (WFP) allows applications to interact with the network stack without requiring kernel level code. However, quoting sources within Microsoft, Plummer claimed that the company had actually “tried to do the right thing” by developing an advanced API designed specifically for security applications such as that from CrowdStrike.

“This API promised deeper integration with the Windows operating system, offering enhanced stability, performance and security,” he added.

But the EU 2009 ruling effectively prevented such integration as it could potentially have given Microsoft an unfair advantage.

However, Ian Brown, an independent consultant on internet regulation, argued that Microsoft should have better security controls, rather than attempting to put the blame of the CrowdStrike crash on the EU anti-competition commission.

In a blog, he wrote: “For technology-dependent societies’ resilience, OS kernel-level software and equivalents on socially critical infrastructure systems (like travel, healthcare and banking) need to be very carefully tested (and ideally run on top of a formally verified microkernel) and controlled. But OS monopolists shouldn’t be making the final decisions about precisely what those controls look like, where they have implications for competition.”

#CrowdStrike #allowed #run #Windows #kernel

TAGGED:allowedCrowdStrikekernelrunWindows
Share This Article
Facebook Twitter Pinterest Whatsapp Whatsapp LinkedIn Email Copy Link Print
Share
What do you think?
Love0
Sad0
Happy0
Sleepy0
Angry0
Dead0
Wink0
Previous Article Secrets of Success: Lee Bryan, CEO of Arcus Compliance Secrets of Success: Lee Bryan, CEO of Arcus Compliance
Next Article Russian and Chinese bombers on joint patrol intercepted over Alaska Russian and Chinese bombers on joint patrol intercepted over Alaska
- Advertisement -

Latest Post

FTX Token surges 14% ahead of B creditor distribution
FTX Token surges 14% ahead of $5B creditor distribution
Cryptocurrency
FIFA president Gianni Infantino criticised by European football chiefs over decision to join Donald Trump tour | World News
FIFA president Gianni Infantino criticised by European football chiefs over decision to join Donald Trump tour | World News
World News
Could Ruvi AI (RUVI) Be the Next Dogecoin (DOGE)? Analysts Suggest it Will Skyrocket by 20,000% During Altcoin Season
Could Ruvi AI (RUVI) Be the Next Dogecoin (DOGE)? Analysts Suggest it Will Skyrocket by 20,000% During Altcoin Season
Cryptocurrency
Arctic Worries: Melting Ice, and a Russia-China Partnership
Arctic Worries: Melting Ice, and a Russia-China Partnership
World News
Bitcoin Long-Term Holders Supply Sees Second Consecutive Decline After Period Of Growth
Bitcoin Long-Term Holders Supply Sees Second Consecutive Decline After Period Of Growth
Cryptocurrency
Largest US retailer Walmart warns of price hikes because of tariffs | Trade War News
Largest US retailer Walmart warns of price hikes because of tariffs | Trade War News
World News
- Advertisement -

You Might Also Like

ElevenLabs’ voice-generating tools launch out of beta
Technology

ElevenLabs’ voice-generating tools launch out of beta

August 23, 2023
Flexport taps Shopify for cash, behind the wheel of the Kia EV9 and where Amazon wants to invest
Technology

Flexport taps Shopify for cash, behind the wheel of the Kia EV9 and where Amazon wants to invest

January 22, 2024
Byju’s investors call for EGM to remove founder following rights issue
Technology

Byju’s investors call for EGM to remove founder following rights issue

February 1, 2024
First Reactions to DC’s Blue Beetle Movie Are Very Positive
Technology

First Reactions to DC’s Blue Beetle Movie Are Very Positive

August 12, 2023

About Us

NEWS JUNCTION (NewsJunction.xyz) Your trusted destination for global news. Stay informed with our timely and accurate reporting on diverse topics, including politics, technology, science, entertainment, sports, and more. Count on us for unbiased and reliable updates at your fingertips.

Quick Link

  • About
  • Disclaimer
  • Privacy Policy
  • Terms of Use
  • Contact

Top Categories

  • World News
  • Business
  • Technology
  • Entertainment
  • Cryptocurrency
  • Sports News
  • Trend
  • People

Subscribe

Subscribe to our newsletter to get our newest articles instantly!

    © 2023 News Junction.
    • Blog
    • Advertise
    • Contact
    Welcome Back!

    Sign in to your account

    Username or Email Address
    Password

    Lost your password?