Skip to main content

Microsoft starts campaign to make Windows security more like Mac post-CrowdStrike

CrowdStrike has nearly run its full course of damage, and Microsoft is looking ahead to prevent the next such catastrophe. Step one in the company’s playbook? Follow Apple’s lead and make Windows security more Mac-like by limiting kernel access.

Microsoft intends to limit kernel access, following Apple’s example

John Cable writes for Microsoft’s IT blog:

This incident shows clearly that Windows must prioritize change and innovation in the area of end-to-end resilience. These improvements must go hand in hand with ongoing improvements in security and be in close cooperation with our many partners, who also care deeply about the security of the Windows ecosystem.

Examples of innovation include the recently announced VBS enclaves, which provide an isolated compute environment that does not require kernel mode drivers to be tamper resistant, and the Microsoft Azure Attestation service, which can help determine boot path security posture. These examples use modern Zero Trust approaches and show what can be done to encourage development practices that do not rely on kernel access.

Some might wonder: who is this John Cable?

Cable is the Vice President of Windows Servicing and Delivery, which his profile says is “the organization responsible for keeping the billion+ Windows devices protected and productive.”

He may not be Satya Nadella, but he sure sounds like one of the main people responsible for ensuring an outage like CrowdStrike never happens again.

That means his words carry a lot of weight.

Microsoft isn’t just issuing an empty apology with vague promises. It’s loudly signaling its intention to limit kernel access for companies like CrowdStrike in the future.

The company won’t be stripping away kernel privileges in a forthcoming Windows update. A shift like this will take significant time. But Microsoft’s direction for the future appears clear.

Why Macs weren’t impacted by CrowdStrike

Apple’s strict Mac security protocols don’t allow the same kind of kernel access to third parties as Windows does. This is why Macs weren’t impacted by the CrowdStrike outage.

Though I’ve joked that CrowdStrike was a free marketing campaign for the Mac, I didn’t actually expect Microsoft to implement serious security changes that follow the Mac’s example. The company outright said it couldn’t—but apparently it intends to try.

It will take some time before we see the fruits of Microsoft’s efforts. But here’s hoping the world won’t have to face an incident like CrowdStrike again before we do.

Do you think Microsoft will follow through and restrict kernel access? Let us know in the comments.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Ryan Christoffel Ryan Christoffel

Ryan got his start in journalism as an Editor at MacStories, where he worked for four years covering Apple news, writing app reviews, and more. For two years he co-hosted the Adapt podcast on Relay FM, which focused entirely on the iPad. As a result, it should come as no surprise that his favorite Apple device is the iPad Pro.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications