Microsoft blames EU rules for failure to lock down Windows after CrowdStrike incident
Microsoft is reportedly investigating whether restrictions imposed by the European Commission may be partly to blame for worsening problems with Windows systems during the recent CrowdStrike outage.
The Wall Street Journal (WSJ) notes that in an interesting point regarding the security of Windows operating systems, the Microsoft spokesperson pointed out that a 2009 agreement with the Commission prevented the company from more rigorously improving the security of the operating system.
The agreement, reached in response to a complaint, required Microsoft to provide security software developers with the same level of access to Windows as the company itself.
Microsoft claims European Commission is hampering security
The decision, intended to boost competition, inadvertently gave outside suppliers the opportunity to disrupt systems.
The agreement requires Microsoft to share its APIs for Windows Client and Server operating systems with third-party security software developers. But last week’s incident highlighted the risks of this openness.
On the other hand, since 2020, Apple has restricted developers’ access to its operating systems at the kernel level. Google is also not bound by such rules.
Despite the clear security benefits of an OS lockdown, it is unlikely that the EU will allow Microsoft to restrict certain developer access, given its previous decision. The Commission has also kept a close eye on Microsoft in recent months, with two major antitrust cases relating to the bundling of Teams within Microsoft 365 and the company’s dominance in the cloud market making headlines.
Microsoft’s displeasure with the European Commission comes days after a CrowdStrike update accidentally crashed 8.5 million Windows PCs worldwide, prompting Microsoft to respond by giving affected users access to an automatic repair tool.
Ny Breaking has offered Microsoft the opportunity to share more context, but the company has not immediately responded.