• aardA
    link
    fedilink
    English
    arrow-up
    10
    arrow-down
    1
    ·
    4 months ago

    This doesn’t have anything to do with user control - modern windows versions need drivers to be WHQL signed to get that kind of access. Alternatively you’ll need to enable developer mode on your system, and install your own developer certificate into its keyring for running own code, which has its own drawbacks.

    Crowdstrike is implemented as a device driver - but as there is no device Microsoft could’ve argued that this is abusing the APIs, and refused the WHQL certification. Microsofts own security solution (Defender) also is implemented as a device driver, though, and that’s what the EU ruling is about: Microsoft needs to provide the same access they’re using in their own products to competitors. Which is a good thing - but if Microsoft didn’t have Defender, or they’d have done it without that type of access it’d have been fully legal for them to deny the certification for Crowdstrike.

    Both MacOS and Linux have the ability to run the type of thing that requires those privileges on Windows in an unprivileged process - and on newer Linux versions Crowdstrike is using that (older versions got broken by them the same way they now broke Windows). So Microsoft now trying to blame the EU can be seen as an attempt to keep people from questioning why Microsoft didn’t implement a low privilege API as well, which would’ve prevented this whole mess.