Jul 22, 2024 14:05:00

Microsoft blames CrowdStrike for outages on European Commission complaint, highlighting why Macs were unscathed

In connection with

the CrowdStrike incident, a global IT outage that occurred on July 19, 2024, it has been reported that Microsoft has suggested that 'complying with requests from the European Commission in 2009 led to failure to prevent the CrowdStrike crash from spreading to Windows.'

Blue Screens Everywhere Are Latest Tech Woe for Microsoft - WSJ
https://www.wsj.com/tech/cybersecurity/microsoft-tech-outage-role-crowdstrike-50917b90

Microsoft points finger at the EU for not being able to lock down Windows - Neowin
https://www.neowin.net/news/microsoft-points-finger-at-the-eu-for-not-being-able-to-lock-down-windows/

On July 19, 2024, a large-scale failure occurred on Windows terminals with CrowdStrike security products installed, causing repeated blue screen displays and reboots. Although on a smaller scale than this time, a similar problem has previously occurred in Linux distributions.

You can read more about the CrowdStrike kernel bug that caused Linux distributions to crash below.

CrowdStrike's PC boot failure problem has also occurred on Linux distributions in the past - GIGAZINE

CrowdStrike has caused OS crashes on Windows and Linux distributions, but no major issues have been reported so far on macOS.

Tenable CEO Amit Yolan, speaking to The Wall Street Journal (WSJ), explained why the Mac was spared from this problem: 'Apple operates a closed ecosystem, so it's able to strike a much healthier balance than other platforms by forcing upgrades, forcing apps to take proper security measures, or banning them from the App Store.'

The reason why the CrowdStrike bug had such a devastating impact in the first place is because the company's security software, CrowdStrike Falcon, runs on the kernel, which is the foundation of Windows.

CrowdStrike explains that 'Kernel-mode security measures are the only way to detect and protect against malware that runs in kernel mode. As endpoint detection and response (EDR) software, kernel mode is essential in order to properly identify what is happening and consider how to respond.' However, in this case, the fact that CrowdStrike Falcon was running at the heart of Windows backfired.

Meanwhile, Apple told security developers in 2020 that it would not allow kernel-level access. This is a headache for Apple's partners, but it's also the reason why Macs are no longer susceptible to problems like this, said Patrick Wardle, CEO of Mac security software company DoubleYou.

But Microsoft can't prevent other companies from accessing the operating system kernel because, under a 2009 contract with the European Commission, Microsoft must give security software developers the same level of access to Windows as Microsoft does.

According to the agreement between Microsoft and the European Commission, Microsoft is obligated to open up the APIs of its Windows client and server operating systems used in its security products to external software developers. This helps achieve the fairness that the EU aims for, but is undesirable from a security perspective, as IT news site Neowin points out.

A Microsoft spokesperson told the WSJ, 'Because we reached an agreement following a complaint from the European Commission, we cannot legally block our operating system like Apple has.'

Neowin, which covered the WSJ report, said, 'A Microsoft spokesperson told the WSJ, without directly stating that a 2009 contract with the European Commission is the reason Microsoft can no longer lock down its operating system to make it more secure.'