Last Friday, a CrowdStrike failure caused thousands of computers with Microsoft Windows worldwide to be unable to turn on, affecting airlines, businesses, banks, hospitals, and railway networks. A failure that left computers trapped in continuous recovery loops, while computers with Mac and Linux operating systems did not suffer the same fate despite receiving the same software update. According to The Wall Street Journal, Microsoft has pointed to the European Union as one of the fundamental reasons for this vulnerability.
Microsoft could not, legally, apply the same protections as Apple or Linux
The Falcon security software from CrowdStrike, on Windows computers, acts as a kernel module, giving it full access to the system. This means that any software vulnerability can result in system failures. This capability contrasts with the protection on Apple computers, where, since macOS Catalina in 2019, kernel extensions have been prohibited and system extensions have been adopted that operate in user space. This approach has strengthened the stability and security of Macs, protecting them from problematic software updates like the one released by CrowdStrike.
The contrast in security management between Microsoft and Apple is not only due to technical decisions. According to Microsoft’s statements to The Wall Street Journal, the company attributes its inability to implement similar protections to Apple’s to an agreement with the European Commission. In 2009, Microsoft agreed to certain interoperability rules that allow third-party security applications to have the same level of system access as Microsoft. This agreement was part of a solution to multiple competition issues in Europe.
The European Union’s Digital Markets Act has pressured Apple to allow developers to offer apps through third-party stores and websites, something that Apple claims compromises its ability to detect, prevent, and take action against malicious apps. At the time, this claim may have seemed like an attempt to defend their positions, but now, the case of Microsoft and CrowdStrike makes it very clear that in terms of security, broader access can have very significant repercussions.
While billions of dollars in revenue have been lost and significant damage has been caused to all kinds of industries, including medical centers, due to last Friday’s failure, Microsoft’s message about its inability to improve the security of Windows systems does not go unnoticed.
While we can now recover the affected machines, Microsoft has indicated that it does not have a way to prevent a similar incident from happening in the future, as it cannot remove kernel access on its systems by third parties, due to its agreement with the European Union. CrowdStrike has publicly apologized, committing to disclose the steps it will take to prevent a similar situation in the future, but in any case, this solution is not in the hands of the manufacturer and ultimate responsible for the affected operating system: Microsoft.
