Comment by josheva
9 days ago
> Static Driver Verifier
Well, the Crowdstrike driver isn't (wasn't?) static. It loaded a file that Crowdstrike changed with an update.
Most drivers pass through rigorous verification on every change. But Crowdstrike is (was?) allowed to change their driver whenever they want by designing it to load a file.
The EU forced MS to allow stuff like CrowdStrike as part of an anti-trust settlement.
MS tried to use the incident to get the regulators to waive the requirement.
I'm all for anti-trust and anti-monopoly but christ alive an operating system vendor gatekeeping their kernel is literally the whole point of being an operating system vendor. Braindead regulation.
> Braindead regulation.
Only because OP didn't give the full story. Microsoft wanted to close direct access to the kernel. AV companies complained to regulators in the EU. The EU asked Microsoft if they were willing to maintain access to replacement functionality and to stick to using that functionality for its own separately sold AV products. Microsoft said no, and instead of fighting, just let Windows wither on the vine with full kernel access for all the bozos. Crowdstrike was inevitable.
The issue isn’t with the gate keeping per se. The issue is that windows defender, a competitor AV, gets full access while third parties would not. This would leave the, at a competitive disadvantage.
No, braindead take. The purpose of being an operating system vendor is to sell an operating system. If someone else modifies your operating system after they buy it, they get to keep both pieces. You don't get to stop them from modifying the thing they bought.
Do you like nanny states? How about nanny corporations?
3 replies →