Microsoft is preparing a major change to Windows that will fundamentally alter the way antivirus and endpoint security work.
This development was detailed by The Verge. The reason for this is last year’s global incident, in which a faulty update from CrowdStrike caused more than 8.5 million Windows machines to crash. To limit such risks, Microsoft no longer wants to allow security software to run at the kernel level.
Together with security companies such as CrowdStrike, Bitdefender, ESET, and Trend Micro, Microsoft is working on a new security platform. This collaboration is remarkable, given that these are direct competitors. Nevertheless, partners are providing extensive input on the design and technical requirements. According to David Weston, responsible for OS security at Microsoft, this is a joint effort in which Microsoft is not imposing rules, but developing new standards together with the industry.
Microsoft wants to limit risks
Traditionally, antivirus and detection software have deep access to the kernel, the heart of the operating system that has direct access to hardware and memory. This makes the software powerful, but also vulnerable. The consequences of an error are often serious, as was evident in last year’s incident. Microsoft wants to reduce this risk by keeping this software outside the kernel from now on.
The changes will first be tested in a private preview, in which security companies can provide feedback. The process will be gradual: antivirus and endpoint detection software will be the first to be affected. Other applications, such as anti-cheat systems for games, will follow later. This is particularly challenging in the gaming industry, where users often try to circumvent security themselves.
Microsoft is seeing increasing demand for these changes, especially from customers affected by the CrowdStrike incident. At the same time, the company is introducing a new recovery option in an upcoming Windows update: Quick Machine Recovery. This should quickly get systems that no longer boot up back up and running via the Windows recovery environment.
Finally, the iconic blue crash screen is disappearing. Microsoft is permanently replacing the familiar “Blue Screen of Death” with a black screen as part of broader platform updates.