Microsoft plans to move security software out of the Windows kernel

Forward-looking: The CrowdStrike incident has once again highlighted concerns about Windows security. Microsoft was adversely affected by the Texas company’s poor update practices, but it prompted Redmond to address how Windows could be improved to prevent future global incidents.

CrowdStrike released a faulty update for its Falcon Sensor security software, which had widespread consequences for the entire Windows ecosystem. After assisting millions of PCs in getting back online, Microsoft promised to bolster Windows security through significant changes aimed at making the operating system more resilient.

On September 10, the company hosted a community meeting, where the initial steps to strengthen the Windows platform were shared online.

Microsoft said the Windows Endpoint Security Ecosystem Summit brought together endpoint security vendors and government officials from the US and Europe. Although no formal decisions were made, the meeting resulted in a consensus on several key points that will require further development.

The first key takeaway from the summit relates to the future of traditional software offerings. The consensus suggests that the Windows ecosystem and its customers benefit from a diverse range of security products, and this variety is unlikely to disappear anytime soon. Microsoft and its partners explored numerous opportunities for mutual growth in the short term, with the primary focus on ensuring the safety and resilience of their shared customer base.

Microsoft outlined how it is managing security through its Safe Deployment Practices and expressed its willingness to share best practices, data, tools, and “documented processes” with the community. The company explained its approach to the gradual, staged deployment of updates, which improves Windows resilience and allows for pausing or rolling back faulty updates when necessary.

During the summit’s “rich discussion,” Broadcom, Sophos, and Trend Micro also shared their own best practices.

In addition to SDP, Microsoft is laying the groundwork for long-term solutions to Windows’ security challenges. The conversation centered on “new platform capabilities” aimed at moving security software outside of Windows kernel mode. Microsoft had attempted this with Windows Vista but faced significant pushback from antivirus vendors and regulators. Now, vendors seem more open to what Microsoft has to offer.

“Both our customers and ecosystem partners have called on Microsoft to provide additional security capabilities outside of kernel mode,” the company explained.

Microsoft is reportedly developing a new platform that addresses the needs expressed by security vendors, including improved performance, anti-tampering protection, and more.

Microsoft will continue designing and developing this platform with input from its ecosystem partners, with the goal of improving reliability without compromising security. In the meantime, customers are encouraged to adopt the vendor-neutral best practices Microsoft shared a few months ago to mitigate issues when the next faulty security update occurs.