Microsoft Blames European Commission for Major Worldwide Outage

[bsolar]

Not true! In many countries there are multiple forces...

"Law enforcement in Italy is centralized on a national level, carried out by multiple national forces, helped by few limited local agencies."
(Wikipedia, Law enforcement in Italy)

In Italy that's not for competition though: it is to prevent that a single ministry has too much power by denying them full control of law enforcement.

The Police answers to the Ministry of the Interior whereas the Carabinieri are a branch of the Army and answer to the Ministry of Defense.

 

[bsolar]

Wouldn’t that still be the dominant player controlling what’s possible by means of API instead? Isn’t the point to remove the gatekeeper from being able to control how/what happens?

Yes, but the goal of the regulation is not to allow third-parties whatever access they want: the goal of the regulation is to give third-parties the same access the dominant player gives to its own products.

The issue here is that Microsoft gives its own security products kernel-level access. That they have to give said access to third-parties is a consequence of Microsoft's own security products' design.

 

[cyb3rdud3]

In Italy that's not for competition though: it is to prevent that a single ministry has too much power by denying them full control of law enforcement.

The Police answers to the Ministry of the Interior whereas the Carabinieri are a branch of the Army and answer to the Ministry of Defense.

That is a form of competition though And Italy, just like any country in the world has many private contractors in that field as well, not all security jobs are done by the police.

 

[mrochester]

Yes, but the goal of the regulation is not to allow third-parties whatever access they want: the goal of the regulation is to give third-parties the same access the dominant player gives to its own products.

The issue here is that Microsoft gives its own security products kernel-level access. That they have to give said access to third-parties is a consequence of Microsoft's own security products' design.

So let’s say all the security products have kernel access removed. Who now has access to the kernel? Surely it can’t be Microsoft only because that'd be in violation of competition laws by them gatekeeping access to the kernel.

 

[cyb3rdud3]

So they didn't test what has been deployed to users... Good to know...

Yup, they tested the change and the update. And then changed it 🤷‍♂️🤦‍♂️ Very limited details on how, why, that actually happened. It would be great if they have the transparency to publish that as well when the root cause is found. But I doubt it.

 

[bsolar]

So let’s say all the security products have kernel access removed. Who now has access to the kernel? Surely it can’t be Microsoft only because that'd be in violation of competition laws by them gatekeeping access to the kernel.

If Microsoft removes kernel access from their own security products, they would not be required to provide kernel access to third-party security products' vendors.

This doesn't mean Microsoft cannot have software that has kernel access in general.

 

[mrochester]

If Microsoft removes kernel access from their own security products, they would not be required to provide kernel access to third-party security products' vendors.

This doesn't mean Microsoft cannot have software that has kernel access in general.

Aren’t we saying that Microsoft can’t have software that has kernel access though, because all competitors to that software would also need kernel access? Surely that’s the cause of the initial problem? At some point something or someone must need to have exclusive kernel access. But who can that be?

 

[bsolar]

Aren’t we saying that Microsoft can’t have software that has kernel access though, because all competitors to that software would also need kernel access? Surely that’s the cause of the initial problem?

I don't know whether the regulation extends beyond security software products. It would make sense though as any privileged access would give Microsoft's own products a potential unfair advantage over third-party competitors.

At some point something or someone must need to have exclusive kernel access. But who can that be?

Beyond the OS itself, nothing really must need kernel access.

 

[Pair]

So what have Microsoft been doing to address this in the last fifteen years, campaigning and lobbying to get the agreement amended to accommodate the security issues, developing alternative arrangements if they knew for 15 years it was an issue…as they imply knowledge of it and inaction because of this by laying blame at EUs door

 

[Abazigal]

It would make sense though as any privileged access would give Microsoft's own products a potential unfair advantage over third-party competitors.

Which, frankly speaking, seems like the lowest priority concern in the context of this incident. Is this the reason why Microsoft doesn’t have a decent pdf management tool (like macOS preview) or something like iMovie or even QuickTime bundled out of the box? That competitors start crying foul about how their business model is being impacted by Microsoft shipping very capable tools for free right out of the box, thereby impacting demand for their own services?

Which again, brings me back to the topic of fairness. Sometimes, what’s good for other businesses isn’t good for the end user (and vice versa), and perhaps this deserves more attention and discussion, rather than accept certain refrains like “fair competition” as the default and everything else should make way for it.

 

[TheMacDaddy1]

After watching the excellent video provided by user Xioa_Xi I must modify my statement. It does appear this is all on CrowdStrike for the way they have chosen to install their code universally, not just in the EU. The video clearly explains what CrowdStrike did to bypass Microsoft’s testing and signing process for software that runs inside the kernel in the interest of acting quickly to confront newly discovered threats. Apple doesn’t allow any third party code to run in the kernel. Microsoft is claiming they were forced to allow this because of an agreement they made with the EU.

Again, this is totally on CrowdStrike and everyone here should watch the video in its entirety.

The guy in the video is a former Microsoft employee and very proud of it. He has some good videos from a historical view point.

What he neglected to mention is that CrowdStrike or any other 3rd party should not have access to the kernel. Yes the EU forced Microsoft to give 3rd party the same access but they DID NOT force them to do it the way they did.

MacOS and Linux provide an API to the kernel for this reason and NO actual access to it.

This problem is both a Microsoft and a CrowdStre issue. A bad Defender update could cause the same issue. Microsoft needs to change the way they grant access and change Defender.

 

[bsolar]

Which, frankly speaking, seems like the lowest priority concern in the context of this incident. Is this the reason why Microsoft doesn’t have a decent pdf management tool (like macOS preview) or something like iMovie or even QuickTime bundled out of the box? That competitors start crying foul about how their business model is being impacted by Microsoft shipping very capable tools for free right out of the box, thereby impacting demand for their own services?

That's very likely a concern, but not an entirely unfounded one as "integration" sometimes can be abused as a way to stifle competition and give an unfair advantage to in-house products.

Microsoft tried to play the "it's an integrated product" card with IE back in the day and it was the US antitrust that threatened to even split the company over it.

Which again, brings me back to the topic of fairness. Sometimes, what’s good for other businesses isn’t good for the end user (and vice versa), and perhaps this deserves more attention and discussion, rather than accept certain refrains like “fair competition” as the default and everything else should make way for it.

Having "fair competition" as the default is typically how antitrust regulators operate: the assumption is that a free market with fair competition is in the best interest of consumers unless proven otherwise. Exceptions can and are made, but they need to be motivated in a way that overcomes the free market assumption.

 

[ke-iron]

Or, you know, Microsoft could blame the actual company, CloudStrike, responsible for the outage. That’s like blaming the government for a traffic accident because they set the speed limit.

CrowdStrike is to blame because their bad update made the crash happen. The EU is also to blame because they bullied Microsoft into opening up their systems more for 3rd party access.

 

[ke-iron]

and they couldn't develop an proper API that would give them and other developers similar funcionality without requiring them to run kernel drivers? because thats what Apple did when they removed kernel extensions.

this is blaming EU for the sake of blaming EU.

No there is no API available, nor can they build an API to do what crowdstrike does at a systemic level. For crowdstike to be effective as it is it must be done at kernel level, no way around it.

 

[Abazigal]

Having "fair competition" as the default is typically how antitrust regulators operate: the assumption is that a free market with fair competition is in the best interest of consumers unless proven otherwise.

An assumption which rightfully deserves to be challenged every now and then.

Like how does one even begin to measure “benefit to consumers”, and based on what metrics?

 

[TheMacDaddy1]

The law of unintended consequences, and the unintended consequences of law.

Lots of people claiming Microsoft is making excuses, but no one has explained how what they said is incorrect: EU required Microsoft to give kernel level access to third parties. Third party software with kernel access release a bad update that crashed their systems.

Pray tell, how could Microsoft give full kernel access and prevent a third party from creating a sh*t storm? How could Microsoft have fulfilled the EU mandate and not also give companies like CrowdStrike enough rope to hang themselves?

The EU said give 3rd parties the same access as their security products (Defender).

They NEVER said to do it they the way they did. This problem is 90% a Microsoft problem.

 

[wbeasley]

They did know. They knew the software had kernel-level access.
And Microsoft themselves are literally saying such driver can crash the kernel.

Microsoft gives the access anyway.
It’s always

The conditions weren’t created by the EU.
They were created by Microsoft, whose driver model depended on it since forever.

Microsoft has felt like giving anyone kernel access since the dawn of Windows drivers.

Sorry but there are plenty of IT people who knew nothing about this before the issue.
IT is a very broad range of skills. Always has been.
Security is a very specialized area - as CloudStrike themselves claimed, only 8000000 affected.
Thats a small percent of PCs out there.

But the side effects affected a very large number of people and businesses.
Their profile went huge - in a bad way.
The CEO response hasnt exactly instilled confidence. He should be gone... but given this isnt his first time for a sizable fail, where does he go?

 

[ender78]

Macrosucks bloated OS with legacy garbage snakes in a can and IE still under the Edge foofy window dressing has nothing to do with it.

The bloat is due to customer demands. Imagine the lawsuits that legacy apps will no longer run because legacy extensions have been removed. That bloat is there to support 25 year old apps.

 

[MilaM]

I have no idea how kernel level endpoint security works in practice. But if the EU is to blame for this outage, why then was the US affected so severely?

 

[bsolar]

An assumption which rightfully deserves to be challenged every now and then.

Like how does one even begin to measure “benefit to consumers”, and based on what metrics?

Definitely a strongly debatable topic. Look e.g. at the history of the Rule of Reason in the US.

 

[ender78]

Apple's OS is more reliable than Microsoft's OS, but that's not because of Tim Cook—it's because of the foundation that Steve Jobs laid. Cook is actually trying to take Apple in the direction of Microsoft by copying major aspects of Microsoft. For example, Cook threw away over three decades of Apple's pioneering R&D into the most user-friendly GUI based on skeuomorphic design in order to replace it with Microsoft-pioneered flat design.

The fact that Windows boots its a miracle in itself. MacOS is stable because to a large extent they don't need to worry about compatibility. With CPUs alone, if you go back 10 years, there are a few dozen CPU variations in the Apple ecosystem versus hundreds of x86 CPUs. There are a dozen video cards drivers to worry about, versus hundreds. I am a Mac user for over 20 years at home but use a PC every day at work, Windows has come a very long way in stability and performance.

 

[bsolar]

I have no idea how kernel level endpoint security works in practice. But if the EU is to blame for this outage, why then was the US affected so severely?

The EU is not to blame: all they are telling Microsoft to do is to give third-party software security products the same access to OS functions that it's available to Microsoft's own software security product, which is more than reasonable.

Without that regulation, Microsoft would be able to give Microsoft Defender capabilities unavailable to third-party software security products, which means third-party software security products would be unable to fairly compete against Microsoft's offer.

Microsoft gives Microsoft Defender kernel-level access: it's their choice to implement it that way, but as consequence they have to give all third-party software security products the same kernel-level access.

 

[mrochester]

The EU is not to blame: all they are telling Microsoft to do is to give third-party software security products the same access to OS functions that it's available to Microsoft's own software security product, which is more than reasonable.

Without that regulation, Microsoft would be able to give Microsoft Defender capabilities unavailable to third-party software security products, which means third-party software security products would be unable to fairly compete against Microsoft's offer.

Microsoft gives Microsoft Defender kernel-level access: it's their choice to implement it that way, but as consequence they have to give all third-party software security products the same kernel-level access.

But can you achieve what is necessary without that kernel level access? Can APIs do everything, and more?

 

[bsolar]

The fact that Windows boots its a miracle in itself. MacOS is stable because to a large extent they don't need to worry about compatibility.

I'm not sure I agree with that reason: as counter-example Linux is very stable and has a huge level of compatibility.

 

[kk200]

I'm not sure I agree with that reason: as counter-example Linux is very stable and has a huge level of compatibility.

"Linux is very stable" this is not really true. The truth is "*well-tuned* Linux is very stable"
Actual you can more easily mess up a linux machine with sudo comparing to windows