Microsoft Blames European Commission for Major Worldwide Outage

[AppliedMicro]

My question then is - in light of this recent event, would you be in favour of Microsoft closing off kernel-level access to their OS to everyone else but themselves,

Whatever they do, just spare me the b*lls*it of

1. allowing kernel-level access for third-party drivers (tons of legacy software and computer games)
2. claiming they wanted to close that (they evidently didn't intend to)
3. blaming the EU for not allowing it

and is there any EU legislation that would specifically prevent Microsoft from doing so?

The Digital Markets Act.
Microsoft is a designated gatekeeper with respect to Windows, aren't they?

 

[bzgnyc2]

Kexts are now disapproved of, but I don't think they've have been entirely disabled on MacOS 13 and later: https://support.apple.com/en-ca/guide/deployment/depa5fb8376f/web

And also their "disapproval" has been part of a multiyear effort to first create alternatives. What Apple did over 5 years ago was identify the most common reasons for kernel extensions and create standardized API for those purposes (e.g. new USB devices, network interfaces, endpoint security software) so that 3rd parties could write to those API from process running in user mode.

This is a better design overall. All else being equal, running code in user space is better than kernel space, running code as non-root/non-privileged is better than root, not running things not needed is better than running everything all the time. The latter are still a frustration with Apple's latest. There are over 100 processes running as root on a typical MacOS system and that's just a lot of surface area especially when it's clear many of them are not needed (e.g. I don't use iCloud at all so nothing iCloud should be running).

At this point however MS would have to make a pretty big investment (regardless of the EU) to get 3rd parties out of their kernel. The MS ecosystem is vast and MS would have to create API to handle all the needs of 3rd parties currently working through their own device drivers and then get all those vendors to rewrite their programs/device drivers/etc to use those API. Note that Apple started this over 5 years ago, has a much smaller range of 3rd parties, and still hasn't kicked everyone out of the kernel yet. It's definitely not graftable onto Windows 11. For MS to get as far as Apple in this area (which again as you highlight isn't complete) is a redesigned Windows 12 or 13.

 

[bluecoast]

If the EU didn't meddle where they shouldn't, they wouldn't catch blame.

Deciding OS kernel access policies is not something a government should be doing.

Um I think it’s that Microsoft have to allow 3rd party security vendors the same level of access as their own security software.

So if Microsoft made a way for their own security software to run in user mode & let other vendors do the same, they could shut off access to the kernel level access for all security software.

 

[Jamie0003]

And my proposal is to make it so only Microsoft has privileged access to their own kernel, making them responsible (and the only company capable of) managing the security of windows devices around the world.

I agree, they should definitely do this. It might also make Linux gaming more tenable, since anti cheat uses the kernel too. Can you imagine if a bad actor is able to push an update to windows PC’s that could actually do some real damage just because of Microsoft’s crappy security practices?

 

[AppliedMicro]

my proposal is to make it so only Microsoft has privileged access to their own kernel

Microsoft does not want and does not intend to close kernel-level access to third parties. They never did.
Legacy use and enterprise users would be up in arms if they did that.

They're prioritising making money, sweet enterprise business dollars, over your or my security.

Blaming the EU is just a cheap excuse to prop up their enterprise security products - and other anticompetitive system integration.

 

[snak-atak]

The enemy of my enemy is my friend... for now.

 

[.wojtek]

reading uninformed comments here gives aneurism... ffs people, stop being like that... xd

CS should crear less bullc* software that couldn't push updates without consent. MS should run its software without kernel access...

blaming the UE for the ef-up caused by the duo is the next level 6D chess stupidity xd

 

[bzgnyc2]

The answer is Microsoft shouldn’t be giving kernel access period. If this was the case already, the EU wouldn’t event have a leg to stand on.

Microsoft hasn't designed a system that doesn't need to give 3rd parties kernel access. Apple still gives kernel access -- though they've narrowed substantially the need to do so.

What MS can do is what Apple did is create API for 3rd parties to accomplish their goals without kernel access and then discourage 3rd parties from writing kernel drivers for things that can be accomplished just as well with their API. When they do that they will have a leg to stand on.

In the meantime, this is just blaming government for their own decisions. I wouldn't call it failures since in the end it was CrowdStrike's software that failed.

 

[bzgnyc2]

The enemy of my enemy is my friend... for now.

Haha that was the exact quote I was thinking when I saw all the would-be MS haters pile on the EU...

 

[Analog Kid]

Actually it's EU's meddling that might have saved Apple and gave us the competition we have today. Had MS been able to continue their "aggressive tactics" they could have squeezed Apple out of the market before they even got a chance to develop the iPhone, etc. What would Apple have looked like in the 2000s with no Microsoft Office, access to SMB shares, integration to NT domains? What if they had blocked Apple from making a proper iTunes for Windows (i.e. no seamless access to iPods and later iPhones) would those devices have taken off? If MS continued with the tight integration and bundling of IE in Windows, would other browsers have taken off? Would the net be dominated by IE-specific websites that were always glitchy when accessed from a non-MS system?

Sorry, what role did the EU play here? The Maastricht Treaty created the EU in 1993-- it sounds like regulating Microsoft must have been one of their founding principles. If you've got a link, I'd love to read the history.

 

[AppliedMicro]

would you be in favour of Microsoft closing off kernel-level access to their OS to everyone else but themselves,

And my proposal is to make it so only Microsoft has privileged access to their own kernel

My proposal:

Microsoft exit the business of OS-level enterprise security products and offer security software for free.
If their system is insecure and vulnerable (defective), offering fixing it for free is par for the course.

Then we can talk about revoking (as a security measure) kernel-level access to other security software vendors.

The current system encourages them to offer a less-secure Windows product - and charge on enterprise security products to compensate for it.

 

[Timo_Existencia]

Whatever they do, just spare me the b*lls*it of

1. allowing kernel-level access for third-party drivers (tons of legacy software and computer games)
2. claiming they wanted to close that (they evidently didn't intend to)
3. blaming the EU for not allowing it

I'm not understanding your position here.

Microsoft will ALWAYS have access to the kernel. As it should be. But more importantly, so many of you who support the EU have made "open the operating system!" your central mantra. And now you're saying "close the os!"

And as I've said, I chose Apple precisely because Apple has a closed-system.

I WANT Apple to have unique access to their own kernel, and to the degree they use that to build products with stronger security or interoperability, I want that. That's why I choose Apple products.

Now, it may be a bit too clever by half on the part of MS here, since being open has always been their selling point...but if they are currently blocked by the EU to close 3rd party access to kernel-level programming...that's a really silly policy by the EU.

And this has been Apple's point all along with regards to the DMA. The EU is forcing Apple to build their software in the way the EU wants; I see no consumer benefit to this, because as I said, I choose a closed system.

The EU can't simply say "our intentions are perfect!" and put their head in the sand when it backfires.

 

[wbeasley]

Microsoft does not want and does not intend to close kernel-level access to third parties. They never did.
Legacy use and enterprise users would be up in arms if they did that.

They're prioritising making money, sweet enterprise business dollars, over your or my security.

Blaming the EU is just a cheap excuse to prop up their enterprise security products - and other anticompetitive system integration.

So if Microsoft don't change this, it can happen again not by accident but by design?

Enterprise users are already up in arms because systems failed and there was a huge economic cost to them and destroyed trust in their services with customers trying to buy food or travel or get money.

Something needs to be done, surely?

 

[Timo_Existencia]

My proposal:

Microsoft exit the business of OS-level enterprise security products and offer security software for free.
If their system is insecure and vulnerable (defective), offering fixing it for free is par for the course.

So, you want Microsoft to pay for the ongoing and ever evolving work of building security applications for free?

I understand that "free" is a big thing in the EU, but the truth is even in the EU, things aren't free. You pay taxes.

MS should be able to charge for their work and their IP. This "proposal" of yours is at the core of the fantasy that underlies the entire DMA.

It's silly we even have to argue about it. Free is not free.

 

[bzgnyc2]

Sorry, what role did the EU play here? The Maastricht Treaty created the EU in 1993-- it sounds like regulating Microsoft must have been one of their founding principles. If you've got a link, I'd love to read the history.

Microsoft Corp. v European Commission - Wikipedia

en.wikipedia.org

Finally resulting in this:

Microsoft Statement on European Commission Decision: Brad Smith, Senior Vice President and General Counsel, on the European Commission’s decision in favor of formal adoption of measures Microsoft has offered to address competition law issues.

Brad Smith, Senior Vice President and General Counsel, on the European Commission’s decision in favor of formal adoption of measures Microsoft has offered to address competition law issues.

web.archive.org

But as noted the case was actually opened in 1993 and continued over years and like the DOJ against MS these things tend to constrain behavior before the fact/final agreement. Companies realize they really don't want to do anything blatent in the middle of litigation and they look for things that might win them brownie points so they can say "Hey we're not bad -- we supported Office on Macs so we can't be a monopoly".

So EU/DOJ didn't have to litigate and get a consent agreement for every product, API, etc but rather the litigation itself constrained behavior and established general principles.

 

[AppliedMicro]

but if they are currently blocked by the EU to close 3rd party access to kernel-level programming...that's a really silly policy by the EU.

They’re blocked from giving their own security products an unfair advantage.
Security products that are paid products on an enterprise-level.

Microsoft are not prevented from closing kernel-level access.
Neither are they prevented from making their OS secure out of the box.

But monetising security products for operating systems on a self-preferencing basis? No!
That does not incentivise making the base product (Windows) really secure.

 

[breenmask]

Uhhhh….are you trying to prove my point?

Nope. You clearly misunderstood.

 

[goro123]

I doubt Microsoft refrained from securing and preventing Windows kernel access because of the EU. But, the point stands: would they have been allowed to?

 

[3304614]

So what Microsoft is saying is… we should all switch to macOS or Linux? I mean… yeah, good suggestion. I agree.

 

[Timo_Existencia]

They’re blocked from giving their own security products an unfair advantage.
Security products that are paid products on an enterprise-level.

Microsoft are not prevented from closing kernel-level access.
Neither are they prevented from making their OS secure out of the box,

Microsoft will always have an advantage on their own platform. Period.

Security is an ongoing and evolving thing. You don't write the software once and then ship it off. Enterprise level software will always need ongoing costs of development. Your idea that it can simply be sold when someone buys the computer OS and should be free from then on is an example of the naiveté of the EU.

"Making their software secure out of the box!" Seriously, this should be a sit-com.

 

[AppliedMicro]

So if Microsoft don't change this, it can happen again not by accident but by design?

Of course.

Enterprise users are already up in arms because systems failed and there was a huge economic cost to them and destroyed trust in their services with customers trying to buy food or travel or get money.

They will be even more in arms when kernel-level drivers aren’t working anymore.
Cause it would be even more expensive for legacy applications- which particularly the enterprise segments runs a lot of.

 

[AppliedMicro]

I doubt Microsoft refrained from securing and preventing Windows kernel access because of the EU. But, the point stands: would they have been allowed to?

As I read it (and linked to the document earlier in this thread).

Yes - as long as they aren’t giving their own products (security software, in this case, it seems) anunfair advantage by excepting them.

 

[Timo_Existencia]

This example perfectly represents the problem with the DMA and the EU's entire approach:

1) It will always be stronger to secure an OS on the kernel-level.
2) The EU says if you sell a kernel-level product, you must allow kernel-level access to 3rd parties.
3) Allowing kernel-level access to third parties is, as we've all just witnessed, a bad idea.
4) The EU then says "so don't sell a kernel-level security product!"
5) But if MS doesn't provide a kernel-level security product, windows will be less secure.
6) Lather, Rinse, Repeat.

 

[AppliedMicro]

So, you want Microsoft to pay for the ongoing and ever evolving work of building security applications for free?

Roll it into the price of Windows.

Given how important it is for infrastructure and critical infrastructure, yes, it should be secure with paying on top.

 

[bzgnyc2]

So, you want Microsoft to pay for the ongoing and ever evolving work of building security applications for free?

I understand that "free" is a big thing in the EU, but the truth is even in the EU, things aren't free. You pay taxes.

MS should be able to charge for their work and their IP. This "proposal" of yours is at the core of the fantasy that underlies the entire DMA.

It's silly we even have to argue about it. Free is not free.

It's not free it's bundled. All companies make choices about what to bundle with their product and what to make add-on and it's rarely about the technology. Some companies charge for browser but MS tried to bundled the browser with the OS. That issue repeats itself across all sorts of features and products -- from media players, grammer checkers, AI, etc.

Usually the issue is the other way -- a platform/ecosystem company wants to bundle a product/feature to drive out 3rd parties and the government pushes back to "presere competition".

The question in this case is what is the minimum functionality that should be bundled with a general purpose? Should the security framework be mandated like seatbelts and airbags? Or is this like auto braking/lanekeeping/etc that are typically limited to higher end cars.