Microsoft blames EU rules for its inability to lock down Windows following CrowdStrike incident
EU rules may have indirectly amplified recent outage
Microsoft is reportedly analyzing whether restrictions enforced by the European Commission could be partly responsible for amplifying issues with Windows systems during the recent CrowdStrike outage incident.
The Wall Street Journal (WSJ) notes that in an intriguing point concerning the security of Windows operating systems, Microsoft’s spokesperson pointed out a 2009 agreement with the Commission prevented the company from enhancing the OS's security more rigorously.
The agreement came in response to a complaint, and required Microsoft to offer security software developers the same level of access to Windows as the company itself has.
Microsoft claims European Commission hinders security
The decision, intended to encourage competition, inadvertently allowed third-party vendors to disrupt systems.
The agreement specifies that Microsoft must share its APIs for Windows Client and Server operating systems with third-party security software developers, but last week’s incident highlighted the risks of such openness.
On the flip side, Apple has been restricting developers from kernel-level access to its OSs since 2020. Google is also not bound by similar regulations.
Despite the clear security benefits of an OS lock down, the EU is unlikely to grant Microsoft permission to restrict certain developer access given its previous decision. The Commission has also been keeping a close eye on Microsoft in recent months, with two major antitrust cases relating to the bundling of Teams within Microsoft 365 and the company’s cloud market dominance hitting the headlines.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Microsoft’s dissatisfaction with the European Commission comes days after a CrowdStrike update accidentally broke 8.5 million Windows PCs globally, which prompted Microsoft to intervene by giving affected users access to an auto-fix tool.
TechRadar Pro has offered Microsoft an opportunity to share further context, but the company did not immediately respond.
More from TechRadar Pro
- Check out the best VPNs and best firewalls
- We’ve rounded up a list of the best endpoint security software
- Servers down after CrowdStrike update — How it happened and how to fix
With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!