undefined | Better HN

0 pointsMacha1y ago0 comments

They probably had to, in the same way that banks had to use crowdstrike. Much as it's easy for banks to say "we use crowdstrike, like everyone else" rather than implement a bespoke and accountable framework for risk assessment and mitigation for every type of endpoint use case (and argue that case to both the auditor and regular). In this case it's easier for Microsoft to say "see, they can run in kernel space" rather than provide a bunch of API functions that achieve what's needed, convince all third party vendors to use them, and put in place a process to convince an auditor that Microsoft security software will never use any knowledge or functionality from the OS outside this.

0 comments

ghusto1y ago

Exactly this. Microsoft did this poorly, so they were forced to allow others to do things poorly too.

MachaOP1y ago

I guess I don't think that's the sole reason, as I think the incentives would still be in place even if Microsoft authored security software did not run anything in kernel space.

ghusto1y ago

You mean in terms of third-parties wanting that level of access regardless? I agree, but it would be an easy "no" then.

1 more reply

j / k navigate · click thread line to collapse

0 pointsMacha1y ago0 comments

0 comments

ghusto1y ago

Exactly this. Microsoft did this poorly, so they were forced to allow others to do things poorly too.

MachaOP1y ago

I guess I don't think that's the sole reason, as I think the incentives would still be in place even if Microsoft authored security software did not run anything in kernel space.

ghusto1y ago

You mean in terms of third-parties wanting that level of access regardless? I agree, but it would be an easy "no" then.

1 more reply

j / k navigate · click thread line to collapse