Source: OSNews
It’s been nearly a year since a faulty CrowdStrike update took down 8.5 million Windows-based machines around the world, and Microsoft wants to ensure such a problem never happens again. After holding a summit with security vendors last year, Microsoft is poised to release a private preview of Windows changes that will move antivirus (AV) and endpoint detection and response (EDR) apps out of the Windows kernel.
↫ Tom Warren at The Verge
After the CrowdStrike incident, one of the first things Microsoft hinted as was moving antivirus and EDR applications out of the kernel, building an entirely new framework for these applications instead. The company has been working together with several large security vendors on these new frameworks and APIs, and it’s now finally ready to show off this new work to the outside world. Instead of designing the new frameworks and APIs in-house and just dumping them on the security vendors, Microsoft requested the security vendors send them detailed documentation on how they want the new frameworks and APIs to work.
This first preview of the new implementation will be private, and will allow security vendors to request changes and additional features. Microsoft states it will take a few iterations before it’s ready for general availability, and on top of that, security software is only the first focus of this new effort. It turns out Microsoft wants to move more stuff out of the kernel, with anti-cheat software – more accurately described as rootkits, like Riot’s Vanguard – being an obvious next target.
Perhaps this effort could have some beneficial side effects for gaming on Linux, which you should be doing anyway if you want better performance, because Windows games seem to perform better on Linux than they do on Windows.
