The CrowdStrike incident has once again highlighted concerns about Windows security. A faulty update for the Falcon Sensor security software had widespread consequences for the Windows ecosystem. This prompted Microsoft to address how Windows could be improved to prevent future global incidents.
After assisting millions of PCs in getting back online, Microsoft promised significant changes aimed at making the operating system more resilient. On September 10, the company hosted a community meeting where initial steps to strengthen the Windows platform were shared online.
Windows Endpoint Security Ecosystem Summit
The Windows Endpoint Security Ecosystem Summit brought together endpoint security vendors and government officials from the US and Europe. While no formal decisions were made, the meeting resulted in a consensus on several key points that will require further development.
The consensus suggests that the Windows ecosystem benefits from a diverse range of security products. Microsoft and its partners explored opportunities for mutual growth, focusing on ensuring the safety and resilience of their customers.
Safe Deployment Practices and Best Practices
Microsoft outlined how it manages security through its Safe Deployment Practices (SDP). The company expressed its willingness to share best practices, data, tools, and documented processes with the community. This approach improves Windows resilience and allows for pausing or rolling back faulty updates when necessary.
During the summit, Broadcom, Sophos, and Trend Micro also shared their best practices. Additionally, Microsoft is laying the groundwork for long-term solutions to Windows’ security challenges.
New Platform Capabilities
The conversation centered on new platform capabilities aimed at moving security software outside of Windows kernel mode. Previously attempted with Windows Vista, this approach faced significant pushback from antivirus vendors and regulators. However, vendors now seem more open to what Microsoft has to offer.
Microsoft is developing a new platform that addresses the needs expressed by security vendors, including improved performance, anti-tampering protection, and more. The goal is to improve reliability without compromising security.
In the meantime, customers are encouraged to adopt the vendor-neutral best practices Microsoft shared to mitigate issues when the next faulty security update occurs.
