Future kernel access in the balance
Microsoft did not agree to an interview on its kernel strategy, but a representative did share with CSO a brief statement about the initial announcement’s intentions.”This is an opportunity for partners to test building their solutions outside the kernel and is not an announcement of future plans for kernel access,” a Microsoft public relations spokesperson said. The kernel issue has been explored by Microsoft for a long time, with various promises made. At one point, CrowdStrike said it supported Microsoft’s effort to block kernel access. Microsoft has also argued that the kernel access issue was initially forced on Microsoft by European Union requirements. Art Cooper, a principal security consultant for consulting firm TrustedSec, said that the “kernel access outside the kernel” approach is potentially the right idea, but that Microsoft is doing it in the most Microsoftian way.”Once again, they are providing their customers with the Microsoft experience: ‘Somewhere down the line, we will explain what we meant,’” Cooper said. “The statement does not say that they will deny access to the kernel. They are just hinting. They are looking to up their game and they want to do it slowly.”Cooper summed up the kernel challenge by pointing to the inherent cybersecurity contradiction.”I have seen where having the access has made things disastrous and where not having the access has been disastrous,” Cooper said. “If I can’t have kernel access and the bad guys can, how do I battle that?”Sean McElroy, chief risk and security officer at fintech Lumin Digital, said the kernel issue can be complicated.”The security of the Windows operating system kernel and supporting ecosystem continues to face many challenges, largely because many applications, from enterprise security tools to consumer gaming anti-cheat systems, depend on the ability to use and abuse the Windows kernel directly,” McElroy said. “As a result, stability and security suffer both from malware authors who can readily hook and exploit the operating system, and even as we saw with CrowdStrike’s incident last year, it’s easy for defensive solutions to stumble when trying to address the fragile ecosystem.”He agreed with others who said that Microsoft seems to want to eventually block kernel access, but it will take its time getting there.”They are building the path so they eventually will close the door,” McElroy said. “But there are a lot of things you can’t do now unless you are in kernel mode. We are all working toward a vision where the kernel is less accessible.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4014241/microsoft-hints-at-revoking-access-to-the-windows-kernel-eventually.html
