I'm going to follow the guidelines and not be snarky: Microsoft is not some weak company at the mercy of the market. They choose their vendors (they also actively throw their weight around with vendors) and MS on top of that is capable of doing anything in-house (or buying it to bring it in house).
The stance of "let's not hold companies accountable for cutting corners" is one reason everything is getting worse. It's because we collectively let it get worse.
Is it possible that you’re talking about a different incident? In the incident at hand, didn’t enterprises in question choose the EDR vendor, not Microsoft?
Is the implication that Microsoft should be compelled to develop its own EDR product at a level of sophistication comparable to what CrowdStrike offered, and compete with them on that basis?
It feels strange to me to hold Microsoft accountable for the poor design decisions of firms who just develop third-party software on their platform.
I’m not following your line of reasoning, can you clarify?
Is the argument that it was MS responsibility to bake something like this in at the OS level? And if they did it would be more robust?
I’m not sure I agree. MS has already gotten in trouble for monopolistic practices before, so from a legal standpoint, I’m not sure that’s the best course of action.
Except that doing those things could be viewed as monopolistic or anti-competitive behaviour.
If Microsoft is responsible, then they need to also need greater control. If Microsoft isn't supposed to have that kind of power, they cannot be blamed.
Drivers have the right to crash the system in my books - software doesn't. They need to take a stronger stance on antiviruses and kernel based software in general and push defender as the defacto antivirus for Windows.
because the underlying os they provide allows kernel access. if they had windows fence of the kernel and maybe provide a security api ? then this whole thing wouldn't be an issue
There's also the argument that a business OS that you spend thousands or pay a monthly licensing fee for should be hardened enough already to not need software like Crowdstrike. But I'm also completely ignorant to what it actually does and how critical it is.
I used to be a Windows Engineer in webhosting (RAX, Hostgator, 2-3 others) I assume before this software existed and I had to hand-craft an insane amount of security services in posh and python. When I first got into Windows syseng stuff, I think IIS5 so win2k IIRC, IIS didn't have something as simple as URL Rewrite abilities. You had to buy a 3rd party package for EACH server at $25 or write one, I had thousands of servers. Zero thought about people actually using IIS for webhosting. I had to make my own brute force detection service that continuously monitored eventviewer for an RDP permission denied error code, then write that IP to the windows firewall. All this stuff is an apt-get away in lunix. Windows Server is so shockingly barebones and to be quite frank most Windows syseng people aren't the best engineers and wouldn't think to make almost any of this. On many of my teams I was the only one who could program.
We'd put servers up without a firewall and post their IPs on irc and see how long it took someone to pop one, if they didn't get popped before we got back to our NOC.
I dealt with that OS from sysadmin 1-3 over 10 years I am so goddamned happy everything is an ephemeral linux container now.
IME a graphics driver crash recovers just fine on Windows. The screen goes black for half a second and you're back in business without losing progress.
Large corporations buy Windows _because_ they can have this level of control over their machines. The CTOs and auditors want to be able to say they've personally secured their systems using "top of the line" security software.
MS can’t prevent a software vendor from breaking the machine.