cross-posted from: https://awful.systems/post/1965658
Kind of sharing this because the headline is a little sensationalist and makes it sound like MS is hard right (they are, but not like this) and anti-EU.
I mean, they probably are! Especially if it means MS is barred from monopolies and vertical integration.
This is the best summary I could come up with:
A 2009 agreement insisted on by the European Commission meant that Microsoft could not make security changes that would have blocked the update from cybersecurity firm Crowdstrike that caused an estimated 8.5 million computers to fail, the Big Tech giant said in comments to the Wall Street Journal newspaper.
Thousands of flights were delayed or cancelled, leaving passengers stranded at airports worldwide, the UK’s NHS service was affected and contactless payments failed to work.
Microsoft has Windows Defender, its in-house alternative to CrowdStrike, but because of the 2009 agreement made to avoid a European competition investigation, had allowed multiple security providers to install software at the kernel level.
Microsoft’s main competitor, Apple, in 2020 blocked access to the kernel on its Mac computers, arguing it would improve security and reliability.
Speaking to the Wall Street Journal, a Microsoft spokesman said the company could not make a similar change because of the EU agreement.
Under its new Digital Markets Act, Europe is currently trying to force Apple to give access to its iPhone to allow alternative app stores and web browsers to be used.
The original article contains 348 words, the summary contains 183 words. Saved 47%. I’m a bot and I’m open source!
Soooo… EU is responsible to write Crowdstrike code with bugs that gets deployed without any QA? Interesting. And EU is directing rules for the rest of the world as well, where the same issue happened as within EU? This is populist bullshit in full swing.
As far as I understand it, the EU is to blame because it forced Microsoft to open up the Windows kernel for software such as Crowdstrike’s. Why the Linux kernel has protection against precisely the flaw that has occurred and the Windows kernel does not, however, remains MS’s secret.
The regulation only states that there must be a level playing field with respect to API access and possibilities in comparison for Microsoft tools and 3rd party tools. The regulation does not state that the APIs have to be inherently insecure and unstable if used in a wrong way, which is what happened. Crowdstrike released a buggy update that crashed their own driver, which is just showing how bad their software as a whole really is.
Linux has the same issue and was also affected by Crowdstrike earlier this year.
I know, but someone (KP Singh, I think?) already provided a fix for this. In the end, it’s not about any system being error-free, but about how these errors are dealt with. Crowdstrike screwed up and Microsoft could have fixed this vulnerability after the Linux kernel incident. Maybe. But now pointing the finger at an uninvolved third party is just PR.
Yet, faulty drivers crapoing your bed without a way for IT remotely being able to access the pc isnkinda your fault, they could have done that with zero EU violations…
Sure, Microsoft…
The EU is not responsible for the QA failure of the market. Does Microsoft employ lunatics that do not recognise the reality?