Mint Delhi

Blue screens everywhere are latest tech woe for Microsoft

- Alison Sider contribute­d to this article. ©2024 DOW JONES & COMPANY, INC.

upgrade, forcing applicatio­ns to maintain good security practices or they pull them off of the App Store,” said Amit Yoran, chief executive of cybersecur­ity firm Tenable.

Security issues have long been Microsoft’s Achilles’ heel, as computers and servers running its software have been the target of repeated hacks by criminal groups, as well as state-sponsored actors in Russia and China. Top company executives have been brought in front of Congress to explain why Windows is so vulnerable.

Ironically, CrowdStrik­e CEO George Kurtz raised the issue publicly in January. “What you’re seeing here is systemic failures by Microsoft, putting not only their customers at risk, but the U.S. government at risk,” he said on CNBC after Microsoft disclosed a Russian hack of systems used by its senior leadership.

Two months later, a report by the Department of Homeland Security’s Cyber Safety Review Board found that, “Microsoft’s security culture was inadequate and requires an overhaul, particular­ly in light of the company’s centrality in the technology ecosystem.”

Microsoft said the CrowdStrik­e crash was unrelated to the issues raised by federal officials about the company’s lapses in security.

Security profession­als critical of the company’s practices say as Microsoft pivoted to cloud computing, it has neglected the developmen­t of its more traditiona­l products such as Windows and its email and corporate directory service products, all of which have been the targets of attacks. That

neglect has made security software—like the kind provided by CrowdStrik­e—more necessary, the profession­als said.

“If they have a security-first culture, it would either be safer for products like these to exist or these products wouldn’t be needed at all,” said Dustin Childs, a former Microsoft cybersecur­ity specialist who is

currently the head of threat awareness at cybersecur­ity firm Trend Micro. Trend Micro competes with Windows Defender and CrowdStrik­e.

Pavan Davuluri, Microsoft’s corporate vice president of Windows and devices, said the move to the cloud has been good for software reliabilit­y because the operating system is live and constantly updating. But he said the company has unique challenges in the tech industry dealing with an array of customers, many of whom use old versions of Windows running on outdated hardware.

“In Windows we do have a pretty broad range of responsibi­lities,” Davuluri said. “We definitely have to meet our customers in terms of where they’re at—the product itself, its use, its life cycle.”

CrowdStrik­e’s bug was so devastatin­g because its security software, called Falcon, runs at the most central level of Windows, the kernel, so when an update to Falcon caused it to crash, it also took out the brains of the operating system. That is when the blue screen of death appeared.

In 2020, Apple told developers that its MacOS operating system would no longer grant them kernel-level access.

That change was a pain for Apple’s partners, but it also meant that a blue screen of death-style problems couldn’t happen on Macs, said Patrick Wardle, the chief executive of Mac security maker DoubleYou.

“What it meant was that a lot of third-party developers, ourselves included, had to rewrite our security software,” he said.

A Microsoft spokesman said it cannot legally wall off its operating system in the same way Apple does because of an understand­ing it reached with the European Commission following a complaint. In 2009, Microsoft agreed it would give makers of security software the same level of access to Windows that Microsoft gets.

 ?? REUTERS ?? Microsoft said the CrowdStrik­e crash was unrelated to the issues raised by federal officials about the firm’s security lapses.
REUTERS Microsoft said the CrowdStrik­e crash was unrelated to the issues raised by federal officials about the firm’s security lapses.

Newspapers in English

Newspapers from India