Microsoft has dropped heavy hints that change is coming to the way in which safety merchandise work together with the essential core of the Home windows platform, its software program kernel, spurred to motion by the IT outage that disrupted tens of millions of CrowdStrike prospects in July.
For safety distributors, having the ability to load kernel (ring zero) drivers issues. If Microsoft removes that entry — one thing Apple did for macOS in 2019 — their merchandise will must be closely re-designed to implement safety with decrease privilege.
What’s not but clear, nonetheless, is what type any change will take and on what timescale. Hanging over that is whether or not Microsoft’s personal Defender shall be affected, or spared. Though not as totally featured as impartial endpoint detection and response (EDR) purchasers, it could presumably proceed to function at kernel stage.