Security requires Kernel Level access to defend against Kernel level attacks, so what I presume Microsoft are saying here, is that they will now control and monitor that aspect of security, and 3rd Party Security Vendors will be supplied with some sort ot API to enable them access from Usermode, but that they will no longer be allowed to make any Kernel level modifications by using their own proprietary Kernel Level Drivers.

At least that's how I'm reading it, they haven't exactly made it entirely clear quite how this change is to be implemented.

Probably a good idea as regards stability/reliability of the Kernel, whether it's ultimately a good move for security I guess we'll have to wait and see.

 

Regardless of what they say or do .. my experience over the last 50 years has shown that

Anything made by man can and will be broken by man!

I remember, many years back, a computer card that was supposed to be hack-proof with some encryption to stop users from playing hacked videos or games only for some guy to hack the algorithm., resulting in a recall of all cards from retailers and several months absence from the market ... I don't remember the full details but the inference is clear ... nothing is secure if someone has enough time on their hands to delve into it!

 

MS says the change will have no effect on 3rd party AV programs.

 

Level 0 access is the aim of pretty much any serious attacker, since it pretty much gives them cart blanche to do what they want, and over the years Microsoft have done all sorts of things to stop outsiders from being able to acheive it ........ all of which have failed.

So I have little confidence that this latest iteration will prove any more successful than any of the others have been. All they'll probably acheive, is to make it more difficult for people to remove any infection that gets past the restrictions they've imposed, which sadly has been the experience I've had with Microsoft's previous attempts to "secure" things.

 

As with so many things in life, the more complex a task seems, the more a serious minded "worker" learns .. and tries to find ways through the task.
I remember well, at college in liberal studies, where the tutor gave our class the challenge of writing down "as many uses for a standard household brick" as we could think of. It was expected that we would write down more than 6 and implied that there were many many more. It was a lesson in thinking "outside the box". The first 6 were easy. Then our brains stopped ... until we realised that there was nothing stopping us from using bricks for any purpose that popped into our heads. From brushing our teeth, wearing as shoes, to washing our hands. Even as surprise gifts.
I freque tly find myself wandering around stores looking for something that will help me with current projects, checking what has been dumped at the wayside and might be useful for something I am trying to do .... or might be doing if it gives me an idea.

 

The biggest challenge? Rootkit and Byovd (Bring Your Own VulneReila Driver) attacks. If the security software does not access the kernel, it will be more difficult to find and block such threats. On the other hand, limiting access to the nucleus can reduce the risk of collapses and vulnerabilities, as the Crowdstrike incident showed.

The CrowdStrike incident refers to a massive global IT outage that occurred on July 19, 2024, caused by a faulty update to CrowdStrike’s Falcon Sensor security software.

.