If they start to lock it down it just becomes the next iOS.
It's already horrible with their 'recommendations' left and right, and preinstalled stuff that you cannot remove.
And then it just becomes too easy for Microsoft to let their Windows Defender run in kernel mode and 3rd parties can't do that, so obviously they can outperform them.
Kinda like iOS' Safari. Hell, that one runs in user mode, but it required laws for 3rd parties to be able to provide native alternatives.
Dedicated antivirus applications like Defender are a band-aid over fundamental architectural problems with Windows. Containerization and deny-by-default access schemes would go a long way to reduce the need for those tools.
Honestly, any semblance of modern, secure system architecture would help as long as it's combined with a willingness to obsolete the bullshit that got us into this mess in the first place.
That take seems naive. A lot of malware works by getting the full consent of the user. Users often have no idea what they’re consenting to or the implications of it. And on top of that if you really require code to get permission for all resources they require customers will immediately look for ways to avoid having to manually do this step.
The problem is that malware has basically an infinite number of tries to get you to run something. As there is almost no consequence when they fail.
> That take seems naive. A lot of malware works by getting the full consent of the user. Users often have no idea what they’re consenting to or the implications of it.
That's IMO quite the defeatist attitude.
Is there any way around this? And if so, who can go that way?
In my opinion it's only Microsoft that can unilaterally improve the situation, not the least by letting the user make those decisions in the first place and also have him live with the consequences (loss of time / money).
They will learn, especially after experiencing pain due to a wrong decision.
A nanny OS that decides by itself won't make the user learn and it will always have loopholes.
> A lot of malware works by getting the full consent of the user.
Consent of the user to do what? If a program can't even ask permission to walk the entire filesystem, zip it up and encrypt it, then it simply can't do that at all. The user never even becomes a factor.
I'll reiterate that I'm not saying all malware goes away, but entire classes of malware would cease to exist.
> if you really require code to get permission for all resources they require customers will immediately look for ways to avoid having to manually do this step.
If you go in your pocket, you'll find a compelling case study to the contrary. For the most part, permission grants are a one-time thing for any given service. They don't even register as a mild nuisance.
> The problem is that malware has basically an infinite number of tries to get you to run something. As there is almost no consequence when they fail.
And what does AV software do to solve either of these problems?
Android vs iPhone is a great example of things in your pocket and malware. Both effectively run AV at store ingestion so users don’t have to think about malware at all. But Androids less constrained model has allowed malware to flourish on that platform despite capability checks.
The only model that has worked in practice is the model where malware is checked upstream (eg during App Store ingestion) and users are never even offered it.
"Flourish" is a bit of an exaggeration. You have to jump through a lot of hoops to install malware of any significant capability on Android, ignoring like a half dozen red flags in the process. Obviously that's not going to be enough to stop everybody, but compared to Windows Android is practically malware-free.
But yes, in a corporate environment it might be prudent to have some kind of policy restricting users from installing applications from non-approved sources (or at least limiting what permissions such unapproved applications can have). Thankfully the permissions model of Android makes such restrictions trivial to enforce and minimally inconvenient compared to what you have to do to get an inferior version of the same thing on Windows.
For years (most recently 2021) Nokia’s threat assessment reports have android malware infection rates at over 50x iOS. iOS malware exists but it’s largely state-level actors going after dissidents or journalists (and apple provides tools to help fight that too, if you think you’re that kind of target).
Android is actually an outright majority of all malware in the wild... 50.31% of all malware infestions, which includes windows, OSX, IOT, and all other sources (ie ios).
(see also page 17-19 which discusses key threats and mitigation strategies, particularly surrounding the play store and the android ecosystem.)
Pretty sure stalkerware is openly carried in the play store, it definitely is carried in some of the seedier stores.
If you have actual data that contradicts this, fire away, but every time it's objectively measured android comes out way way way worse on the malware front.
Well firstly, you're citing a study from a company that makes antivirus software for mobile phones. They have a vested interest in trying to convince you that such software is necessary.
Secondly, the #1 and #2 "malware apps" in that report are parental control software, arguably not malware at all. Several more are ad click fraud related and have nearly zero security impact on the user on account of having no permissions other than internet access. I also didn't see any data in the report on how many of the handful of truly dangerous apps they listed were successful in getting the permissions needed to do any significant damage. Unlike with Windows, merely installing a malicious app on Android often isn't enough; that's the whole point of having a sandbox.
Thirdly, the "50.31%" figure you're quoting is, again, skewed by the fact that this data is coming from a company that specializes in mobile anti-virus software and they don't seem to be normalizing by number of devices NetGuard Endpoint Security is installed on. (Do they even have an iOS app? The report doesn't seem to include data from iOS.)
Sorry this is a simplistic take. Microsoft can easily run legacy apps in a sandbox and lock down just as much as Apple - they just wouldn't be allowed to.
Yeah, I don't understand what people want from Microsoft here. Either they lock it down completely, and we lose control of our Windows systems, which I thought was something people here were against, or they continue to allow kernel-level access, which can be and is pretty damn useful and I wouldn't give it up for the world.
I like my Macbook, but I prefer my Windows desktop so much more because it still largely feels like my system instead of Apple's/Microsoft's.
People. Stop asking Microsoft to lock down Windows.
… or they could implement sufficient interfaces to the kernel that they could implement Windows Defender in a safe manner and make those same interfaces available to others.
It also makes file management a bloody nightmare, so much so that I gave up on iPhone/iPad years ago and moved back to Android. There are trade-offs. I don't want Windows to just become another MacOS or even iOS where I'm so limited in what I'm allowed to do with my system.
File management? It's a phone. Besides, if you absolutely must manage a file store, there's a native iCloud Files integration now (https://support.apple.com/en-us/102570). The situation is a lot better than it used to be.
What in the hell makes you think that just because the form factor of a computer is a phone, that suddenly routine file management is something that no longer is on the list of things I might want to do?
Truly one of the most brain-off takes I have ever had the misfortune of being privy to. "Hey, lets lock out one of the most basic computing primitives because the hardware form factor happens to be consistent with a telephony handset."
Seriously. People who think like this are the same people who are draining the life out of computing. Trying to turn it into little more than a top-down orchestrated, network-access trickling device, instead of what it should be, which is an emancipator of the physical limitations of the human brain; a bicycle for the mind.
It being a phone doesn't change the fact that files exist and need to be managed. Yeah, iCloud files integration isn't what I'm looking for. It's just another workaround for the core problem that remains.
Documents of all kinds. I guess you just use your phone for YouTube, TikTok and WhatsApp? That's fine, but that doesn't invalidate the obvious limitations of the OS and how that isn't acceptable to me. What happened to the technical competency of the people commenting on HN?
You can't think of a single valid use-case? Really? Then it's a waste of time talking to you.
And the right tool for the job when I'm not at my desktop or laptop is my phone. Imagine that. What the fuck is going on here? Why is HN trying to gaslight me into believing there's never a need to ever use or manage documents on a mobile device? What in the actual fuck.
I think you're being a bit dramatic. Pretty much every cloud-based file management service has an iOS client. It's not like there are no solutions here.
In an enterprise setting where you can prevent people from fucking with it, it pretty much is. M365/office is the vast majority of our help desk tickets.
Even in an enterprise setting heavily controlled by group policy and an AD domain, watertight and never-crash aren’t terms I’d ever associate with any windows release.
This comment might have gone over better if people didn't just spend their whole weekend recovering from what is likely the largest outage in history, which only impacted Windows.
A third party component which used a kernel extension in Windows, but did not need a kernel extension on either the Mac (System Extension, which runs in user space) or the Linux (eBPF, much more resistant to crashes) versions.
Why would Cloudstrike need a kernel driver on Windows, and not their other platforms? Microsoft is responsible for that design and not moving past it at the pace alternative systems have.
Additionally, there are other things Microsoft could have done. For example - if your computer fails to boot 3 times in a row, with a third party driver, how about automatically disabling the driver? If the driver manufacturer doesn’t like that, tell them to suck it up and write a driver that doesn’t crash.
The primary one linked there is certainly not the same issue, it was a bug in the Linux kernel's ebpf handling. It happened to be triggered by Crowdstrike, but the bug is undeniably a Linux kernel bug which was subsequently patched, as ebpf programs should never be able to panic the kernel.
That's not to say that there haven't been other Crowdstrike fails on Linux, especially pre-eBPF module, but that's not one, and that class of failures has been eliminated in the move to the eBPF based module.
> For example - if your computer fails to boot 3 times in a row, with a third party driver, how about automatically disabling the driver?
I don't think computers got to that level of refinement. Yes, we have AI, but this is mostly used to spread propaganda. Last i looked, you cannot fix Linux or Windows without human intervention.
Are you sure "Microsoft is responsible for that design"? Do we know Cloudstrike didn't choose to do it in-kernel even though there was another way they could have done it in userspace?
wendell level1techs has been talking about how microsoft is specifically moving away from it in Windows on ARM (to some real short-term pain, in fact) so it seems self-serving to assert that they somehow cannot do it because of the EU. if that's the case, presumably their windows-on-arm efforts would have been dinged for it.
like if apple is doing it, and microsoft is doing it in their ARM build... what is the EU doing or imposing, exactly, that is so problematic for the x86 branch of microsoft?
the more reasonable interpretation (ignoring microsoft's excuses) is that microsoft is more constrained by the legacy nature of their x86 product. they can't just sunset it, because it'll break a billion shitty applications that are very important to one specific factory customer running their thing with a kernel hook that is long-since EOL'd or whatever.
What they mean is they don't want to, and the EU is just a convenient scapegoat for some unfortunate business realities.
honestly quite probably, in a sense - they definitely seem to be trying to make a clean break in some ways. they don't really want "kernel-mode printer drivers, but with arm". and yeah they definitely seem to be viewing that as the Next Model, probably eventually they would roll out similar things to the basic-tier windows x86 pcs etc.
> MS is saying they wanted to do the exact same thing, but EU has mandated the access in order to allow multiple products to become rootkits.
No. The EU only mandated that Microsoft give other vendors the same access they themselves use to do the same thing. This was the wake-up call to Microsoft to stop doing it that way, and in stead build a more secure API for themselves as well as others to use. But they preferred to sleep through it, for another fifteen years.
They didn't “want to do the exact same thing”; if they had wanted to, they could have done it.
Entirely due to that faulty third-party component being able to run without limitations in the kernel, because Microsoft didn't want to build an API with those limitations.
Which makes RAM-eaters pretty much malware, doesn't it? And, as the GP says, the biggest RAM-eaters on most corporate Windows installs are... Microsoft corporate software, like Teams.
So I find it pretty hard to take whatever Microsoft says as the last word on anti-malware, even on Windows, when it's at the same time the biggest purveyor of malware.
I'm beyond skeptical that this competition regulation prevents Microsoft from say ... having Windows roll back to the last known version of a driver/extension after a failed boot (or several). Or from having a hyper-minimal super-nanny API that uses a signed network call to add a level of control over the loading process. Or from having a built-in phased rollout API that only permits a rollout to increase in scope as more confidence is gained. And probably ten more ideas! Microsoft didn't trigger this outage, but it's very worrying if they disown it. There's a lot the OS vendor can do.
> having Windows roll back to the last known version of a driver/extension after a failed boot (or several)
One of the problems with CrowdStrike was the update was a definition/config file that was pushed out by CrowdStrike. There was no driver update and the BSOD was caused by the existing driver failing to parse/load the new file pushed out. This means there was no last known good state to rollback to in terms of driver updates.
Granted I still agree that MS can hopefully improve things to avoid this problem in the future but this isn't a simple problem that the OS can guard from short of stopping 3rd party kernel drivers.
For robust rollback you need an encapsulation of the full dependency closure that can be rolled forwards and backwards atomically. These days containers are a decent enough solution for that. Anything changes means everything changes, at the same time. We have the technology.
Sure I can agree with this (if it's actually viable to do). My reply was mostly to try and explain that the issue wasn't due to a driver update but rather an existing driver failing to work with a new file it was using hence why the last known good configuration feature didn't work.
Hey Microsoft: Just stop trying to cloudify everything in the new Windows and focus on its stability instead of releasing an inconsistent UI every few years, and you will be good to go.
I’m afraid that one morning, we’ll wake up, Windows is unbootable globally, and it’s because the desktop Widgets had a hardcoded certificate expire, causing an infinite taskbar crash.
Which actually happened in one of the Windows 11 preview releases.
It might not be Widgets next time - but there’s enough stupid in Windows that it could be anything from SmartScreen to Defender to Copilot to Edge. It could also be just something widespread and stupid, like Intel or NVIDIA’s driver analytics imploding.
Windows update has a process to rollback bad driver updates after a handful of crashes, and I've seen it work. I think it's about three crashes and it rolls back. But there's probably situations where it won't work, I'm guessing things like: driver A's update causes a crash in driver B; the updated driver crashes, but not immediately; the driver crashes, but only after writing bad data to disk.
I also don't know if Microsoft's security software can rollback from bad definition updates.
CS designated their software as one, and when it crashed so did the whole OS to the point that the rollback process doesn't seem to be able to kick-off.
I'm not sure... I don't actually know what driver it was that failed; although I suspect it was a video driver. Computer made some noises, blue screened, restarted, repeat N times, then came up, and after login said something about a bad update and may have told me which device, but I forgot. I was across the room for most of it.
Drivers undergo a vetting process by Microsoft (at least, the ones that are signed and offered as updates) = quality control through their control of the channel.
This has been the case at least since the late 90s if I remember correctly.
WHQL has had some pretty awful drivers pushed through it. Granted, this was quite some time ago, early 2000s-ish, but they've lead to BSODs etc with nVidia drivers.
Some unscrupulous drivers will detect that they are being run by WHQL and disable various features so they pass certification. Of course, they also run dog slow in the WHQL lab, but that’s okay, because WHQL is interested in whether the driver contains any bugs, not whether the driver has the fastest triangle fill rate in the industry.
The most common cheat I’ve seen is drivers which check for a secret “Enable Dubious Optimizations” switch in the registry or some other place external to the driver itself. They take the driver and put it in an installer which does not turn the switch on and submit it to WHQL. When WHQL runs the driver through all its tests, the driver is running in “safe but slow” mode and passes certification with flying colors.
The vendor then takes that driver (now with the WHQL stamp of approval) and puts it inside an installer that enables the secret “Enable Dubious Optimizations” switch. Now the driver sees the switch enabled and performs all sorts of dubious optimizations, none of which were tested by WHQL.
> “The document states that Microsoft is obligated to make available its APIs in its Windows Client and Server operating systems that are used by its security products to third-party security software makers.”
Which means, if Microsoft had made a more carefully scoped way of extending the kernel, or even avoided extending the kernel at all for their own security products, they would have perfectly been at liberty to demand it for everyone else.
"Current Microsoft points finger at Past Microsoft for ..."
Isn't a headline that will ever exist, therefore they'll point fingers at any entity (EU being the most recent) that's making them do things they don't want to do in order to further an unrelated agenda.
I absolutely hate this focus on "security"; it's just pushing us faster towards the authoritarian dystopia that Stallman warned us about 25+ years ago.
This decision means security software vendors have a greater ability to muck up systems as CrowdStrike did this week when it crippled 8.5 million Windows PCs worldwide.
...and what about when Microsoft inevitably screws something up with its automatic updates and undoubtedly affects even more machines? They already have, multiple times. One of the most recent memorable occurrences: https://news.ycombinator.com/item?id=18189139
As the old saying goes, "Those who give up freedom for security deserve neither."
> Microsoft agreed back in 2009 with the European Commission that it would give makers of security software the same level of access to Windows that Microsoft gets.
Why Microsoft should have more access then others ? Becouse Crowdstrike / public internet straight to kernel updates combo ?
Whole thing is about locking _computers_ from buyers and that is a no go. We need more os'es and more freedom - just fact of MS existence (domination) is a proof that hardware-os monopoly owned by one company is not some natural law.
Now let's make IBM unlock their hardware-os monopoly to software vendors :)
The EU needs mandates to effectively exclude Windows from applications that are even slightly critical.
As an aside, it is sickening that so many simple displays and dedicated devices with simple UIs that could be implemented as static scenarios using proper capability-based multiserver architectures (such as the leading seL4 / LionsOS) do instead use complicated software stacks based on Linux (and sometimes even worse, Windows).
> As an aside, it is sickening that so many simple displays and dedicated devices with simple UIs that could be implemented as static scenarios using proper capability-based multiserver architectures (such as the leading seL4 / LionsOS) do instead use complicated software stacks based on Linux (and sometimes even worse, Windows).
This has been a thing since the 90s, maybe longer. I remember walking through Caesars Palace (Las Vegas, NV) circa 1999 and seeing a BSOD on several of their screens. People will always make expedient choices as long as it works well enough most of the time.
That enabling competition in kernel mode antivirus is the actual problem, and that a more widely used product (which isn't true anyways, the MS product is used more) doesn't imply a better product.
> That enabling competition in kernel mode antivirus is the actual problem...
That hasn't been demonstrated. Just because a competitor screws up in a competitive market doesn't mean that it is wrong to have competition. In a competitive market some competitors are expected to fail. It's part of the process.
>The document states that Microsoft is obligated to make available its APIs in its Windows Client and Server operating systems that are used by its security products to third-party security software makers
I guess even M/S has a hard time with reading comprehension. "make available" does not mean "no lock down". So does that mean when someone boots windows into Safe Mode, they are breaking the law in the EU ? I do not think so.
It's already horrible with their 'recommendations' left and right, and preinstalled stuff that you cannot remove.
And then it just becomes too easy for Microsoft to let their Windows Defender run in kernel mode and 3rd parties can't do that, so obviously they can outperform them.
Kinda like iOS' Safari. Hell, that one runs in user mode, but it required laws for 3rd parties to be able to provide native alternatives.