Microsoft proposes shift in cybersecurity by eliminating kernel-level access
The move has sparked concern among cybersecurity firms like Sophos and ESET, which argue that kernel access is vital for innovation and advanced threat detection.
Microsoft is developing an alternative platform for cybersecurity companies that currently rely on deep access to its operating system’s kernel layer, following a global IT crisis caused by a faulty CrowdStrike update. In response to customer and partner demand, Microsoft announced plans to design a ‘new platform capability’ that would allow security vendors to operate without needing kernel-level access, which is the most critical layer of the OS.
This initiative aims to improve system reliability while maintaining strong security. The shift will require significant changes not only for Microsoft but also for external cybersecurity firms that use kernel access to detect threats. Microsoft explained that newer versions of Windows provide more ways for cybersecurity vendors to offer services outside of the kernel layer. However, some in the security industry believe kernel access is still essential for innovation and advanced threat detection.
Sophos’ Chief Research Officer, Simon Reed, emphasised that kernel access is vital for security products, describing it as fundamental to both Sophos’ offerings and Windows endpoint security in general. ESET echoed this sentiment, supporting changes to the Windows ecosystem as long as they do not weaken security or limit cybersecurity solution options. Both companies argue that restricting kernel access would hinder innovation and the detection of future threats.
The debate over kernel access is unlikely to result in major changes soon, as security companies fear it could give Microsoft’s own security products an unfair advantage. Given Microsoft’s antitrust history, this issue could end up in court, with government officials from the US and Europe closely monitoring developments.