Microsoft is moving antivirus providers out of the Windows kernel
Technology
26
Beiträge
22
Kommentatoren
140
Aufrufe
-
Cool. Do anticheat vendors next.
Do them now! Haha
-
Cool. Do anticheat vendors next.
Another big area of Windows that uses kernel-level drivers is anti-cheating engines for games. Microsoft has been speaking with game developers about how to reduce the amount of kernel usage, but it’s a more complicated use case as cheaters often have to purposefully tamper with their machine to disable protections and get cheating engines running.
“A lot of [game developers] would love to not have to maintain kernel stuff, and they are very interested in how they do that,” Weston says. “We’ve been talking about the requirements there, and I think we’ll have more to say on that in the near future.” Riot Games told me last year that it’s willing to follow potential Windows security changes and “recede from the kernel space.”
-
"A lot of [game developers] would love to not have to maintain kernel stuff, and they are very interested in how they do that,"
I don't know if I'm reading it in the way it was intended, but I'm laughing my ass off.
-
Another big area of Windows that uses kernel-level drivers is anti-cheating engines for games. Microsoft has been speaking with game developers about how to reduce the amount of kernel usage, but it’s a more complicated use case as cheaters often have to purposefully tamper with their machine to disable protections and get cheating engines running.
“A lot of [game developers] would love to not have to maintain kernel stuff, and they are very interested in how they do that,” Weston says. “We’ve been talking about the requirements there, and I think we’ll have more to say on that in the near future.” Riot Games told me last year that it’s willing to follow potential Windows security changes and “recede from the kernel space.”
I don't know if this is Windows trying to stop hemorrhaging users to Linux, but if they go ahead with this it will likely hilariously backfire and make multiplayer games become even more compatible with Linux.
Steam is already rubbing their hands grubbingly.
-
"A lot of [game developers] would love to not have to maintain kernel stuff, and they are very interested in how they do that,"
I don't know if I'm reading it in the way it was intended, but I'm laughing my ass off.
"you could, like, fuck off with that shit"
"what does that mean"
-
I don't know if this is Windows trying to stop hemorrhaging users to Linux, but if they go ahead with this it will likely hilariously backfire and make multiplayer games become even more compatible with Linux.
Steam is already rubbing their hands grubbingly.
It's MS trying to not have another meltdown like CrowdStrike. They tried to do it with Vista, and they pussied out when all the same fucks cried out 'but we can't fuck with the OS like a bent-over ho', and so MS let it slide in the 'eventually' to-do bin until it was demonstratably their fault for not clamping down on kernel access.
Also lol "willing to follow", as I understand it MS isn't giving them an option or opinion this time around. Gtfo of the kernel or your shit will stop working. I think the deadline is 2026, but it's been a while since this was all announced.
-
This post did not contain any content.
Microsoft is moving antivirus providers out of the Windows kernel
Microsoft is making changes to Windows to get antivirus apps out of the kernel. A private preview is being released to security vendors in July.
The Verge (www.theverge.com)
I wonder whether solutions like Twincat for industrial PC/PLCs will be affected by this. Interfacing directly with the kernel and replacing the scheduler are, AFAIK, fundamental to making Windows viable for real time use.
-
I fucking called this after the Crowd Strike catastrophe.
MSFT would start massively reworking their entire concept of who actually gets kernel access, because uh, causing a Y2K event is uh, really bad, actually.... and yep, that probably means the kernel level AC paradigm is no longer workable.
Fucking obviously duh, wow, turns out just letting any old 'vetted' vendor submit goddamned kernel level code updates without being strenuously verified each time is a bad fucking idea, wow, who could have guessed??!?
-
I wonder whether solutions like Twincat for industrial PC/PLCs will be affected by this. Interfacing directly with the kernel and replacing the scheduler are, AFAIK, fundamental to making Windows viable for real time use.
An interesting question. Assuming they're only targeting security/antivirus products at the moment (see the discussion regarding anti-cheat) it may be that those applications get a pass for now.
-
It's MS trying to not have another meltdown like CrowdStrike. They tried to do it with Vista, and they pussied out when all the same fucks cried out 'but we can't fuck with the OS like a bent-over ho', and so MS let it slide in the 'eventually' to-do bin until it was demonstratably their fault for not clamping down on kernel access.
Also lol "willing to follow", as I understand it MS isn't giving them an option or opinion this time around. Gtfo of the kernel or your shit will stop working. I think the deadline is 2026, but it's been a while since this was all announced.
Didn’t think I’d be excited about something Microsoft is doing, but this sounds great!
-
This post did not contain any content.
Microsoft is moving antivirus providers out of the Windows kernel
Microsoft is making changes to Windows to get antivirus apps out of the kernel. A private preview is being released to security vendors in July.
The Verge (www.theverge.com)
Wouldn’t it have made more sense for them to improve the boot recovery process instead?
If the system fails to boot after a driver update, roll back the update and inform the user on startup.
-
An interesting question. Assuming they're only targeting security/antivirus products at the moment (see the discussion regarding anti-cheat) it may be that those applications get a pass for now.
No I think they are limiting kernel access. These are just what moist people know that would use it.
-
No I think they are limiting kernel access. These are just what moist people know that would use it.
What about us folks on the drier side of life?
-
Didn’t think I’d be excited about something Microsoft is doing, but this sounds great!
oh don’t worry, the future will be worse. My prediction: full hardware attestation DRM linked to your personal information.
-
What about us folks on the drier side of life?
Just Remember to take care of your skin
-
No I think they are limiting kernel access. These are just what moist people know that would use it.
I'm just speculating. It seems like, at least at the moment, anti cheat continues to be able to run as kernel. The article says Microsoft will have more to say on anti cheat "in the near future."
It may be that they don't crack down on the realtime applications as hard, since the number of users impacted is so much smaller. Antivirus and anti cheat are on many millions of machines and are usable by the average consumer. Specialty software may be considered differently, I. E. "You know what you're doing and what risks you're assuming" for the more technical customer.
It will be interesting to see where they go with this.
-
Wouldn’t it have made more sense for them to improve the boot recovery process instead?
If the system fails to boot after a driver update, roll back the update and inform the user on startup.
AFAIK the Crowdstrike issue wasn't a driver update, just virus definitions outside the driver, so your method wouldn't have helped.
-
oh don’t worry, the future will be worse. My prediction: full hardware attestation DRM linked to your personal information.
Ah yes, like Apple does. This makes sense.
-
What about us folks on the drier side of life?
AKA crunchy people
-
I fucking called this after the Crowd Strike catastrophe.
MSFT would start massively reworking their entire concept of who actually gets kernel access, because uh, causing a Y2K event is uh, really bad, actually.... and yep, that probably means the kernel level AC paradigm is no longer workable.
Fucking obviously duh, wow, turns out just letting any old 'vetted' vendor submit goddamned kernel level code updates without being strenuously verified each time is a bad fucking idea, wow, who could have guessed??!?
Just have copilot check the code
