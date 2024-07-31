(MENAFN) The recent meltdown of CrowdStrike software, which has led to the disruption of millions of computers globally, has sparked a broad debate over responsibility. While the immediate fault lies with CrowdStrike for failing to verify the integrity of its update and for rolling it out universally without preliminary testing, the situation is complicated by Microsoft's policies and practices.



CrowdStrike's error stemmed from not ensuring that the update it distributed was free of issues, causing widespread system crashes among Windows users. The issue was exacerbated by Microsoft’s decision to grant CrowdStrike, and other third-party developers, extensive access to the Windows kernel—the core component that manages the entire operating system. This level of access, while intended to foster compatibility and competition among software providers, can also lead to significant problems if a mistake is made or if the software is compromised.



This situation highlights the risks associated with providing deep system access to external developers. For instance, Apple, in response to similar concerns, stopped granting third-party developers access to the macOS kernel starting in 2020, which could explain why Apple devices were not affected by the CrowdStrike issue.



However, Microsoft’s policy is also a significant factor. Under a 2009 agreement with the European Commission, Microsoft committed to giving third-party developers access to Windows in the same way it provides access to its own software. This agreement was designed to ensure competition and compatibility, requiring Microsoft’s software and services to work seamlessly with third-party applications. While this goal supports a competitive market, it also poses risks when external developers handle critical system components without adequate oversight.



In summary, while CrowdStrike’s lapse in verifying its update and Microsoft's extensive third-party access policies are central to the incident, the broader context of regulatory commitments and software access policies also plays a crucial role in understanding the incident's impact.



MENAFN31072024000045015682ID1108502500