Microsoft is making big changes to how third-party antivirus works under the hood as part of a “Windows Resiliency Initiative.” It could impact everything from how the anti-cheat in your favorite game works to how the security of enterprise cloud servers are set up.
Restricting Anti-Virus Access to the Windows Kernel
As it stands today, third-party antivirus applications run “kernel-level,” which means they have complete and total access to the most basic functions of the operating system. In practical terms, that has a huge advantage: the antivirus can do whatever it needs to protect your system.
On the other hand, it also opens a whole host of issues.
Related
What Is the Linux Kernel, and Why Does It Matter?
What’s at the center of it all?
Kernel-level access means that a fault with the security software can completely disable a PC in certain circumstances, something Microsoft notes in its press release: “This change will help security developers provide a high level of reliability and easier recovery resulting in less impact on Windows devices in the event of unexpected issues.”
“Unexpected issues” with security software were a big issue in 2024, when a faulty CrowdStrike update disabled an enormous number of Windows devices, costing companies hundreds of millions or billions of dollars.
Microsoft’s changes will require third-party antivirus to run in what is called “user mode,” which is the same level that most of the common applications—like your browser—on your PC use. So far, there aren’t a ton of publci details about exactly how these changes will impact the effectiveness of third-party security applications, but a preview of the new system will be sent to select partners in July.
Good Riddance Kernel-Level Anti-cheat
If you’ve played any competitive games, you’ve encountered modern anti-cheat: Battleye (BE), Easy Anti-Cheat (EAC), EA’s Javelin Anticheat, Vanguard, and so on. Much like the antivirus running on your PC, those services are also kernel-level, which theoretically gives them unfettered access to your PC and everything on it. Short of removing them or completely disabling them—which then requires a restart to turn them back on—there is really no easy way to curtail their access.
Kernel-level anticheat has raised privacy and security concerns over the past several years, as critics were quick to point out that it was an extraordinary level of access for something as minor as a game. Those concerns were magnified by the fact that anti-cheat systems are proprietary.
Related
The Latest Anti-Cheat Technology is Controversial. Here’s Why
When does it go too far?
Proponents have argued that kernel-level anti-cheat is necessary to prevent hackers and cheaters from cheating in games. However, that argument doesn’t seem to hold much water, since most competitive games (especially first-person shooters) are inundated with exploits and cheaters anyway.
Kernel-level anti-cheat has also been a recurring issue on Linux operating systems, which has intermittently created problems for gamers on Linux.
Related
7 Problems You’ll Likely Run Into Gaming on Linux
Gaming on Linux is easier than ever, but there are still gotchas to watch out for.
With Microsoft tightening up access to the Windows kernel, existing anti-cheat systems will need to be modified to account for the changes. Hopefully, whatever approach anti-cheat developers take will be more friendly towards Linux-based operating systems, given their growing popularity.
Source link
