Microsoft secures Windows

The famous "blue screen of death," a nightmare feared by Windows users for decades, will soon disappear. Not only will it turn black, but it will also provide the incident code and the faulty driver, allowing for a faster recovery. According to Microsoft, in most cases, the system could be restarted within two seconds. This represents a profound rethinking of Microsoft's policies regarding the cybersecurity industry, an interaction without which hundreds of providers in this category of software would have no reason to exist.

It's no coincidence that this new development is being announced at this time. Next Saturday, the 19th, will mark one year since the massive blackout that affected 8.5 million Windows-based systems, paralyzing airports, banks, payment systems, and countless other businesses dependent on Microsoft software. It was caused by a programming error in an update to CrowdStrike's Falcon security software, which affected the Windows kernel (the operating system component that grants access to the hardware whenever a program requests it).

It was a mistake, not an attack, but one that revealed weaknesses. Shielding access to the kernel should, a priori, be the most affordable solution, but it's unfeasible for the simple reason that most third-party solutions—the so-called security industry—run on the Windows kernel, which is why it was the focus of the 2024 incident. This leaves collaboration between Microsoft and solution providers, sharing designs and technical requirements without enforcing their autonomy, as the best alternative.

A platoon of solution providers is working on a new common platform

The company claims to have no interest in imposing its own rules: according to it, it only seeks to promote an ecosystem of common interest to all players in the security market. Crowdstrike was the first to embrace the idea of what would de facto be a universal security platform for Windows devices. TrendMicro, Bitdefender, and ESET, among others, have joined in, while Palo Alto Network remains reticent, perhaps fearful of subordinating its strategic freedom to Microsoft's will.

Read also

Since the institutional level is so important in this matter, Microsoft supports the initiative signed by fifty cybersecurity executives from large corporations, who are calling for a convergence of the public and private sectors and the simplification of regulations. They propose the creation of a global forum in response to the undeniable growth in threats.

Their argument is a classic one: it is difficult to comply with the diversity of regulations that influence system security. Many of them are sector-specific; in Europe, a generic one, NIS 2, still in the implementation phase, prevails. A common feature among all of them is the obligation to quickly report any security breaches identified, something that is never easy or pleasant because the information needed is scattered, and any disclosure could provide clues to cybercrime.

Generative artificial intelligence will facilitate defense against cyberattacks

As a lure, Microsoft offers a cloud service that would make it easier for system administrators to scan the deep layers of their software to locate the root causes of security breaches—either preemptively or as a reaction to an attack, but in both cases it would be paid and without intermediaries. The icing on the cake is the launch of a cybersecurity assistant, dubbed Microsoft Security Copilot, in which generative AI integrates cybersecurity tools already in its arsenal: Defender, Sentinel, and Intune. Microsoft makes it clear that it seeks prominence in this delicate field, but at the same time avoids giving the impression that it is pursuing hegemony.