2

Microsoft Kernel Ban

Comments:
Threaded Linear
#1
Nef0r0

That crowd strike disaster has apparently caused Microsoft to explore new security systems, which they discussed in a meeting on Tuesday. https://blogs.windows.com/windowsexperience/2024/09/12/taking-steps-that-drive-resiliency-and-security-for-windows-customers/
There is however a problem for gaming in all of that

"improved security posture and security defaults enable the platform to provide more security capabilities to solution providers outside of kernel mode.

Both our customers and ecosystem partners have called on Microsoft to provide additional security capabilities outside of kernel mode which, along with SDP, can be used to create highly available security solutions."
Might be a problem with English, but doesn't that just basically disable all kernel programs like Anti Cheats?

#2
Nef0r0
0
Frags
+

Now that I think about I should have just named the thread Anti Cheats dead

#3
Yogi020
0
Frags
+

sorry i cant read this my brain is cooked

#4
Nef0r0
1
Frags
+
Yogi020 [#3]

sorry i cant read this my brain is cooked

They look to ban kernel programs, including vanguard anti cheat, which fucks everyone in the gaming industry up.

#5
PrincePuma01
0
Frags
+

Most probably. I mean crowd strike itself was so deadly for them so they might leverage other alternatives.
Or might make it similar to how Google does it whenever you deploy an application on GCP, have a thorough validation process and only after that approval you're allowed to go through with it

#6
IonlywatchvcjXD
0
Frags
+
Nef0r0 [#4]

They look to ban kernel programs, including vanguard anti cheat, which fucks everyone in the gaming industry up.

Are there any other games with vanguard level of system? ( I'm quite ignorant about it)

#7
Nef0r0
0
Frags
+
IonlywatchvcjXD [#6]

Are there any other games with vanguard level of system? ( I'm quite ignorant about it)

Pretty much every anti cheat we have are kernel. Vanguard, faceit, easy, battle net anti cheats, it's the definition of being fucked

#8
Nef0r0
0
Frags
+
PrincePuma01 [#5]

Most probably. I mean crowd strike itself was so deadly for them so they might leverage other alternatives.
Or might make it similar to how Google does it whenever you deploy an application on GCP, have a thorough validation process and only after that approval you're allowed to go through with it

Maybe, it still fucks everything up tho.

#9
Targu1n
1
Frags
+

I am not a security researcher (will be very clear based on my horrible wording) and im coming simply from someone who studied IT and finished a couple Security based lectures. Aka im talking out of my ass. Just a slightly more informed ass than the average one.

Nah this article doesnt cover anything of the like.
Crowdstrike was a failing by the company through and through and not the fault of microsoft. One of the worst cases of gross negligence we've ever seen from a security firm of that size.

The main takeaway from this article should be: "In the short term, we discussed several opportunities to improve how we support the safety and resiliency of our mutual customers."
Main point of the following paragraphs is having the present companies discuss ways of "sharing data, tools and documented processes".

Microsoft is not going to remove drivers. Windows doesnt work without them. And as such kernel level software will still be allowed.

The other big point is "Here, our conversation explored new platform capabilities Microsoft plans to make available in Windows, building on the security investments we have made in Windows 11."
Basically offering alternatives to running stuff in kernel mode. Kernel mode is scary since if it breaks, it can brick everything. Lots of stuff currently being done in kernel mode doesnt have to be kernel, but theres no proper alternatives if you want a secure environment/need a biiiit more access.
This will (maybe already has, idk my lectures were based on windows95 architecture) hopefully change, if this article is anything to go off.

#10
MrSycopaf
1
Frags
+
Yogi020 [#3]

sorry i cant read this my brain is cooked

microsoft is gonna cut the whole arm coz one finger infected.

#11
Nef0r0
0
Frags
+
Targu1n [#9]

I am not a security researcher (will be very clear based on my horrible wording) and im coming simply from someone who studied IT and finished a couple Security based lectures. Aka im talking out of my ass. Just a slightly more informed ass than the average one.

Nah this article doesnt cover anything of the like.
Crowdstrike was a failing by the company through and through and not the fault of microsoft. One of the worst cases of gross negligence we've ever seen from a security firm of that size.

The main takeaway from this article should be: "In the short term, we discussed several opportunities to improve how we support the safety and resiliency of our mutual customers."
Main point of the following paragraphs is having the present companies discuss ways of "sharing data, tools and documented processes".

Microsoft is not going to remove drivers. Windows doesnt work without them. And as such kernel level software will still be allowed.

The other big point is "Here, our conversation explored new platform capabilities Microsoft plans to make available in Windows, building on the security investments we have made in Windows 11."
Basically offering alternatives to running stuff in kernel mode. Kernel mode is scary since if it breaks, it can brick everything. Lots of stuff currently being done in kernel mode doesnt have to be kernel, but theres no proper alternatives if you want a secure environment/need a biiiit more access.
This will (maybe already has, idk my lectures were based on windows95 architecture) hopefully change, if this article is anything to go off.

Oh, glad to see someone with more knowledge talking, just seen some people talking about faceit anti cheat dying in cs2 community because of it

  • Preview
  • Edit
› check that that your post follows the forum rules and guidelines or get formatting help
Sign up or log in to post a comment