Forum Discussion
Will Windows Server 2025 kernel be resilient to Croudstrike-like failures?
I know that Windows Server 2025 will soon be ready for GA, but I'm also thinking that last week's events happened still on time to do something from MS side in order for kernel of Windows Server 2025 to be more resilient to third party (or its own Defender) influence.
Can Microsoft introduce something easy, like automatic last known good kernel configuration if BSOD is detected, which would automatically restart Windows without human intervention with the previous version of antivirus, and just signal in System Event Viewer, that last antivirus update had something crashing the system?
2 Replies
- I believe Crowdstrike may be looking to rewrite their application to run in user mode rather than kernel. I've heard this secondhand so take that with a pinch of salt. That would alleviate the concern at least for that particular product.
- My opinion, Kernal drivers and system drivers should never be upgraded and changed without human approval. These are the core of the trust of the system. They are the root of trust of the operating system and the more you change them, the less trust you will have in the system as a whole. Open source drivers would help immensely as bad code can be corrected faster. Trying to reverse engineer compiled code is difficult and time consuming. If these drivers were open source it would be much faster to find issues. Open source - that's not a Microsoft initiative that I see so much of.
