Elyse Betters Picaro / ZDNETLast summer’s CrowdStrike meltdown was a nightmare for network administrators worldwide, disrupting healthcare systems, cutting off access to banking systems, and grounding aircraft. All in all, the event caused billions of dollars in direct and indirect damages, and it was entirely preventable.Also: How to get Windows 10 extended security updates for free: 2 optionsIn response, Microsoft convened a security summit, bringing together technical experts from CrowdStrike and its competitors in the endpoint security software business. That meeting led to an announcement late last year of a new set of Safe Deployment practices and some changes to the architecture of Windows desktop and server products, with the goal of preventing a similar incident from ever happening again. No more kernel drivers?Today, the company announced that some of those Windows Resiliency Initiative features are about to go live. In July, the company said, it will deliver a private preview of the new Windows endpoint security platform to a set of its partners who have signed on to the Microsoft Virus Initiative 3.0 program. The biggest change is one that the majority of security experts had recommended — moving third-party security drivers out of the Windows kernel, where a flaw could cause a catastrophic crash, and running them in user space instead. The new Windows capabilities will allow them to start building their solutions to run outside the Windows kernel. This means security products like antivirus and endpoint protection solutions can run in user mode just as apps do. This change will help security developers provide a high level of reliability and easier recovery, resulting in less impact on Windows devices in the event of unexpected issues. The announcement includes supportive quotes from some of those partners, including Bitdefender, ESET, SentinelOne, Trellix, Trend Micro, WithSecure, and — naturally — CrowdStrike. Also: Will your old laptop still get security updates after this year? Check this chartNotably, none of the companies on the list committed to moving their drivers out of the kernel and into user space, a process that will require time and testing. And there’s no guarantee that all of the participants are ready to move to the new architecture.Last year, following the security summit, ESET had been blunt about the prospect of changes to the endpoint security platform: “It remains imperative that kernel access remains an option for use by cybersecurity products,” the company wrote in an unsigned statement. This year’s remarks are more collegial but still not quite a ringing endorsement: The collaboration between ESET and Microsoft technology teams on the proposed Windows endpoint security platform changes continue to be productive with open and ongoing dialogue. Delivering a stable and resilient operating system environment is extremely important for our joint customers, and the ESET team continue to provide detailed feedback to help ensure there is no degradation in the security or performance currently enjoyed by our customers. One company that was notably missing from today’s roster of supporters was Sophos, which had been vocally critical of calls to move security software out of the Windows kernel space. At the time, Sophos Chief Research and Scientific Officer Simon Reed made clear that the company considers access to the Windows kernel to be fundamental. “Operating in ‘kernel-space’ — the most privileged layer of an operating system, with direct access to memory, hardware, resource management, and storage — is vitally important for security products,” he said, adding that kernel drivers are “fundamental” not just to Sophos products but to “robust Windows endpoint security, in general.” In a follow-up post after the security summit, Neil Watkiss, VP of engineering for Sophos’ Windows products, reiterated that “the system access provided by kernel drivers is necessary to provide the security functions expected by users of a modern cybersecurity product” and tentatively discussed the need to reduce the need for kernel drivers. Bye-bye, Blue Screen of Death Today’s announcement also highlights some related improvements in the Windows 11 24H2 release that had been previously announced. The first is an improvement in the process of collecting “crash dump” reports after a failure that causes the system to restart; that change should cut downtime to about two seconds for most users. A new interface also simplified the classic Blue Screen of Death screen to a less jargon-filled “unexpected restart” screen with white text on a black background. Those changes will be available later this summer, the company says. More