Windows is less secure than macOS due to EU regulations

The worldwide IT chaos caused by a Crowdstrike update caused the dreaded Blue Screen of Death on Windows systems. Microsoft now says that this also has something to do with EU guidelines that Redmond has to follow…unlike Apple.

Crowdstrike software with access to kernel

According to Microsoft estimates, around 8.5 million Windows devices worldwide were affected by the faulty Crowdstrike update. MacOS users, on the other hand, were completely spared bootloops and crashes. To understand why this is the case, you first need to know how such security programs work. Crowdstrike explained this in a Blog post which the company published on its website the day after the IT chaos.

These programs must gain access to examine the core of computers’ operating systems for security flaws. This access gives them the ability to disrupt the very systems they are trying to protect. Crowdstrike

macOS protects itself

However, Apple has not allowed such kernel-level access to programs such as those from Crowdstrike since the release of macOS 10.5 Catalina in 2019. Instead, to put it simply, the operating system monitors itself. Third-party security software only receives the data it needs to perform its function from the OS.

EU rules prevent more Windows security

According to Microsoft, however, this is not possible under Windows. As the company told the Wall Street Journal announced that this is allegedly due to EU regulations. Following a competition complaint, an agreement was reached with the European Commission in 2009, which stipulates that “manufacturers of security software have the same access to Windows [müssen] like Microsoft”.

This “openness” of Windows was a prerequisite for the Crowdstrike software to be able to cause the system failures that paralyzed airports, hospitals and television stations last week. Nevertheless, most users are more likely to blame the security software company than the EU or Microsoft. Ultimately, it was primarily hair-raising errors by the developers and inadequate internal testing that led to the worldwide IT chaos.