Crashes and Competition (also in video essay format) was written following the CrowdStrike-caused outages worldwide just a few months ago.
In a nutshell, the issue was caused by the security software provided CrowdStrike. On Windows, in order for the security software to do its job, it would have to load itself as a kernel module: basically, integrate itself very deeply into the operating system. This is risky and generally not recommended: normally, if an application misbehaves or crashes, it doesn’t bring down the entire computer with it. However, if a kernel module crashes, the entire computer does too; and that is exactly what happened here, causing the dreaded Blue Screen of Death following an update that CrowdStrike released to its software.
Microsoft, unfortunately but not unexpectedly, received a lot of criticism both during the incident and after, with many blaming them and Windows for the global issue. After all, people only see that Windows crashed with a Blue Screen of Death; it’s not obvious that this was caused by third-party software from CrowdStrike. The article I want to write about here – Crashes and Competition – shows that actually Microsoft has tried to fix this exact potential issue (security software needing to be a kernel module) in the past, but because it would have increased the security (and stability) of Windows without third-party software, anti-virus companies McAfee and Symantec were threatened by it and lobbied until regulators blocked Microsoft from moving forward with it.
The story here is not just that political lobbying is bad, but the article actually goes on to touch a deeper point: regulations become outdated, and this is especially true in the tech world that moves very quickly. The technological world in the early 2000s was very different than it is today. For example, Windows today is way more secure and viruses and malware are way less of a problem. Today, I would argue that anti-virus applications are themselves the most common malware, especially targeting the elderly with fear-mongering, while not only not providing any additional security, but actually making the computers slower and more unstable, and also more vulnerable because malware can attack the poorly implemented security software. But I digress: the point is the world is different, but the regulations remain the same. And hence, the CrowdStrike incident.
Would it have been better if Microsoft was allowed to make Windows safer and more stable by reducing the need on third-party anti-virus software and also preventing them from installing kernel modules (in the same way Apple does, by the way)? It would almost certainly would have avoided the CrowdStrike incident, but Microsoft itself is hardly a company above reproach, and their solutions are often poorly implemented, buggy, unstable, and insecure. Just think of Microsoft Teams. Ugh.
There is no clear right answer: Microsoft sucks, third-party software suck, and regulators also suck. Santa is also not real. The world is full of trade-offs. However, I do agree with the article’s point that the European Union specifically, for all that it does right, is also prone to over-regulation:
One of the critiques of European economies is how difficult it is to fire people; while the first-order intentions are obviously understandable, the critique is that companies underinvest in growth because there is so much risk attached to hiring: if you get the wrong person, or if expected growth doesn’t materialize, you are stuck. What is notable is how Europe seems to have decided on the same approach to product development: Google is expected to have 10 blue links forever, Microsoft can’t include a browser or shift the center of gravity of its business to Teams, Apple can’t use user data for Apple Intelligence, and, in this case, X is forever bound to the European Commission’s interpretation of what a blue check meant under previous ownership. Everything, once successful, must be forever frozen in time; ultimately, though, the E.U. only governs a portion of Europe, and the only ones stuck in the rapidly receding past — for better or worse! — will be the E.U.’s own citizens.