So we're falling back on semantics now. I don't think I need to spend much longer on this. In the context of this discussion, when I wrote "third party" I meant "not Microsoft". I'm pretty sure everybody reading this thread - including you - knew exactly what I meant.
No, I certainly didn't, because it is a nonsensical distinction in this context.
The problem is this: if you can write code that executes in kernel mode, so can anyone else. I'm sure you don't want your desktop machine to be vulnerable to someone with hostile intent running kernel mode code on your machine. It would give them a level of control equal to the OS itself.
But that was not the situation here. It wasn't "someone with hostile intent". It was the authorized owner of the machine. That is exactly why it is not a vulnerability.
Noone could run code in kernel mode
without the authorized owner of the machine auhtorizing this to happen.
I'm sure you would appreciate Microsoft making it as difficult as possible for said people to do that. I'm sure you would appreciate being protected against people who are merely incompetent, with no evil intent, like CrowdStrike.
It is already impossible. Noone can run code in kernel mode on your machine without your authorization. So, if you don't want code to run in kernel mode, then don't run code in kernel mode, noone is forcing you to. What you are arguing about here is whether Microsoft should force
other people to not run code in kernel mode, because you somehow think that your system is vulnerable due to the fact that
other people might run code that you consider too risky to run on your own machine. For you to not run that code on your machine, you don't need Microsoft to force you, you can simply not do it.
Allowing non-Microsoft code to run in kernel mode is an obvious security and reliability hole. It is time to revisit the EU decision, including getting to the bottom of why MS wanted to restrict access to only some vendors. The whole thing needs reviewing.
No, that is not in any way obvious. You are constantly making the completely unsubstantiated assumption that Microsoft is the most competent company to build kernel mode code. Without that assumption, your argument makes no sense at all.
Like, obviously, Microsoft could build this API that handles hooking into the system in a way that products like CrowdStrike need, and build it with the goal of making it hard to compromise or crash the system via that API. That is obviously just a kernel-mode driver written by Microsoft, right?
Now, obviously, other companies besides Microsoft could also build such a kernel-mode driver with the same goal, right?
Now, why do you think that Microsoft's will necessarily be the best and no other vendor could do it better? Or, if that is not what you think, then why should Microsoft be allowed to prevent competitors from selling their superior product to customers?
And note, again, that noone is preventing Microsoft from selling their own solution, or preventing you from buying Microsoft's solution. So it is irrelevant that you would prefer to use Microsoft's solution, because noone is preventing that. All this is about is whether
other people should be prevented from selling and buying alternative solutions, and you so far have failed to support that demand.