CrowdStrike defends access to Windows kernel at US Congressional hearing into July worldwide update failure

“The sheer scale of this error was alarming,” said Andrew Garbarino, chair of the subcommittee. The incident, which knocked 8.5 million Windows computers and servers offline, created an environment “ripe for exploitation by malicious cyber attackers through phishing and other efforts,” he said.

However, Meyers defended the company’s stand.

“Anti-tampering is very concerning, because when a threat actor gains access to a system, they would seek to disable security tools. And in order to identify that’s happening, kernel visibility is required. The kernel driver is a key component of every security product I can think of. Whether they would say they do most of their work in the kernel or not varies from vendor to vendor. But to trying to secure the operating system without kernel access would be very difficult.”