Kernel anti-cheat systems are currently the bane of Linux/Steam Deck gaming, haven’t actually proven to be effective at stopping cheaters (see Valorant for an example), and lead to various security concerns from giving 3rd parties full access to your machine to being used to install ransomware and malware.
Windows tried to restrict kernel access years ago, but backed down under pressure from various companies. However Crowdstrike’s outages have shown the sever consequences of leaving kernel access open, and we might finally see kernel access to be cut off.
MS had this implemented originally in NT4 then started allowing more drivers direct access for performance.
They tried again with VISTA but McAfee and Symantec cried to the EU and forced MS to back down.
Apparently apple got away with implementing it however.
Apple implemented a kernel API for security software and made it good enough that they forced their own tools to use the API.
MS’s own tools depended on kernel access but they tried locking out 3rd party vendors without building a replacement like Apple did.
McAfee and Symantec correctly pointed out how this would be using monopolist powers to block competitors.
Microsoft needs to shut up and do the work to make their kernel secure.
I haven’t looked at the Security API in depth but I have looked at the iOS APIs… Apple gets away with their own apps having MUCH MUCH deeper access than what they give 3rd parties… I would be SHOCKED if their kernel API is all they use in their own tools.
The EU ruling is very broad however, if it has just been security tools YES MS could have just built out the APIs and used them for defender, but the EU ruling makes it so open we have wonderful video game anti cheat and DRM drivers from all sorts of providers playing around in driver / kernel space.
I have no idea either way - floating a question.
Did apple previously allow kernel access and then restrict it again? It seems the specific issue with MS vs McAfee etc is due to originally being allowed access, but microsoft restricted it, affecting their products?
Yes, System extensions on macOS Catalina 10.15 or later allow software https://developer.apple.com/support/kernel-extensions/