CrowdStrike 惨败表明，监管“大型科技公司”可能比看起来更难

【中美创新时报2024 年 7 月 29 日编译讯】（记者温友平编译）全球反垄断监管机构加大了对包括苹果、谷歌和亚马逊在内的大型科技公司的监管力度。但在解决这些案件之前，监管机构应该认真审视上周发生的大规模灾难，该灾难导致 850 万台运行微软 Windows 的 PC 瘫痪。《波士顿环球报》记者亚伦·普雷斯曼(Aaron Pressman )对此作了下述报道。

虽然数百万台机器的崩溃是德克萨斯州网络安全公司 CrowdStrike 的错，但从更深层次上讲，Windows PC 容易受到这种故障的影响可以追溯到微软与欧盟委员会 15 年前达成的反垄断和解。

上周，CrowdStrike 向其客户发布了包含有缺陷代码的自动更新。世界各地的医院、航空公司和各种其他企业都受到了影响——有些企业至今仍未恢复正常。CrowdStrike 为这一错误道歉并迅速发布了修复程序，不过与最初的缺陷更新不同，修复程序必须单独应用于每台受影响的 PC。

CrowdStrike 创始人兼首席执行官乔治·库尔茨 (George Kurtz) 在一篇博客文章中承诺：“我承诺将完全透明地说明此事的发生过程以及我们为防止类似事件再次发生而采取的措施。”

至少，这种预防措施将要求 CrowdStrike 在向客户发布更新之前对其进行更全面的测试。但反垄断监管机构可能也希望重新审视他们的一些和解协议。

早在 2009 年，微软就通过同意一系列冗长的条件来帮助竞争对手，从而解决了欧洲反垄断案。当时，大多数注意力都集中在向欧洲 Windows 用户提供浏览器选择的要求上。

然而，在概述和解协议的 11 份文件中，其中一份文件的细节更深，其中一项条款旨在让网络安全供应商与微软在为客户提供防病毒和相关应用程序方面处于同等地位。在该条款中，微软同意记录并“让第三方安全软件产品可以使用”其自己的安全软件访问的 Windows 的任何部分。

Windows 计算机上的大多数软件都在与计算机操作系统基本功能分离的区域中运行。这就是为什么当浏览器或电子邮件程序崩溃时，通常不会导致整个系统崩溃。但 Windows 中最有特权的元素运行在一个更强大的区域中，即操作系统的内核。由于微软自己的安全软件有权在内核中运行，因此第三方安全软件（如 CrowdStrike 的安全软件）也拥有同样的特权。

早在 2020 年，苹果就采取行动禁止第三方破坏其 Mac 操作系统的内核。但微软表示，2009 年的和解协议禁止该公司在自己的安全软件访问该特权区域的情况下采取同样的行动。

正如科技行业分析师本·汤普森 (Ben Thompson) 周一指出的那样，监管机构在制定快速发展的科技行业的反垄断解决方案时需要更加灵活。

汤普森写道：“仅仅因为公司在市场上获胜并不意味着几十年前做出的决定必须永远成为常态。”“我认为监管机构经常犯这个错误，特别是在欧洲……在这种情况下，全世界的人都遭受了损失，因为微软从未被允许实施它二十年前就知道有必要进行的安全转变。”

题图：7 月 19 日星期五，纽约州最高法院的一块标牌显示技术故障造成的中断。JEFFERSON SIEGEL/NYT

附原英文报道：

CrowdStrike fiasco shows it may be harder to regulate ‘big tech’ than it seems

By Aaron Pressman Globe Staff,Updated July 23, 2024

Antitrust regulators around the globe have ramped up efforts to rein in big tech companies including Apple, Google, and Amazon. But before those many cases get resolved, the regulators should take a hard look at last week’s widespread disaster that took down 8.5 million PCs running Microsoft Windows.

While the multi-million-machine crash was the fault of Texas cybersecurity firm CrowdStrike, on a deeper level the vulnerability of Windows PCs to such a glitch goes back to a 15-year-old antitrust settlement between Microsoft and the European Commission.

Last week, CrowdStrike issued an automated update to its customers that contained flawed code. Worldwide, hospitals, airlines, and all sorts of other businesses were compromised — and some are still not back to normal. CrowdStrike apologized for the mistake and quickly issued a fix, although, unlike the original flawed update, the fix must be applied individually to every affected PC.

In a blog post, CrowdStrike founder and chief executive George Kurtz promised “you have my commitment to provide full transparency on how this occurred and steps we’re taking to prevent anything like this from happening again.”

At a minimum such prevention will require CrowdStrike to more fully test updates before issuing them to customers. But antitrust regulators may also want to revisit some of their settlements, as well.

Back in 2009, Microsoft settled the European antitrust case by agreeing to a lengthy series of conditions to help competitors. At the time, most attention focused on the requirement to offer Windows users in Europe a choice of browsers.

Buried much deeper in the fine print in one of 11 documents outlining the settlement, however, was a provision meant to give cybersecurity vendors an even footing with Microsoft in providing customers with antivirus and related apps. In the provision, Microsoft agreed to document and “make available for use by third-party security software products” whatever parts of Windows its own security software accessed.

Most software on Windows computers runs in a zone separated from the basic functions of the computer’s operating system. That’s why when a browser or email program crashes, it usually doesn’t take down the whole system. But the most privileged elements of Windows run in a more powerful zone known as the operating system’s kernel. And since Microsoft’s own security software has access to run in the kernel, third party security software, such as CrowdStrike’s, gets the same privilege.

Apple moved to bar third parties from messing up the kernel of its Mac operating system back in 2020. But Microsoft says the 2009 settlement prevented the company from doing the same as long its own security software accessed that privileged zone.

As tech industry analyst Ben Thompson noted on Monday, regulators need to be more flexible in crafting antitrust solutions in the fast-moving tech industry.

“Just because the company won in its market doesn’t mean decisions made decades ago must then be the norm forever,” Thompson wrote. “This is a mistake that I think that regulators make regularly, particularly in Europe…In this case, people all over the world suffered because Microsoft was never allowed to implement a shift in security that it knew was necessary two decades ago.”