Tom Dotan and Robert McMillian, reporting for The Wall Street Journal:

Many people who showed up at work Friday morning knew only one thing though: Their PCs had the blue screen of death, while Macs and Chromebooks were still working. Searches for “Microsoft outage” outranked “CrowdStrike outage” on Google consistently from Friday morning through Saturday morning.

Friday’s meltdown brought a trade-off inherent to Windows into sharp relief. Its open design gives developers the freedom to design powerful software that interacts with the operating system at a very deep level. But when things go wrong, the results can be catastrophic, as millions discovered on Friday.

Because Apple runs a closed ecosystem, the company has a “much healthier balance between forcing people to upgrade, forcing applications to maintain good security practices or they pull them off of the App Store,” said Amit Yoran, chief executive of cybersecurity firm Tenable…

A Microsoft spokesman said it cannot legally wall off its operating system in the same way Apple does because of an understanding it reached with the European Commission following a complaint. In 2009, Microsoft agreed it would give makers of security software the same level of access to Windows that Microsoft gets.

So maybe placing technology regulation in the hands of Luddites is a bad idea.

As I insinuated on Friday, this would’ve never happened if the world ran on Macs instead of Windows computers because Macs do not give such access to third-party applications. They never will, they never should, and if any moronic regulatory body forces Apple to do so, Apple should fight it tooth and nail and if it loses, it should pull out of that market entirely. Macs, even though they offer “sideloading” — the ability to install software outside the platform’s native app marketplace without permission or notarization — do not allow third-party software the ability to throw the entire operating system into a boot loop because they run in a semi-sandboxed environment, even if the app isn’t notarized at all. It’s just technically impossible to build software that renders a Mac useless to the point where it won’t even boot anymore.

Of course, the safest place to download software for the Mac is the Mac App Store, but realistically, nobody uses that because they don’t want to deal with Apple’s painful regulation. (I agree — the Mac App Store shouldn’t be the default place to purchase Mac software.) But even if a developer makes someone download a non-notarized, non-signed application from the web, it cannot be given root access like this1. macOS always has a layer of security to prevent this kind of code from throwing the computer into an abyss of blueness, whether it be System Integrity Protection on Intel Macs or the Secure Enclave’s built-in security for Apple silicon computers. There is no way of gaining kernel-level, root access to a Mac — period.

It is possible to disable some security settings on Apple silicon Macs or SIP on Intel models, but it is highly discouraged and very convoluted to do. No well-intentioned IT department of basic intelligence would ever do it to “replace” macOS’ built-in security with a cruddy “enterprise-level” antivirus product, and no antivirus software available on the Mac ever recommends disabling SIP because that’s an absolutely ludicrous proposition. In stark contrast, most antivirus software on Windows recommends disabling Windows Defender — which isn’t even near as protective yet permissive as SIP or Apple silicon’s protection — to prevent conflicts, but we’ve clearly learned since Friday that Windows Defender should never be disabled over some cheaply made security software from some moronic company called CrowdStrike.

The bottom line is that if European regulators get their way, they’ll make Apple disable the software on Apple silicon Macs that disallows unsigned and un-notarized kernel extensions. Currently when put in Reduced Security mode, Apple silicon Macs can run “legacy” kernel extensions, but they have to be signed by Apple beforehand. It can be argued that Friday’s issue wasn’t due to a faulty kernel driver — from CrowdStrike: “Although Channel Files end with the SYS extension, they are not kernel drivers.” — but regardless, this “Channel File” was given root-level access in some capacity to allow it to take down the entire system. This is known thanks to this sentence in CrowdStrike’s technical explanation: “Systems running Linux or macOS do not use Channel File 291 and were not impacted.”

I can’t blame Microsoft for this, even though it is very tempting for me to do so, because it’s the European Commission’s fault for forcing Microsoft to open up its system. Thanks to some ill-informed grandparents in Brussels, the world’s infrastructure came to a screeching halt on what would otherwise be a normal summer Friday.


  1. Non-notarized apps can be installed on the Mac with relative ease, though Apple is making this more complicated in macOS 15 Sequoia. ↩︎