Microsoft Says It Is ‘Committed To Ensuring A Level Playing Field For Software Security Providers’
‘As both the platform provider and a security solution developer, Microsoft is committed to ensuring a level playing field for software security providers,’ said Microsoft in a written response to CRN questions following a CRN Security Roundtable.
Microsoft, which has made big market-share gains in the security market with its Defender software, told CRN it is “committed to ensuring a level playing field” for other software security providers.
“As both the platform provider and a security solution developer, Microsoft is committed to ensuring a level playing field for software security providers,” said Microsoft in a written response to CRN questions after concerns were raised by security software executives in a CRN Security Roundtable session. “This is demonstrated through the Microsoft Virus Initiative (MVI) program, a program that provides third-party security vendors with Windows APIs, system capabilities, early access to platform changes, and technical documentation to ensure their applications run reliably and securely on Windows devices.”
Microsoft’s market share for Microsoft Defender for worldwide modern endpoint security surged from 25.8 percent in 2023 to 28.6 percent in 2024, followed by CrowdStrike at 16.8 percent, Broadcom at 6 percent, Trellix at 5.9 percent and Sophos at 5 percent, according to an IDC market-share report released in May.
Microsoft Defender Antivirus is included free with the Windows operating system, but Microsoft Defender for Endpoint and Microsoft Defender for Office 365 do require subscriptions.
In response to a question on does the company “ensure a level playing field for security software makers with its dual role as an OS and a security software provider?” Microsoft wrote that its “number one priority is security” as it plays a “dual role” in terms of the security of Windows.
“As an OS vendor, Microsoft supports customer choice and a broad ecosystem of security partners on top of Windows. As a security vendor, our priority is delivering industry-leading protection for multi-platform endpoints including those on Windows and multi-cloud environments,” Microsoft wrote.
Among the issues raised at the CRN Security Roundtable session was third-party security software maker access to the Microsoft Windows kernel in the wake of the massive CrowdStrike-caused outage in July 2024.
Microsoft said that its “current policy ensures that third-party security software vendors continue to have access to the Windows kernel,” just as they have in the past.
“While we are developing new platform capabilities that allow security solutions to operate outside of kernel mode—enhancing system resiliency and reducing risk—kernel access remains available and supported for vendors who require it,” Microsoft wrote.
As to claims by some that it has monopoly power in the security market due to its dual role, Microsoft wrote: “We are committed to the openness of the Windows platform and support choice for our customers in their security software decisions.”
Below are the questions CRN presented to Microsoft in the wake of concerns from CRN Roundtable Security participants with the full response from Microsoft.
How does Microsoft ensure a level playing field for security software makers with its dual role as an OS and a security software provider?
As both the platform provider and a security solution developer, Microsoft is committed to ensuring a level playing field for software security providers. This is demonstrated through the Microsoft Virus Initiative (MVI) program, a program that provides third-party security vendors with Windows APIs, system capabilities, early access to platform changes, and technical documentation to ensure their applications run reliably and securely on Windows devices.
Microsoft Defender Antivirus (AV) uses the same Windows APIs as third-party antivirus solutions and does not receive privileged access to Windows. When a third-party antivirus registers for real-time protection, Microsoft Defender AV turns off. If that protection is removed, Microsoft Defender AV turns back on to ensure the user is always protected.
How has Microsoft’s position as an OS vendor impacted Microsoft Defender software development and the unique characteristics of Microsoft Defender?
Microsoft’s number one priority is security, and Microsoft plays a dual role in terms of the security of Windows. As an OS vendor, Microsoft supports customer choice and a broad ecosystem of security partners on top of Windows. As a security vendor, our priority is delivering industry leading protection for multi-platform endpoints including those on Windows and multi-cloud environments.
What is the current Microsoft policy of providing competing security software makers access to the Microsoft kernel?
Our current policy ensures that third-party security software vendors continue to have access to the Windows kernel, just as they have in the past. While we are developing new platform capabilities that allow security solutions to operate outside of kernel mode—enhancing system resiliency and reducing risk—kernel access remains available and supported for vendors who require it.
What is the status of the new Windows endpoint security platform with a user-mode alternative to kernel access, allowing security services to run outside the kernel to improve reliability and resilience?
In July, we delivered a private preview of the Windows endpoint security platform to a set of Microsoft Virus Initiative (MVI) partners, allowing them to start building their solutions to run outside the kernel in user mode, just as apps do. We will continue to collaborate with our MVI partners during this private preview.
When will that new Windows endpoint security platform with a user-mode alternative be generally available?
We do not have any updates to share at this time.
Will that new Windows endpoint security platform with a user mode change Microsoft’s policy on software makers’ access to the kernel?
We do not have any updates to share at this time.
What is Microsoft's reaction to claims from some competitors that it has a monopoly power in the market with its dual role as an OS and security software provider?
We are committed to the openness of the Windows platform and support choice for our customers in their security software decisions.