MS could have provided security hooks similar to BPF in Linux, and similar mechanisms with Apple, rather than having Crowdstrike run arbitrary buggy code at the highest privilege level.
They could have, however the timeline the regulators gave Microsoft to comply was incompatible with the amount of work required to build such system. With a legal deadline hanging over their heads Microsoft chose to hand over the keys to their existing tools.
^ This statement cannot be accepted without proof. It sounds outlandish and weird. Which regulator? Under what authority. Also Microsoft doesn’t listen to ANYBODY.
I've seen this stated before, but I haven't been able to find reliable data on when regulators required Microsoft to provide the access that they provided, or whether there's been time to provide a more secure approach. Do you know?
That's not the default option for kernel drivers on Windows, so this was an explicit choice on Crowdstrike's part.