Microsoft has placed the blame for limitations on Windows security on a 2009 agreement with the European Commission. This comes after a recent incident where security software from CrowdStrike unintentionally crippled millions of Windows machines worldwide.

According to The Wall Street Journal report, a Microsoft spokesperson pointed to the deal as the reason the company can’t tighten Windows security further. Following an earlier complaint, Microsoft agreed to provide third-party security software vendors with the same level of access to Windows’ inner workings that Microsoft itself has.

This access, achieved through Application Programming Interfaces (APIs), allows security companies to integrate their software more deeply with Windows. While this fosters a level playing field, as the EU had intended, it also creates potential security risks. The CrowdStrike incident, where a bug in their software caused widespread disruptions, serves as a stark example.

The irony here is that the EU’s efforts to promote fair competition might be hindering security advancements. Apple and Google, for instance, are not bound by similar restrictions on their macOS and ChromeOS platforms. Apple, in fact, limited developer access to the core of their operating system in 2020, albeit at the cost of requiring software changes.

The EU has recently intensified its scrutiny of big tech companies and their potentially anti-competitive practices. Loosening restrictions on Microsoft’s control over Windows security seems unlikely, despite the potential security benefits.

This situation creates a complex conundrum. Openness and a level playing field are desirable, but so is robust security. Striking the right balance between these competing interests will likely be a topic of ongoing debate between Microsoft, the EU, and security experts.