Xatolos@reddthat.com to Technology@lemmy.worldEnglish · 10 months agoMicrosoft to host security summit after CrowdStrike disasterarstechnica.comexternal-linkmessage-square40fedilinkarrow-up11arrow-down10
arrow-up11arrow-down1external-linkMicrosoft to host security summit after CrowdStrike disasterarstechnica.comXatolos@reddthat.com to Technology@lemmy.worldEnglish · 10 months agomessage-square40fedilink
minus-squaredeegeese@sopuli.xyzlinkfedilinkEnglisharrow-up0·10 months agoRunning security products in kernel mode is precisely what caused this disaster.
minus-squarelud@lemm.eelinkfedilinkEnglisharrow-up0·10 months agoIt needs that kind of access to fight advanced attacks. It would surprise me if similar EDR programs didn’t have similar access on Linux systems, for example.
minus-squaredeegeese@sopuli.xyzlinkfedilinkEnglisharrow-up0·10 months agoNo, you make a management API for security products that run in user space as root, you don’t use kernel modules.
minus-squarelud@lemm.eelinkfedilinkEnglisharrow-up0·10 months agoIs that the way that EDR is implemented on Linux or are you guessing?
Running security products in kernel mode is precisely what caused this disaster.
It needs that kind of access to fight advanced attacks. It would surprise me if similar EDR programs didn’t have similar access on Linux systems, for example.
No, you make a management API for security products that run in user space as root, you don’t use kernel modules.
Is that the way that EDR is implemented on Linux or are you guessing?