Xatolos@reddthat.com to Technology@lemmy.worldEnglish · 1 month agoMicrosoft to host security summit after CrowdStrike disasterarstechnica.comexternal-linkmessage-square19fedilinkarrow-up11arrow-down10
arrow-up11arrow-down1external-linkMicrosoft to host security summit after CrowdStrike disasterarstechnica.comXatolos@reddthat.com to Technology@lemmy.worldEnglish · 1 month agomessage-square19fedilink
minus-squaredeegeese@sopuli.xyzlinkfedilinkEnglisharrow-up0·1 month agoRunning security products in kernel mode is precisely what caused this disaster.
minus-squarelud@lemm.eelinkfedilinkEnglisharrow-up0·1 month agoIt needs that kind of access to fight advanced attacks. It would surprise me if similar EDR programs didn’t have similar access on Linux systems, for example.
minus-squaredeegeese@sopuli.xyzlinkfedilinkEnglisharrow-up0·1 month agoNo, you make a management API for security products that run in user space as root, you don’t use kernel modules.
minus-squarelud@lemm.eelinkfedilinkEnglisharrow-up0·1 month agoIs that the way that EDR is implemented on Linux or are you guessing?
Running security products in kernel mode is precisely what caused this disaster.
It needs that kind of access to fight advanced attacks. It would surprise me if similar EDR programs didn’t have similar access on Linux systems, for example.
No, you make a management API for security products that run in user space as root, you don’t use kernel modules.
Is that the way that EDR is implemented on Linux or are you guessing?