|
Top-level
 @breiter Ah yeah, didn’t know Windows has a similar thing now. Strange that Crowdstrike didn’t use it, when they made the move for Linux! Anyway, the finger pointing at the EU is ridiculous. If they don’t want to blame themselves (I still refuse to believe there’s nothing MS could do to handle this type of problem more gracefully), blame Crowdstrike. 2 comments
@thelinuxEXP I have had endpoint security engineers tell me that using these safe interfaces precludes some of the differentiating features of CrowdStrike Falcon and other similar endpoint tools. I’m extremely dubious that those features are worth the risk and added surface area exposed by the security and compliance probe as a kernel module in the first place. Using a rootkit as the vehicle for compliance in all Fortune 500 companies seems like a bad idea a priori. |
Gregory's Server
@thelinuxEXP my guess is that Linux server admins had the political clout to force a change.
Windows had AMSI for something like 20+ years. dtrace for about 5 years. There was a technology that Microsoft wanted to use to protect the kernel integrity that the EC blocked because security vendors brought a complaint.
In my company Windows is only allowed in a VM, FWIW. I think Microsoft has painted themselves into a corner with their infinite backward compatibility and bad legacy decisions.