Email or username:

Password:

Forgot your password?
Top-level
Brian Reiter

@thelinuxEXP my guess is that Linux server admins had the political clout to force a change.

Windows had AMSI for something like 20+ years. dtrace for about 5 years. There was a technology that Microsoft wanted to use to protect the kernel integrity that the EC blocked because security vendors brought a complaint.

In my company Windows is only allowed in a VM, FWIW. I think Microsoft has painted themselves into a corner with their infinite backward compatibility and bad legacy decisions.

1 comment
Brian Reiter

@thelinuxEXP I have had endpoint security engineers tell me that using these safe interfaces precludes some of the differentiating features of CrowdStrike Falcon and other similar endpoint tools. I’m extremely dubious that those features are worth the risk and added surface area exposed by the security and compliance probe as a kernel module in the first place.

Using a rootkit as the vehicle for compliance in all Fortune 500 companies seems like a bad idea a priori.

Go Up