Whatever CrowdStrike’s “features” are should already be core security features of the kernel itself, or be exposed/extracted into user space.
NT was supposed to be a micro kernel. That this tool injects itself into the kernel immediately compromises the kernel. Edit: I should point out that it seems that CS injects drivers into the Linux kernel too, it might just be that Linux handles a driver crash more elegantly.
No different to the gaming anti-cheat kernel crap.
Having a “security” tool immediately compromise your actual security is absurd.
I’d love to know how you plan to do user mode packet filtering. Keep in mind that on Linux, the designated API is inherently kernel mode. https://netfilter.org/
This isn’t one of the cases where we’re talking about Linux being superior to windows. Any OS will be fucked if you give it a mangled kernel module. In this case, it’s just that only one got one.
Your perception that anything that touches the kernel is an intrinsic security risk is unfounded.
TL;DR: Because the underlying OS is garbage.
Whatever CrowdStrike’s “features” are should already be core security features of the kernel itself, or be exposed/extracted into user space.
NT was supposed to be a micro kernel. That this tool injects itself into the kernel immediately compromises the kernel. Edit: I should point out that it seems that CS injects drivers into the Linux kernel too, it might just be that Linux handles a driver crash more elegantly.
No different to the gaming anti-cheat kernel crap.
Having a “security” tool immediately compromise your actual security is absurd.
I’d love to know how you plan to do user mode packet filtering. Keep in mind that on Linux, the designated API is inherently kernel mode. https://netfilter.org/
This isn’t one of the cases where we’re talking about Linux being superior to windows. Any OS will be fucked if you give it a mangled kernel module. In this case, it’s just that only one got one.
Your perception that anything that touches the kernel is an intrinsic security risk is unfounded.