undefined | Better HN

0 pointsmardifoufs1y ago0 comments

I don't agree. I'm glad Microsoft doesn't provide the functionality to do what crowdstrike does to user space. Crowdstrike acts in a similar way to deeply seated malware, except that it is usually installed voluntarily. But the behavior and capabilities that it has are basically what any malware would dream of, and exposing them to user space would imo create a mess (especially on windows). If anything, this is good as it will make people even more weary of kernel mode software.

And I'm not sure epbf actually allows you to do a lot of the stuff crowdstrike-like software does. I know they use it on Linux though so maybe eBPF has evolved a lot since I last looked at it.

0 comments

cyrnel1y ago

I generally agree with you. It's an either-or thing: either Microsoft secures their OS, or they provide safe ways for users to secure their OS. The first option is a million times better, but having neither option leads us to this mess.

j / k navigate · click thread line to collapse

0 pointsmardifoufs1y ago0 comments

And I'm not sure epbf actually allows you to do a lot of the stuff crowdstrike-like software does. I know they use it on Linux though so maybe eBPF has evolved a lot since I last looked at it.

0 comments

cyrnel1y ago

j / k navigate · click thread line to collapse