Beaver@lemmy.ca to Canada@lemmy.caEnglish · 4 months agoAre We Too Dependent on Microsoft?www.youtube.comexternal-linkmessage-square22fedilinkarrow-up171cross-posted to: linux@lemmy.mlapple_enthusiast@lemmy.world
arrow-up171external-linkAre We Too Dependent on Microsoft?www.youtube.comBeaver@lemmy.ca to Canada@lemmy.caEnglish · 4 months agomessage-square22fedilinkcross-posted to: linux@lemmy.mlapple_enthusiast@lemmy.world
minus-squareyeehaw@lemmy.calinkfedilinkarrow-up1·4 months agoI see. How effective is a security tool that can’t stop malicious software that makes itself in ring 0?
minus-squareYaztromo@lemmy.worldlinkfedilinkarrow-up1·4 months agoYou don’t have to run in Ring 0 to detect events occurring in Ring 0. Besides which, as kexts are being obsoleted by Apple getting code to run inside Ring 0 in macOS that isn’t from Apple itself is going to be extremely difficult.
minus-squareyeehaw@lemmy.calinkfedilinkarrow-up1·4 months agoRight, but part of the appeal of tools like crowd strike and sentinelone is that they can stop them when they’re in ring 0. And rollback changes. Etc.
I see. How effective is a security tool that can’t stop malicious software that makes itself in ring 0?
You don’t have to run in Ring 0 to detect events occurring in Ring 0.
Besides which, as kexts are being obsoleted by Apple getting code to run inside Ring 0 in macOS that isn’t from Apple itself is going to be extremely difficult.
Right, but part of the appeal of tools like crowd strike and sentinelone is that they can stop them when they’re in ring 0. And rollback changes. Etc.