Beaver@lemmy.ca to Canada@lemmy.caEnglish · 2 years agoAre We Too Dependent on Microsoft?www.youtube.comexternal-linkmessage-square21fedilinkarrow-up171cross-posted to: linux@lemmy.mlapple_enthusiast@lemmy.world
arrow-up171external-linkAre We Too Dependent on Microsoft?www.youtube.comBeaver@lemmy.ca to Canada@lemmy.caEnglish · 2 years agomessage-square21fedilinkcross-posted to: linux@lemmy.mlapple_enthusiast@lemmy.world
minus-squareyeehaw@lemmy.calinkfedilinkarrow-up1·2 years agoI see. How effective is a security tool that can’t stop malicious software that makes itself in ring 0?
minus-squareYaztromo@lemmy.worldlinkfedilinkarrow-up1·2 years agoYou don’t have to run in Ring 0 to detect events occurring in Ring 0. Besides which, as kexts are being obsoleted by Apple getting code to run inside Ring 0 in macOS that isn’t from Apple itself is going to be extremely difficult.
minus-squareyeehaw@lemmy.calinkfedilinkarrow-up1·2 years agoRight, but part of the appeal of tools like crowd strike and sentinelone is that they can stop them when they’re in ring 0. And rollback changes. Etc.
I see. How effective is a security tool that can’t stop malicious software that makes itself in ring 0?
You don’t have to run in Ring 0 to detect events occurring in Ring 0.
Besides which, as kexts are being obsoleted by Apple getting code to run inside Ring 0 in macOS that isn’t from Apple itself is going to be extremely difficult.
Right, but part of the appeal of tools like crowd strike and sentinelone is that they can stop them when they’re in ring 0. And rollback changes. Etc.