Beaver@lemmy.ca to Canada@lemmy.caEnglish · 2年前Are We Too Dependent on Microsoft?www.youtube.comexternal-linkmessage-square21fedilinkarrow-up171cross-posted to: linux@lemmy.mlapple_enthusiast@lemmy.world
arrow-up171external-linkAre We Too Dependent on Microsoft?www.youtube.comBeaver@lemmy.ca to Canada@lemmy.caEnglish · 2年前message-square21fedilinkcross-posted to: linux@lemmy.mlapple_enthusiast@lemmy.world
minus-squareyeehaw@lemmy.calinkfedilinkarrow-up1·2年前I see. How effective is a security tool that can’t stop malicious software that makes itself in ring 0?
minus-squareYaztromo@lemmy.worldlinkfedilinkarrow-up1·2年前You don’t have to run in Ring 0 to detect events occurring in Ring 0. Besides which, as kexts are being obsoleted by Apple getting code to run inside Ring 0 in macOS that isn’t from Apple itself is going to be extremely difficult.
minus-squareyeehaw@lemmy.calinkfedilinkarrow-up1·2年前Right, but part of the appeal of tools like crowd strike and sentinelone is that they can stop them when they’re in ring 0. And rollback changes. Etc.
I see. How effective is a security tool that can’t stop malicious software that makes itself in ring 0?
You don’t have to run in Ring 0 to detect events occurring in Ring 0.
Besides which, as kexts are being obsoleted by Apple getting code to run inside Ring 0 in macOS that isn’t from Apple itself is going to be extremely difficult.
Right, but part of the appeal of tools like crowd strike and sentinelone is that they can stop them when they’re in ring 0. And rollback changes. Etc.