Beaver to CanadaEnglish · 5 months agoAre We Too Dependent on Microsoft?www.youtube.comexternal-linkmessage-square22fedilinkarrow-up171arrow-down16cross-posted to: [email protected][email protected]
arrow-up165arrow-down1external-linkAre We Too Dependent on Microsoft?www.youtube.comBeaver to CanadaEnglish · 5 months agomessage-square22fedilinkcross-posted to: [email protected][email protected]
minus-squareyeehawlinkfedilinkarrow-up1·5 months agoI see. How effective is a security tool that can’t stop malicious software that makes itself in ring 0?
minus-squareYaztromo@lemmy.worldlinkfedilinkarrow-up1·5 months agoYou don’t have to run in Ring 0 to detect events occurring in Ring 0. Besides which, as kexts are being obsoleted by Apple getting code to run inside Ring 0 in macOS that isn’t from Apple itself is going to be extremely difficult.
minus-squareyeehawlinkfedilinkarrow-up1·5 months agoRight, but part of the appeal of tools like crowd strike and sentinelone is that they can stop them when they’re in ring 0. And rollback changes. Etc.
I see. How effective is a security tool that can’t stop malicious software that makes itself in ring 0?
You don’t have to run in Ring 0 to detect events occurring in Ring 0.
Besides which, as kexts are being obsoleted by Apple getting code to run inside Ring 0 in macOS that isn’t from Apple itself is going to be extremely difficult.
Right, but part of the appeal of tools like crowd strike and sentinelone is that they can stop them when they’re in ring 0. And rollback changes. Etc.