Beaver to CanadaEnglish · 1 month agoAre We Too Dependent on Microsoft?www.youtube.comexternal-linkmessage-square22fedilinkarrow-up171arrow-down16cross-posted to: [email protected][email protected]
arrow-up165arrow-down1external-linkAre We Too Dependent on Microsoft?www.youtube.comBeaver to CanadaEnglish · 1 month agomessage-square22fedilinkcross-posted to: [email protected][email protected]
minus-squareyeehawlinkfedilinkarrow-up1·1 month agoI see. How effective is a security tool that can’t stop malicious software that makes itself in ring 0?
minus-squareYaztromo@lemmy.worldlinkfedilinkarrow-up1·1 month agoYou don’t have to run in Ring 0 to detect events occurring in Ring 0. Besides which, as kexts are being obsoleted by Apple getting code to run inside Ring 0 in macOS that isn’t from Apple itself is going to be extremely difficult.
minus-squareyeehawlinkfedilinkarrow-up1·1 month agoRight, but part of the appeal of tools like crowd strike and sentinelone is that they can stop them when they’re in ring 0. And rollback changes. Etc.
I see. How effective is a security tool that can’t stop malicious software that makes itself in ring 0?
You don’t have to run in Ring 0 to detect events occurring in Ring 0.
Besides which, as kexts are being obsoleted by Apple getting code to run inside Ring 0 in macOS that isn’t from Apple itself is going to be extremely difficult.
Right, but part of the appeal of tools like crowd strike and sentinelone is that they can stop them when they’re in ring 0. And rollback changes. Etc.