• aptgetrekt@sh.itjust.works
      link
      fedilink
      arrow-up
      24
      ·
      5 months ago

      To be fair, kernel level access by third party software is kind of frowned upon in the Linux world. Ask any desktop Linux user how they feel about NVIDIA (the only third party kernel code an average Linux user will install) and their drivers randomly causing strange issues on their systems up to and including kernel panics compared to the experience on AMD where the driver is open and built into the kernel itself. For security software that needs low level visibility, there is eBPF, direct kernel level access isn’t needed (though I believe CrowdStrike uses it, and thay actually did CrowdStrike Debian and Rocky Linux systems some time back).

      MacOS blocked the majority of kernel extensions a few years ago as well.

      Windows is the only OS where it has been designed in a way where kernel level access is the rule rather than the exception. So design flaws are at least partially at fault here.

      • PrettyFlyForAFatGuy@feddit.uk
        link
        fedilink
        arrow-up
        4
        ·
        edit-2
        5 months ago

        I’m so glad i got rid of my nvidia card. Having to reinstall the divers and kernel-headers every time my kernel updated was getting old.

      • UndercoverUlrikHD@programming.dev
        link
        fedilink
        arrow-up
        2
        ·
        5 months ago

        Heard from someone else (so take it with a grain of salt) that CrowdStrike and/or similar companies threatened Microsoft with an antitrust suit when Microsoft tried to force them to use an API instead of working directly with the kernel.

      • ElectricMoose@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        5 months ago

        The opinion of Linux desktop users (or any users really) do not count in the enterprise world. Somehow, if management bought in on the Crowdstrike rootkit bandwagon, you’ll see it on corporate hardware. It doesn’t matter if it’s a bad plan; it doesn’t matter if it gives an American company a backdoor to all you infrastructure; if the CISO decides everyone gets it, everyone get it.

        The only thing you can really do as a lowly employee is keep any such device away from any personal info or network as if it’s infected by malware (which I would argue is exactly what it is).

    • Fushuan [he/him]@lemm.ee
      link
      fedilink
      English
      arrow-up
      19
      ·
      5 months ago

      Windows: exists

      Crowdstrike: exists

      Windows: open belly, right here!

      Crowdstrike: stabs

      Crowdstrike released bad code into prod without giving it some hours of testing in local machines or whatever. Incredible fuckup, inimaginable. But, let’s not take blame out of Microsoft, if a driver is faulty the system should be resilient enough no to crap the bed on login. At least enough for IT to be able to remotely access the system and fix it. The manual work the IT world has had to do because it’s lost remote access to workstations is insane.