this post was submitted on 26 Jul 2024
336 points (98.8% liked)
Linux Gaming
15818 readers
56 users here now
Gaming on the GNU/Linux operating system.
Recommended news sources:
Related chat:
Related Communities:
Please be nice to other members. Anyone not being nice will be banned. Keep it fun, respectful and just be awesome to each other.
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Why not have a structure in place that has Microsoft review/test code from third parties. At the end of the day it is Microsoft that took the public hit so they should be the last line of defence in this process.
Those that wish to have their code sit at the privileged/kernel level should either pay up or supply Microsoft with resources to do the tests Microsoft would require.
What shouldn't happen is third parties doing their work at a privileged level without the oversight.
@dueuwuje @mudle
If I understand it correctly, it already has been (at least formally) reviewed by microsoft before signing and allowing that signed code run kernel-mode. But the crowdstrike's driver module was not just running malware scanner on itself, it was interpreting what is basically unsigned code that was easier and faster to update. This unsigned files were the ones containing faulty update.
At least that what I understand from https://www.youtube.com/watch?v=wAzEJxOo1ts , it may not be entirely correct or I may have misunderstood.
But if it is true, it may be more sensible to make an API so software with specific permissions could access information needed to effectively function as antivirus, without being run in kernel mode.
I've come to this conclusion as well. I believe Apple has similar functionality with their "kernel-extensions", I believe it's called.