this post was submitted on 26 Jul 2024
336 points (98.8% liked)
Linux Gaming
15892 readers
2 users here now
Gaming on the GNU/Linux operating system.
Recommended news sources:
Related chat:
Related Communities:
Please be nice to other members. Anyone not being nice will be banned. Keep it fun, respectful and just be awesome to each other.
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Security software doesn't necessarily NEED access to the kernel, but kernel-level access provides the maximum amount of access and visibility to the rest of the system. The only thing higher then kernel-level is hardware-level.
In the case of CrowdStrike, kernel-level access provides their software to have the highest privileges which yields in the most effective defense against malware (in theory). However third-party, kernel-level access is never a good idea. Software that has kernel-level access can be, and has been, exploited before. In the case of CrowdStrike, it was a faulty update that screwed over Windows systems. The more access you have in a system, the more you screw it over when something fails.
Yes! You are correct. If implemented correctly of course, restricted access to the kernel provides a higher amount of security.
In theory, the more restricted the kernel is, the more difficult it is for malware to access the kernel.
Yes. A function of the kernel is providing a way for software and hardware to communicate with each other.