this post was submitted on 03 Aug 2024
28 points (85.0% liked)
Apple
17607 readers
83 users here now
Welcome
to the largest Apple community on Lemmy. This is the place where we talk about everything Apple, from iOS to the exciting upcoming Apple Vision Pro. Feel free to join the discussion!
Rules:
- No NSFW Content
- No Hate Speech or Personal Attacks
- No Ads / Spamming
Self promotion is only allowed in the pinned monthly thread
Communities of Interest:
Apple Hardware
Apple TV
Apple Watch
iPad
iPhone
Mac
Vintage Apple
Apple Software
iOS
iPadOS
macOS
tvOS
watchOS
Shortcuts
Xcode
Community banner courtesy of u/Antsomnia.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Does Mac OS have an ebpf API like Linux has, or would a similar crowdstrike bug kill a Mac as well? The issue is that windows doesn't really have a way to do this without a kernel driver, which can take the whole system down if there's a bug.
https://developer.apple.com/documentation/endpointsecurity
This API allows for security applications to monitor for potentially malicious behaviors. As it is part of the System Extension and DriverKit, it shouldn’t crash the system kernel… but you do need to request for entitlement from Apple to build apps using that API (honestly probably a good thing, prevents spywares using it to spy on people).
Seems like windows really is behind when it comes to this then, if everyone else has a proper solution. Still, I feel this is more on crowdstrike than Microsoft. For whatever reason they didn't have the right processes in place to avoid pushing bad code.
CrowdStrike managed to break Linux systems a few months ago
https://www.theregister.com/2024/07/21/crowdstrike_linux_crashes_restoration_tools/
Linux, windows and MacOS have security APIs to avoid kernel drivers but they also let the user approve 3rd parties to install them still.