this post was submitted on 03 Aug 2024
64 points (92.1% liked)
Canada
7268 readers
644 users here now
What's going on Canada?
Related Communities
🍁 Meta
🗺️ Provinces / Territories
- Alberta
- British Columbia
- Manitoba
- New Brunswick
- Newfoundland and Labrador
- Northwest Territories
- Nova Scotia
- Nunavut
- Ontario
- Prince Edward Island
- Quebec
- Saskatchewan
- Yukon
🏙️ Cities / Local Communities
- Calgary (AB)
- Edmonton (AB)
- Greater Sudbury (ON)
- Guelph (ON)
- Halifax (NS)
- Hamilton (ON)
- Kootenays (BC)
- London (ON)
- Mississauga (ON)
- Montreal (QC)
- Nanaimo (BC)
- Oceanside (BC)
- Ottawa (ON)
- Port Alberni (BC)
- Regina (SK)
- Saskatoon (SK)
- Thunder Bay (ON)
- Toronto (ON)
- Vancouver (BC)
- Vancouver Island (BC)
- Victoria (BC)
- Waterloo (ON)
- Winnipeg (MB)
Sorted alphabetically by city name.
🏒 Sports
Hockey
- Main: c/Hockey
- Calgary Flames
- Edmonton Oilers
- Montréal Canadiens
- Ottawa Senators
- Toronto Maple Leafs
- Vancouver Canucks
- Winnipeg Jets
Football (NFL): incomplete
Football (CFL): incomplete
Baseball
Basketball
Soccer
- Main: /c/CanadaSoccer
- Toronto FC
💻 Schools / Universities
- BC | UBC (U of British Columbia)
- BC | SFU (Simon Fraser U)
- BC | VIU (Vancouver Island U)
- BC | TWU (Trinity Western U)
- ON | UofT (U of Toronto)
- ON | UWO (U of Western Ontario)
- ON | UWaterloo (U of Waterloo)
- ON | UofG (U of Guelph)
- ON | OTU (Ontario Tech U)
- QC | McGill (McGill U)
Sorted by province, then by total full-time enrolment.
💵 Finance, Shopping, Sales
- Personal Finance Canada
- BAPCSalesCanada
- Canadian Investor
- Buy Canadian
- Quebec Finance
- Churning Canada
🗣️ Politics
- General:
- Federal Parties (alphabetical):
- By Province (alphabetical):
🍁 Social / Culture
Rules
Reminder that the rules for lemmy.ca also apply here. See the sidebar on the homepage: lemmy.ca
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Couldn't CrowdStrike do this to Linux too? And couldn't that be much worse? Like deeper network infrastructure?
Yes. But what if the world was 1/3rd Linux, 1/3rd windows, 1/3rd OSX? Then potentially the overall failure would have been less, which I think the point of this piece was.
The 1/3 running macOS (they haven’t called in OS X in many years now) wouldn’t have to worry, because Apple provides kernel event access for security tools running in user space. The CrowdStrike Falcon Sensor driver on macOS runs as a System Extension, and runs 100% in user space (“Ring 3” in Intel parlance) only — so if it misbehaves, the kernel can just shut it down and continue on its merry way.
The problem with Windows (and to a certain extend Linux) is that Falcon Sensor needs to run in kernel mode (Ring 0) on those OS’s, and if it fucks up you lose all guarantees that the kernel and all of the apps running on the system haven’t been fucked with, hence the need for a full system crash/shutdown. The driver can (and did) put these systems in an indeterministic state. But that can’t happen on modern macOS with modern System Extensions.
I see. How effective is a security tool that can't stop malicious software that makes itself in ring 0?
You don’t have to run in Ring 0 to detect events occurring in Ring 0.
Besides which, as kexts are being obsoleted by Apple getting code to run inside Ring 0 in macOS that isn’t from Apple itself is going to be extremely difficult.
Right, but part of the appeal of tools like crowd strike and sentinelone is that they can stop them when they're in ring 0. And rollback changes. Etc.