undefined | Better HN

0 pointstptacek1y ago0 comments

A thing I think a lot of people don't include in their premises about Crowdstrike is that they're probably the most significant aftermarket endpoint security product in the world (they are what Norton and McAfee were in 2000), which means they're more than large enough for malware to target their code directly, which creates interesting constraints for where their code can run.

I'm not saying I'd run it (I would not), just that I can see why they have a lot of kernel-resident code.

0 comments

jolux1y ago

> I'm not saying I'd run it (I would not), just that I can see why they have a lot of kernel-resident code.

What would you run instead, or is there a different way of thinking about the problem it addresses that obviates the need?

fsflover1y ago

Not the parent, but security through compartmentalization seems like a more robust approach. See: Qubes OS.

j / k navigate · click thread line to collapse