At this point we want antivirus and anticheat out of windows kernel. Microsoft killing access to it will genuinely fix Linux compatibility issues.
It couldn’t be more win-win.
Microsoft is trying to test that approach. The company tested restricting kernel access to third party security vendors in the past, with Vista OS in 2006, but had to backtrack the move.
Symantec and McAfee then claimed Microsoft’s decision to shut off access to the kernel amounts to “anti-competitive behavior.”
Without kernel access, this software may struggle to perform in-depth behavioral analyses of processes and applications, to meet its objectives, said Varkey. “Blocking this access can limit the software’s ability to detect and prevent sophisticated attacks.”
They can’t be trusted, kick out everyone’s access to the kernel. Everyone must use API and that can be interpreted.
They need to do what MacOS and Linux have done. There are safer ways to interact with and inspect the running state of the kernel in those operating systems (eBPF for Linux, a bunch of APIs I don’t know much about for MacOS). Software needs a way to do the shit it’s doing, you can’t just turn it off and provide no alternative.
If Microsoft provides a safe API, then Wine can translate calls to that API and approximate the same degree of protection for Linux boxen.
I also agree with the other person, you should still be allowed to fuck around with the kernel on your own box. Major software vendors should be discouraged from writing shit that directly runs in ring 0, but end users should be allowed to do whatever.
If i understand the protection rings correctly, MS could just force all drivers into ring 1 or 2 instead of ring 0, and moreorless fix the issue as well, as the core system would be on ring 0, and everything else on ring 1-3, its just MS as a whole hasen’t supported ring 1 or 2 since early windows days. This feature being implemented from what I understand is what moreorless allowed the Linux edition of crowdstrike to have less of an impact, as it offered a way of installation that allowed the program to “fail” without doing a hard crash of the system.
At this point we want antivirus and anticheat out of windows kernel. Microsoft killing access to it will genuinely fix Linux compatibility issues.
It couldn’t be more win-win.
They can’t be trusted, kick out everyone’s access to the kernel. Everyone must use API and that can be interpreted.
They need to do what MacOS and Linux have done. There are safer ways to interact with and inspect the running state of the kernel in those operating systems (eBPF for Linux, a bunch of APIs I don’t know much about for MacOS). Software needs a way to do the shit it’s doing, you can’t just turn it off and provide no alternative.
If Microsoft provides a safe API, then Wine can translate calls to that API and approximate the same degree of protection for Linux boxen.
I also agree with the other person, you should still be allowed to fuck around with the kernel on your own box. Major software vendors should be discouraged from writing shit that directly runs in ring 0, but end users should be allowed to do whatever.
If i understand the protection rings correctly, MS could just force all drivers into ring 1 or 2 instead of ring 0, and moreorless fix the issue as well, as the core system would be on ring 0, and everything else on ring 1-3, its just MS as a whole hasen’t supported ring 1 or 2 since early windows days. This feature being implemented from what I understand is what moreorless allowed the Linux edition of crowdstrike to have less of an impact, as it offered a way of installation that allowed the program to “fail” without doing a hard crash of the system.
That sounds very right to me. Wine is known to bypass certain anticheat software.