this post was submitted on 20 Jul 2024
160 points (98.8% liked)

Asklemmy

43893 readers
1306 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[โ€“] NutWrench@lemmy.ml 12 points 3 months ago (3 children)

When an operating system allows a single misbehaving program to take down the whole computer and leave it unbootable. I thought we left that behind with Windows 95.

[โ€“] turkalino@lemmy.yachts 18 points 3 months ago (2 children)

Drivers usually run in kernel space, where a crash can bring the whole system down. This is not exclusive to Windows

[โ€“] riskable@programming.dev 10 points 3 months ago

Yes but only in Windows land do you see jillions of (proprietary) drivers made by 3rd parties. Many of which self-update.

[โ€“] wewbull@feddit.uk -3 points 3 months ago (2 children)

This isn't a driver. It's anti-malware. Nobody on Linux puts such software in kernel space (as far as I'm aware). Root service? maybe, but that's still a user-space process.

[โ€“] wizardbeard@lemmy.dbzer0.com 6 points 3 months ago* (last edited 3 months ago)

It is a driver though, it runs at kernel level and intercepts system calls for logging, analysis, and potential blocking if malware type patterns are detected in the system calls.

[โ€“] HKayn@dormi.zone 1 points 3 months ago

Nobody on Linux puts such software in kernel space

Falcon Sensor is also being distributed for RHEL and Debian, and it caused issues there too.

https://www.neowin.net/news/crowdstrike-broke-debian-and-rocky-linux-months-ago-but-no-one-noticed/

[โ€“] Catsrules@lemmy.ml 2 points 3 months ago (1 children)

That has been a thing forever. I doubt it will ever go away.