I really don't think Microsoft gets enough hate for not giving security providers the tools necessary to implement EDR capabilities outside of kernel mode. If one company is messing around in your kernel, their software architecture is flawed. If every company is messing around in your kernel, your software architecture is flawed.
Nobody just wakes up one day and goes "you know what would be fun? Maintaining a stable and reliable driver for 500 different versions of the Windows Kernel".
Marcus Hutchins :verified: /
npub1t5…338yv
2024-07-25 18:30:49
Author Public Key
npub1t5y3qpya5m4v4tv73yw447uglfsn7j44znv2d38m2xsrah4kpm0qt338yvPublished at
2024-07-25 18:30:49Event JSON
{
"id": "1ff0a19be778d93e8b7b271f7572520f2e5b3d530ac8584aca363cbba64e5a9a",
"pubkey": "5d0910049da6eacaad9e891d5afb88fa613f4ab514d8a6c4fb51a03edeb60ede",
"created_at": 1721932249,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/users/malwaretech/statuses/112848551886231014",
"activitypub"
]
],
"content": "I really don't think Microsoft gets enough hate for not giving security providers the tools necessary to implement EDR capabilities outside of kernel mode. If one company is messing around in your kernel, their software architecture is flawed. If every company is messing around in your kernel, your software architecture is flawed.\n\nNobody just wakes up one day and goes \"you know what would be fun? Maintaining a stable and reliable driver for 500 different versions of the Windows Kernel\".",
"sig": "d11e28367d19e77a01a2a798aa9b2adbc8d98c6ee9c57d26cb4d9fb39c6a2ae5be20432221125329f4a01dbac01f036598b21bfc4b301f754648d59d743022be"
}