Programmer Humor

19176 readers

958 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 1 year ago

MODERATORS

Feyter@programming.dev

anzo@programming.dev

BurningTurtle@programming.dev

1251

Malware As A Service (sh.itjust.works)

submitted 2 months ago by alphacyberranger@sh.itjust.works to c/programmer_humor@programming.dev

91 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] deadbeef79000@lemmy.nz -1 points 2 months ago* (last edited 2 months ago) (2 children)

TL;DR: Because the underlying OS is garbage.

Whatever CrowdStrike's "features" are should already be core security features of the kernel itself, or be exposed/extracted into user space.

NT was supposed to be a micro kernel. That this tool injects itself into the kernel immediately compromises the kernel. Edit: I should point out that it seems that CS injects drivers into the Linux kernel too, it might just be that Linux handles a driver crash more elegantly.

No different to the gaming anti-cheat kernel crap.

Having a "security" tool immediately compromise your actual security is absurd.

[–] ricecake@sh.itjust.works 5 points 2 months ago

I'd love to know how you plan to do user mode packet filtering. Keep in mind that on Linux, the designated API is inherently kernel mode. https://netfilter.org/

This isn't one of the cases where we're talking about Linux being superior to windows. Any OS will be fucked if you give it a mangled kernel module. In this case, it's just that only one got one.

Your perception that anything that touches the kernel is an intrinsic security risk is unfounded.

[–] xor@lemmy.blahaj.zone 3 points 2 months ago

I, too, work in a similar type of company, and can confirm from experience that Linux can get just as absolutely fucked up by a bad kernel module as windows.

And it's not just changes to the module that can cause things to go wrong.

For example, the kernel released alongside the latest Ubuntu LTS included a change that conflicted with our module behaviour, so machines with that kernel or newer would panic on boot.

It was a super minor change, but when you're deep in the weeds, it's really easy for these things to be brittle. But that's just an inherent consequence of the fact that this sort of stuff is intrinsically low-level interaction with the OS itself.