Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

While Linux isn't a panacea, the OS does matter as Linux provides tools for security scanners like Crowdstrike to operate entirely in userspace, with just a sandboxed eBPF program performing the filtering and blocking within the kernel. And yes, CrowdStrike supports this mode of operation, which I'll be advocating we switch over to on Monday. So yeah, for this specific issue, Linux provides a specific feature that would have prevented this issue.


BPF-based CrowdStrike is relatively recent, partially because, from the Enterprise Linux perspective, kernel support is relatively recent.

For example, BPF-based CrowdStrike works on Enterprise Linux 9 and Debian 12. I don't know if the necessary support was in EL 8 or Debian 11.


Right! Windows should NEVER blue screen. Ever. From a third-party software.

Maybe Windows doesn't provide the right ABI or whatever for CS, but come on, you should never be able to kernel panic Windows.

That this blue screened is 100% Microsoft's fault. It's a mess all the way around.


Poe's law?


I mean, you can crash Linux too with bad kernel code.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: