Malware As A Service

alphacyberranger@sh.itjust.works to Programmer Humor@programming.dev – 1252 points –
91

You are viewing a single comment

There's no way of knowing that, though. Perhaps their Linux and Darwin drivers wouldn't have paniced the system?

Regardless, doing almost anything at the kernel level is never a good idea

Also, it's less about "their" drivers and more about what a kernel module can do.
Saying "there's no way to know" doesn't fit, because we do know that a malformed kernel module can destabilize a linux or mac system.

"Malformed file" isn't a programming defect or something you can fix by having a better API.

Having the data exposed to userspace via an API would avoid having to have a kernel module at all... Which when malformed wouldn't compromise the kernel.

I mean, sure. But typically operating systems don't expose that type of information to user space, instead providing a kernel interface with user mode configuration.

It's why they use the same basic approach on mac and Linux.

Security operations being one of the things that is often best done at the kernel level because of the need to monitor network and file operations in a way you can't in user mode.