• @[email protected]
    link
    fedilink
    English
    -135 months ago

    Probably it runs with privileges of the OS level, what applications should not do. The second problem is monoculture. To run the same software of a single company an all machines is easy, but…

    • @lmaydev
      link
      25
      edit-2
      5 months ago

      It literally has to run at that level to do it’s job.

      • OfCourseNot
        link
        fedilink
        55 months ago

        ‘He’s out of line but he’s right’. I mean, is a bit ironic to give this level of permission to a program that is too malware-like to protect yourself from exactly that. We’re talking about hospitals, airports and airlines, government agencies… many critical systems, so much information’s security rely on a (foreign for most of the world) private company.

    • CaptainBasculin
      link
      fedilink
      85 months ago

      Companies wouldn’t mind having an OS level code run on their PCs if its meant to help secure their computers. A malware infecting their computers could result in way more damages after all.

      • @[email protected]
        link
        fedilink
        English
        25 months ago

        I’m not so sure what is worse. I wish we wouldn’t reimplement statist practices in computers, as it often not goes well in our physical world, and invent more resources into OS/network security, compartmentalization and privilege separation. But yeah, the reality is it’s easier to put a god-like “trusted” agent in a system. Well, the police need have guns, read all private chats, place security cameras with face recognition everywhere… to do their jobs. Otherwise terrorist attacks or whatever could result in way more damages after all. The same story every time.

        • @[email protected]
          link
          fedilink
          55 months ago

          Are you seriously equating security software running on business systems with state violence / surveillance on people? Those two things are not even remotely comparable, starting with business systems not being people that have rights

          • @[email protected]
            link
            fedilink
            45 months ago

            The equation by the user is bs.

            But these companies do hold people’s data, and it’s a catch 22 situation: in order to protect that, they rely on an invasive system. Providers like Crowdstrike have high-level access to critical infrastructure and critical information. Is the a good thing? Maybe yes, maybe no.

      • @[email protected]
        link
        fedilink
        English
        15 months ago

        Effectively. Kernel level driver intercepting system calls for logging, analysis, and potential blocking.