Kernel level access is to stop access plain and simple. That includes user access right absolutely.
Comment on Microsoft is moving antivirus providers out of the Windows kernel. Hopefully anti-cheat will be next
WalnutLum@lemmy.ml 3 weeks agoI don’t think chain of trust and security through kernel-level access are fighting the same problem.
Usually chain of trust is to prevent app tampering, and kernel-level access is to prevent memory tampering.
I assume Windows is creating a new API for applications to monitor certain regions of memory for tampering without needing kernel access.
Wooki@lemmy.world 3 weeks ago
DarkMetatron@feddit.org 3 weeks ago
There already is a API for this with ebpf for Windows and it is the same API that can be used on Linux (because it originates from Linux).
microsoft.github.io/ebpf-for-windows/
EBPF still runs in Kernel space but in a much more limited and confined way.