• kibiz0r
    link
    fedilink
    English
    arrow-up
    13
    arrow-down
    2
    ·
    3 months ago

    This seems intractible.

    Malware scanners want to run at as low a level as possible so they can catch stuff.

    Fault-recovery mechanisms want to run at as low a level as possible so there are very few things that can cause a BSOD.

    It seems like the only possible solution is “just never make any mistakes”.

    Like, either don’t have any vulnerabilities that a user space scanner can’t catch, or don’t ever ship a bad update to a kernel mode scanner.

    • sylver_dragon@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      ·
      3 months ago

      Another solution is to accept that mistakes happen and do a phased rollout of updates. Heck, Windows Updates are known to be enough of a crapshoot that every place I’ve worked at, over the past decade or so, has had a plan for updating systems in batches. That CrowdStrike just YOLO’d their updates out (on a Friday, no less) to everyone at once, shows a mindset which didn’t accept that bad stuff can happen.