• yeehaw@lemmy.ca
    link
    fedilink
    arrow-up
    0
    ·
    5 months ago

    I see. How effective is a security tool that can’t stop malicious software that makes itself in ring 0?

    • Yaztromo@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      5 months ago

      You don’t have to run in Ring 0 to detect events occurring in Ring 0.

      Besides which, as kexts are being obsoleted by Apple getting code to run inside Ring 0 in macOS that isn’t from Apple itself is going to be extremely difficult.