How a Microsoft blunder opened millions of PCs to potent malware attacks

I might have misunderstood, but I think I read somewhere that SIP on the macOS is supposed to protect against BYOVD attacks, since the kernel is more locked down. So even if drivers are loaded, they shouldn't be able to mess around with usermode hooks. Actually, here is a pretty good article:

https://addigy.com/blog/key-takeaways-for-system-and-kernel-extensions-on-macos/

It is indeed probably easier said than done. But with my kernel sandboxing idea, the OS itself should enforce drivers to behave correctly, that's all. So I'm not sure if it would break older drivers or drivers in general. I'm sure those smart guys that are employed by MS could come up with something.

 

In first paragraph I was talking about Linux.

When it comes to macOS I don't know that much aside from knowing it is designed to run on Apple hardware. I suspect this makes things easier to secure against BYOVD.

 

Nope. That was the early problem with Vista. They had to rewrite their drivers. It took them about a year to come up with good ones.

 

Yes I know you was talking about Linux, haven't looked into that. But macOS is supposed to better protect against BYOVD attacks because of the recent design change. So I'm sure this stuff might also be fixable in Windows, but it might cause problems with older software. And yes, having to rewrite apps and drivers is probably the biggest problem, just take a look at UWP which totally flopped.

On the other hand, I sometimes also think that MS is not in a hurry to improve the inner design of Windows because of the billion dollar computer security industry. Why try to fix the ransomware problem by sandboxing apps when there are billions to be made with selling AV's and EDR systems to millions of companies?