Nadim Kobeissi Profile picture
Jul 19 9 tweets 2 min read Read on X
🧵 OK. In light of CrowdStrike's EDR causing the world to end, let's talk about why EDR (Endpoint Detection and Response) solutions are mostly bullshit. They're marketed as the ultimate cybersecurity solutions, but the reality is far from the hype.
🧵 2/ Big companies are buying thousands of these licenses, deploying them on employee laptops and server hardware. It's not just voluntary; sectors like banking are often forced by regulations to implement these solutions.
🧵 3/ To comply, companies have to install unstable kernel drivers from third-party vendors. Kernel drivers! This is true for both Windows and Linux endpoints. These are the most privileged part of an operating system, and they're being cluttered with invasive third-party code.
🧵 4/ EDRs are nothing more than glorified antiviruses. Most of their touted features don’t actually work, and will absolutely not catch a targeted attack. I've been hired to test their effectiveness in the field, and I was able to trivially bypass "industry-leading" solutions.
🧵 5/ The core problem isn’t about the reliability of staged releases. It’s about the insistence on integrating these solutions at the kernel level. This is where they cause instability, crashes, and even security vulnerabilities.
🧵 6/ So why are companies still pouring money into these solutions? It's often because of regulatory mandates and the fear of not being compliant, rather than actual efficacy. And what are they getting in return? Nothing, except for "compliance" and marketing fluff.
🧵 7/ The entire core engineering premise of EDR solutions, adding invasive kernel drivers on top of consumer operating systems, is fraudulent in theory, and doomed to fail in practice. Any real solution would follow the engineering pathway of something like iOS, or like NixOS.
🧵 8/ To conclude, EDRs are almost literally fraudulent solutions that in the vast majority of cases won't help you. They introduce foreign code into the kernel and do not stop attacks in practice.

Stop lining the pockets of companies that are promoting this foolish practice.
🧵 9/ I forgot to mention just how invasive these solutions tend to be. They will monitor all running processes, all network requests, and in many cases communicate information somewhat indiscriminately to companies run by their vendor, often in violation of GDPR regulations.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Nadim Kobeissi

Nadim Kobeissi Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @kaepora

Apr 22, 2022
Wrote an explainer for goodwrite.app (click on "Learn more")
"Inharmony warning"
Read 7 tweets
Aug 6, 2021
Apple distributed an internal memo today which referred to pushback against its new content surveillance measures as "the screeching voices of the minority." I have nothing to add.
If you too want to be part of the screeching voices of the minority, sign the open Apple Privacy Letter: appleprivacyletter.com
We are now at over 3,000 screeching voices of the minority! We tried to vet every signature.

Our open letter now illustrates a very strong opposition to Apple's new content screening measures.

Thanks @Snowden for keeping me and @georgionic up all night! appleprivacyletter.com
Read 4 tweets
Aug 5, 2021
2021: Child safety
2022: Terrorist recruitment prevention
2025: Firearm regulation enforcement
2027: "Combating misinformation"

apple.com/child-safety/
Spending this weekend debating whether I'm switching back to Windows or Linux
Really loving the proto-fascism that Apple brings to the world of computing. They control software distribution, impose a 30% global tax on the Internet, they control the hardware, the software, the cloud, every single thing, and we actually trusted them to do well with it. Wow
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(