MacOS has been phasing out support for third-party kernel extensions and CrowdStrike doesn't use a kernel extension there according to some other posts.
I’m convinced that one reason for this move by Apple was poor quality kernel extensions written by enterprise security companies. I had our enterprise virus/firewall program crash my Mac all the time. I eventually had to switch to a different computer (Linux) for that work.
It wasn’t Crowdstrike, but quality kernel level engineering isn’t was I think of when I think of security IT companies.
But, also credit Apple here. They’ve made it possible for these programs to still run and do their jobs without needing to run in kernel mode and be susceptible to crashes.
Not only security software, but really any 3rd party drivers have caused issues on Windows for years. Building better interfaces less likely to crash the kernel was a smart move
When I started doing driver development on MacOS X in the early 2000s, there were a number of questions on the kernel/driver dev mailing lists for darwin from AV vendors implementing kernel extensions. Most of them were embarrassing questions like "Our kernel extension calls out to our user level application, and sometimes the system deadlocks" that made me resolve to never run 3rd party AV on any system.
Whether you like macOS or not, they definitely are innovating in this space. They (afaik) are the only OS with more granular data access for permissions as well (no unfettered filesystem access by default, for instance)
It's also a shame CrowdStrike doesn't take kernel reliability seriously
The user can change anything they want, but a process launched by your user doesn't inherit every user access by default. You (the user) can give a process full disk access, or just access to your documents, or just access to your contacts, etc. It's maximizing user control, not minimizing it.
You say they're planning to add a feature in the next release, but what you linked to is merely an uncompleted to-do item for creating a UI switch to toggle a feature that hasn't been written yet. I think you win the prize for the most ridiculous exaggeration in this thread. Unless you can link to something that actually comes anywhere close to supporting your claim, you're just recklessly lying.
The linked Issue #8553 is "just" about creating a toggle for GPU acceleration. It's blocked by Issue #8552 [0], which is the actual Issue about the acceleration and originally belonged to Milestone "Release 4.3". It seems to have been removed later, which I didn't expect or know about. Accusation of lying was completely unnecessary in your comment.
Moreover, the Milestone was removed not because they changed their mind about the Release but for other reasons [1].
Ok, so your [0] shows that the real work has barely been started. The only indication it was ever planned for the next release was a misunderstanding on your part about the meaning of a tag that was applied to the issue for less than one day last fall, and they've stopped tagging issues with milestones to prevent such misunderstandings in the future. It still looks to me like your exaggerated claim was grounded in little more than wishful thinking.
Am I missing something? This is to add a toggle button and the developers say they are blocked because GPU acceleration feature doesn't exist so the button wouldn't be able to do anything.
