Hacker News new | past | comments | ask | show | jobs | submit login

Presumably Crowdstrikes driver also has the ELAM flag which guarantees it will be loaded before any other third party drivers, so even if a malicious driver is already installed they have the opportunity to preempt it at boot.

https://learn.microsoft.com/en-us/windows-hardware/drivers/i...




> guarantees it will be loaded before any other third party drivers

Point of information. "Guarantee" and "any" are unsubstantiated by that MS article.


If we are being pedantic then an ELAM driver can't be guaranteed to load before another ELAM driver of course, but only a small list of vetted vendors are able to sign ELAM drivers so it is very unlikely that malware would be able to gain that privilege. That's the whole point.


Not pedantic. Just accurate.

> an ELAM driver can't be guaranteed to load before another ELAM driver of course,

Thanks for the correction.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: