top | item 32217566

(no title)

At least on Linux, a bug on the kernel module could lead to injection of other kernel modules, packages being installed, core binaries being tampered with, which are not impossible to do in userland but require deceiving the user in entering its credentials.

I think on Windows, such actions lead to an overlay that ask for authorization and can't be auto-clicked ? If so, I think having such a prompt when not expected will rise attention from the tech-savy users which may report the culprit binary. A bug in the driver being exploited would lead to the absence of the symptom, potentially increasing the time before a first user notices it.

discuss

prvit|3 years ago

> At least on Linux, a bug on the kernel module could lead to injection of other kernel modules, packages being installed, core binaries being tampered with, which are not impossible to do in userland but require deceiving the user in entering its credentials

None of this matters, because all the files you care about live in your homedir anyway. In a desktop environment, the malware can tamper with your .profile to replace e.g. the sudo binary and gain root access without any exploits.