Comment by zaptheimpaler
1 day ago
Except that this kernel driver is audited and signed by Microsoft, whom you also trust with the rest of your kernel if you use Windows at all.
1 day ago
Except that this kernel driver is audited and signed by Microsoft, whom you also trust with the rest of your kernel if you use Windows at all.
I don't think Microsoft auditing of code it signs. Wasn't Crowdstrike signed by Microsoft?
It was. All Windows kernel drivers are.
Microsoft doesn't do any auditing besides "is this the most obvious malware?"
They don't audit them. Private cheat sellers user signed drivers because they have a small set of customers so they're unlikely to be reported or detected.