HACKER Q&A
📣 gausswho

Do immutable OS's make kernel-level anti-virus obselete?


Immutable OS's provide a read-only core system. Does this mean that the kind of kernel-level threat mitigations that non-immutable operating systems use (anti-virus, anti-cheat) are unnecessary or could be solved in a less risky or intrusive way?

Examples would be: Chrome OS, Fedora Silverblue

  👤 mike_hearn Accepted Answer ✓
No. A big part of what drives systems like CrowdStrike is ransomware which from the kernel perspective is just an ordinary program doing ordinary file I/O. They don't change the OS so being immutable is of no help. BTW modern macOS is also immutable in the sense you're thinking.

What's needed is mandatory sandboxing of all software. ChromeOS does that, Android does that. Desktop OS are more general and whilst macOS does now sandbox all apps out of the box it's a relatively soft sandbox. So EDR still has value there but less so.

Unfortunately Windows is by now more than 15 years behind the curve on desktop OS security. Apple is way ahead. Linux barely tries to compete.