alt Hacker NewsThat’s vastly more failure prone (crowdstrike crashes workstations) and abuse prone (kernel code has the highest privilege level) than processing network traffic at the network/TLS level.
Replies
iso1631 • last Wednesday at 5:44 PM
It's also normally deployed by companies who want this level of access anyway
If you don't then you're simply open to encrypted comms over your deep inspection TLS breaking box anyway
➕ show 1 reply
In practice you don't actually need kernel code on a bunch of platforms for this, e.g. NETransparentProxyManager on MacOS. This is not necessarily an endorsement, just worth not mixing in unrelated issues.