Our great sponsors
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
There's some very good points in there, but (4) is unfair. It's true that there's no boundary between a sudoer and root in Linux, but there's also no boundary between an Administrator and SYSTEM in Windows. UAC, even in the "secure" AlwaysNotify mode which uses the secure desktop, has countless unpatched bypasses[1].
Also, (3) should raise some eyebrows for readers paying attention. Cool, Microsoft removed font parsing from the kernel, how wise of them. Wait a second, why was font parsing in the kernel to begin with? With win32k.sys, it shouldn't be surprising that Microsoft has to do more legwork to bring the attack surface back down to the level of other OSes. They're also exploring the use of eBPF in the Windows kernel too[2].
[1]: https://github.com/hfiref0x/UACME