12 comments

[ 4.7 ms ] story [ 35.6 ms ] thread
lol the last thing id do on my linux boxes is set them up to report to microsoft
This may come as a surprise to you, but you are not the intended audience.
If people running linux are not the intended audience, then who is?
Certainly there are more kinds of people running Linux
The people that make the purchase decision, not the technies running the boxes. Just a guess.
Likely companies that are already very much into Microsoft with Azure, Windows 10, Office/Microsoft 365 and also have some Linux boxes that require this kind of protection (maybe for compliance reasons).
If some auditor is forcing your org to have this type of product on Linux, it's probably better than the alternatives.
FYI, this isn't your typical AV, this is expanding their EDR+NGAV offering. Their competition supports Linux but they don't so customers with Linux servers have to buy two EDR products. This will solve that problem by letting you expand that super expensive E5 license to Linux and OS X and kick out other EDR solutions.

Defender ATP is quite special. There are better competitors but Defender has the advantage of being able to access Windows telemetry across all windows installs, Office365 telemetry for their threat intel and being able to literally walk to NT kernel dev's cubicle if they have a question or need a feature plus Azure as their backend!

So this really is welcome news from a corporate security perspective but I would never install this on personal desktops or servers just like I wouldn't install Crowdstrike Falcon either (the leading EDR vendor), because privacy.

What's your advice to protect personal machines ?
What is the drawback of crowdstrike on a personal machine? What are the alternatives?
Every single thing you do is logged in their cloud. If you can accept that,nothing wrong with using SaaS EDRs.
Is it, too, going to use 15% of CPU when doing intensive tasks?