Posted by sandwichsphinx 1 day ago
It's called security in depth.
It's called security in depth. That means you don't need to prevent all kernel access for users, because there are layers of defense.
Why do you need it?
Want to lock down Windows? You should have that power. It would be absolutely idiotic if you couldn't secure a computer. But, do you want to fuck with the kernel, patch out something you think should never be called by anything because there is no legitimate use case? You should also have that power.
Because one thing that stuff like this doesn't do is "make it easier for the bad guys": want to deliver a malicious payload by exploiting Windows, either because of its design or a recently found vector? I hope you die in a fire but you already have so many options that this one really doesn't give you more power than before. It's just another option in a litany of options. After all, Windows is only as safe as its users with admin powers, which is literally every home user thanks to elevated access being a single "ok" button, if they even have UAC still turned on "because it's so annoying".
K.
edit: VPN, ssh -D to vps & socks5 localhost worked. Can't have anything anymore.