The same style of argument used by ChatControl proponents. I mean, what's another backdoor going to do in the swiss cheese that is Whatsapp/$INSERT_IM_PLATFORM_HERE security ?
>But the point is that in one the OS security layers or antivirus will catch it.
Doesn't antivirus have detections for ring0 as well? Otherwise virus makers can just code their viruses to be in drivers and evade all the antiviruses.
This wasn’t really true in decades past - there was a cat and mouse game where often it could be detected because the virus wasn’t perfect at hiding its activity and resource usage – and it’s become far less so in the era where even consumer hardware has virtualization features which allow even kernel code to be restricted. Even Windows is starting to use that to prevent malware from accessing secrets (e.g. Credential Guard) so I wouldn’t treat this as the ring0=game over situation it was in the 90s.
A more accurate phrasing is that antivirus software can positively confirm the presence of malware but it cannot on its own definitely prove the absence of ring0 malware. For that, you need an Apple-level secure boot process to give confidence that the code is running on an unmodified, unvirtualized kernel.
