> the primary problem was accessing it with a Windows mindset.
The early Unix systems you're talking about were mainframe based. Modern client-server or p2p apps need an entirely different mindset and a different set of tools that Linux just didnt have the last time I looked.
When they audit the company for SOX , PCI-DSS, etc we can't just shrug and say "Nah, we decided we don't need that stuff." That's actually a good thing though, because if it were optional well meaning folks like you just wouldn't bother and the company would wind up on the evening news.
Maybe I am missing something, but that seems orthogonal to ensuring host integrity? I didn't argue against logging access and making things auditable, by all means do that. I argued against working against the OS.
It is not like integrity protection software doesn't exist for Linux (e.g. Tripwire), it is just different from Windows, since on Windows you have a system where the default way is to let the user control the software and install random things, and you need to patch that ability away first. On Linux software installation is typically controlled by the admin and done with a single file database (which makes it less suitable for home users), but this is exactly what you want on a admin controlled system.
Sure, computing paradigms have changed, but it is still a good idea to use OS isolation like not running programs with user rights.
> on Windows you have a system where the default way is to let the user control the software and install random things, and you need to patch that ability away first.
That's certainly not the default in a managed corporate environment. Even for home users, Microsoft restricts what you can install more and more.
And restrictions are not implemented via patch, but via management capabilities native to the OS, accessed via checkboxes in Group Policy.
I just mean to say that while you absolutely should work to configure the OS to a reasonable baseline of security, you also still need a real EDR product on top of it.
Even if security were "solved" in Linux (it's not), it would still often be illegal not to have an EDR and that's probably a good thing.
> you also still need a real EDR product on top of it.
Well that's my point. You don't need third-party software messing up with the OS internals, when the same thing can be provided by the OS directly. The real EDR product is the OS.
The early Unix systems you're talking about were mainframe based. Modern client-server or p2p apps need an entirely different mindset and a different set of tools that Linux just didnt have the last time I looked.
When they audit the company for SOX , PCI-DSS, etc we can't just shrug and say "Nah, we decided we don't need that stuff." That's actually a good thing though, because if it were optional well meaning folks like you just wouldn't bother and the company would wind up on the evening news.