56
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 22 Jul 2024
56 points (100.0% liked)
Linux
8812 readers
345 users here now
A community for everything relating to the GNU/Linux operating system (except the memes!)
Also, check out:
Original icon base courtesy of lewing@isc.tamu.edu and The GIMP
founded 2 years ago
MODERATORS
You could potentially block your network by disabling your router or something, so it couldn't download the bad update, but you'd have to know that was a step to prevent it (which most people didn't until it was too late).
Ostree-based systems are handy for replacing the system layer, but configs live (mostly) in userspace, and they persist.
Well at that point, just don't install any kernel mode EDR software at all.
NixOS can be set up for impermanence where all config is recreated every boot and nothing persists besides the nix store. There's helpers for ephemeral home also, so you can have something like TailsOS. I'm sure you could do that with other distros but you'd need absolute discipline to have everything the machine needs provisioned at boot.