On 6/29/2016 3:31 PM, Mike Small wrote: > "Symantec runs their unpackers in the Kernel!"
Yup. > To quote one of Hillary Clinton's emails: "WHAT??? Or, more to the > point, WTF??" Performance. Doing everything in the kernel means that their code does not need to keep waiting for the CPU to switch between ring 0 for reading and ring 3 for unpacking/parsing. Why is this "necessary"? Because all of the consumer-focused "technical" review sites heavily weight performance in their ratings. -- Rich P. _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
