The interface in question is official, I believe, otherwise CrowdStrike would have to rewrite the hooking-in process for every last minor update of MS-Windows.* Methinks there's heavy padlocks on that back door.

That comment from Krebs reminds me of an occasion when one of our customers asked whether there was an anti-virus solution for Linux (as mandated by the University for all users' computers). One wag commented that he thought using Linux *was* an anti-virus solution, but with a heavy smiley.

* As do Nvidia with their out-of-tree drivers for the Linux kernel.