What are they in on? The fact that bad actors are constantly targeting government infrastructure and that this kind of antimalware is a key part of the tools for defending against it?
If you run a properly designed operating system your anti-malware will not need ring-0 access. See mac OS which has now deprecated kexts altogether and will only load them if you explicitly turn off system integrity settings.
I don't think this follows. Those vendors are third parties and reach for whatever they can get. Yes, if microsoft didn't allow kernel extensions then crowdstrike would run as SYSTEM in userspace, but that doesn't tell use whether they need it or not, it only tells us that they want it.
Based on other comments it can run as kernel module or as eBPF filters on linux. So I guess to them it's a less invasive/more power tradeoff which they'll take whenever it's available.
Mac OS only doesn't need driver loading because they know exactly which hardware it runs on and link those drivers into the kernel. This is not applicable to Windows systems.
That’s a pretty big claim. If they have software that can guarantee a program will never crash it would be revolutionary, and could probably solve the halting problem.
There is a perspective that the architecture of much anti-malware in general and this anti-malware in particular actually introduces new back doors where there weren't any before.
So while anti-malware might have some merits, on balance much of it would be a detriment to security, from this perspective.
People with this perspective are feeling spectacularly validated today!
As often, it's wise to have a nuanced view of course.