[ggm]

I go with three paths out.

1. it consumes too much systems resources. So its net-negative impact on the system under observation

2. it's misleading and leads to false diagnoses of situations under review

3. she's under an NDA of some kind related to a CVE or some other high class risk which will come out in due course but she felt a burden to stop people being exposed to risk.

4. I can't count and there are 4, 5, 6 other reasons but these 3 are mine.

[crimsonpowder]

If it was 1 or 2, there would be a long Rachel-style post ranting about it and explaining exactly why.

It has to be 3.

And she knows her stuff, so I'm listening. Luckily we don't use atop.

[thayne]

But if it was 3, why not say "I know there is a vulnerability, but I can't share the details"?

I'm not saying it isn't 3, but if it is, it seems like there might be more to it than a run-of-the-mill CVE.

Or maybe she doesn't know of a specific vulnerability/backdoor but has some reason to be suspicious there might be.

[AnimalMuppet]

I'll go with number 3. She didn't just say "don't run", she said "uninstall". That doesn't sound like "misleading" or "uses too much resources". It sounds very CVE-ish.

[phire]

"uninstall" points at a very specific type of exploit.

[adrianmonk]

Assuming it's actually necessary to uninstall.

It might just be that "uninstall" is the simplest one-word advice you can give that will definitely solve the problem.

[arkx]

Another xz case?

[_--__--__]

That's what it smells like but this is still a weird way to disclose something like that. I imagine some people with free afternoons are taking a stab at auditing atop's PR history right now. I'm not personally up to the task, but the fact that the top 3 contributors other than the original author are ByteDance employees might cause some to jump to conclusions.

[bee_rider]

Does atop have any legitimate need to connect to the network? I can’t think of any legitimate accidental security holes that might show up in something like atop, but then, these utilities often have funky features I don’t know about!

[benmmurphy]

1) is possible because it uses some interesting options like nice/mlockall/changing its oom score so if the atop process went out of control your box would probably be fucked.