Chrootkit is the sort of thing you run on your affected drive from a system you believe isn't affected.
EDR is pretty much just logging and remote access. The rest is fluff. Yes, you need a "host agent" for operational and regulatory reasons, but there's more flexibility than you think in what you can deploy for that. And none of the vendors use the best technical solution.
It's true the desktop security model sucks, but there's progress in improving it. Wayland, containerization, immutability.
EDR is pretty much just logging and remote access. The rest is fluff. Yes, you need a "host agent" for operational and regulatory reasons, but there's more flexibility than you think in what you can deploy for that. And none of the vendors use the best technical solution.
It's true the desktop security model sucks, but there's progress in improving it. Wayland, containerization, immutability.