Command lines are often misunderstood and even exploited for security issues. One key point of contention is the conventional practice of reserving the first argument of a process’ command line for the process’ name, known as argv[0]. Despite being a relic of the past, this practice can lead to unpredictable behavior and security vulnerabilities, especially in modern operating systems that still adhere to this convention. Windows stands out for its sensible implementation that sets argv[0] automatically, while other systems allow for manual manipulation. However, manipulating argv[0 can deceive security software, fool analysts, and even corrupt telemetry, highlighting the need for better prevention and detection measures.
https://www.wietzebeukema.nl/blog/why-bother-with-argv0