Atomic context and kernel API design

Couldn't this be problematic in the case of systems that use intrusion detection? One
technique that I am familar with is the use of MD5 sums of system binaries, to check if they
have been tampered with. Directly modifying binaries would make this prefetch technique
incompatible with systems that do MD5 checking.