[plug] Help needed - hackers/crackers and monolithic kernels

[Richard Meyer]

Lots of good stuff from everyone, so I'd like to summarise and
paraphrase.

1) All OS/Kernels can be subverted in some ways at present.

2) OS/X is based on the Mach kernel, which is inclined to be a
microkernel. I say "inclined", because it may not actually live up to
the being a microkernel by every measurement.

3) A well-designed microkernel MAY be more secure than a similarly
designed monolithic kernel, because it is easier to code and understand
a small module.

4) Badly coded drivers can damage ANY OS.

5) Most kernel exploits are from buffer overflows, boundary conditions.
out of bound conditions. The cure for that is good design and coding -
whatever the design may be monolithic or microkernel.

6) Any piece of code should run with the LEAST privileges it needs to do
its job.

7) Microkernels MAY be easier to secure, but tend to suffer from
performance problems.

8) A weakness of monolithic kernels is that ANY successful 'sploit may
own the WHOLE kernel.

9) Win9x bites in all its incarnations.

Anybody who wants to take exception to what I've written, or who has
more to add?

Thanks for the help, guys, it's about what I expected, but some of you
have a great deal more practical experience than I do.

-- 
Richard Meyer <meyerri at westnet.com.au>
Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation.
                -- Johnny Hart