> One reason is security: > it's relatively easy for an intruder to install a kernel module based > rootkit, and then hide her processes, files or connections. isn't it security-by-obscurity? Determined hacker can still relatively easily insert code into kernel (vide phreack magazine articles ) -- Dariush Pietrzak, Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9