Re: @AC "17 hrs", whatever that means ElReg (was: "Define computer literate.")
Can you explain why punching bloody great holes through ring 0 isn't? In userspace, a driver can only access the hardware to which it is granted permission. It can't easily escalate privs, it can't meddle with kernel memory and if it's badly written it will only crash itself, and theoretically can be restarted without the entire system going to shit. In the ideal state (which I grant doesn't exist in the real world) it can't do anything except what it's allowed to do.
In kernel space it can do all those things and a great deal more. Windows NT 4.0 and over were severely compromised in both terms of security and stability when the graphics stack was moved into kernel space from user space in an attempt to improve graphical responsiveness. Many of the biggest flaws in NT from then until NT 6.0 have been related to exploits of the graphics subsystem, nearly all of the stability problems encountered in win2k and XP were related to graphics drivers knocking down the entire system. Since 6.0 those issues have been largely mitigated by pulling the majority of the graphics subsystem back out into userspace.
In the security trade-off between "has direct access to a single piece of hardware" vs "has direct access to EVERYTHING", the former wins every time.
Biting the hand that feeds IT
