b) It comes with an assortment of crap I don't need nor want ... like Gnome! And talk about modules...try an lsmod, that's rediculous!
For a new user, having a wide selection is a good thing. More stuff to play with and learn about. And more modules means 2 things:
- Less is compiled into the kernel, which is generally good
- .. without losing hardware support
Loadable modules is something a newbie should never need. Enabling loadable module support can be a huge security risk (e.g. Ever heard of rootkits? They are usually loadable kernel modules). Linux could never dream of compiling every single driver into the kernel because it uses (as I understand) a 2 stage boot. The second stage can only load so much into memory. This is why the Linux kernel is bziped.
Its worth noting, *BSD is a 3 stage boot, and GENERIC features nearly all drivers compiled into the kernel. Some drivers are modules for common sense reasons (like ACPI).
NetBSD has an option to disable loadable kernel modules in entirety ... that is a
very good idea. This option is enabled by default.
All *BSDs offer a securelevel tunable that makes the system immutable (no loadable modules, no overwriting /bin and /sbin, no overwriting system libraries, etc... ) ... unfortunately, this hinders software like Xorg, that need features like mmap, /dev/mem and /dev/kmem.
Digressing, over the summer when I took the linux device driver course, one of my classmates was working on a kernel module (Called Guardian) that detected foul play within the kernel. This included overwriting the symbol table, overwriting some sort of module table, and so forth. The module itself, made itself invisible by playing with some sort of module table so mallicious kernel modules could not easily detect it. It did other things like take message digests of very common and important kernel functions and correct any changes.
Very cool stuff, here is more information:
http://www.cs.fsu.edu/~baker/devices/projects/sarlou/The moral of the story is, loadable kernel modules can be very dangerous. The *BSDs offer
some protection like securelevels ... but its generally not enough since one can disable the securelevel scripts and reboot the system.
