Protecting Your Machine with Judicious Gatekeeping

There are many ways to decrease the risk associated with deploying software. The implementation of security standards and practices can be one of the most effective means of preventing large-scale problems that impact a majority of users. Even in this context, there are many ways that programming inherently creates problems that cannot be avoided because of the nature of software creation.

One of these problems is kernel bloat. As the kernel is the base layer in which drivers and file systems must operate to be accessible, large quantities of trusted code can end up in a user’s kernel with all of the potential risk associated with each third party’s codebase then by proxy becoming the potential risk for the user (Anderson, 2001). As many applications designate themselves as root operations, kernel bloat can become even more of a problem due to the number of applications that attempt to gain the most privilege possible instead of the least privilege possible (Anderson, 2001).

Another issue with programming is the privilege access that is associated with installing an application on any given machine or server. An example would be that mail delivery agents would need access to a user’s outgoing and incoming message box (Anderson, 2001). As was mentioned before, it would be logical to grant the least privilege possible and only have…