The Everything Feed - All Packet Pushers Pods

PP075: Kernel Vs. User Mode In Endpoint Security Software

11 snips
Aug 19, 2025
Guest
Dan Massimeno
Dan Massimeno, Director of Network and Cloud Architecture at Yale University, dives into the complexities of endpoint security. He discusses Microsoft's reconsideration of running security software in the Windows kernel, weighing the pros and cons highlighted by incidents like the CrowdStrike outage. The conversation also explores the role of modern programming languages like Rust in enhancing kernel security and the challenges of navigating user and kernel space in an evolving cyber threat landscape.
Ask episode
AI Snips
Chapters
Transcript
Episode notes
INSIGHT

Kernel As Traffic Cop

  • The kernel acts as the OS traffic cop, handling process scheduling and memory mapping.
  • Moving features in or out of the kernel is an engineering trade-off between speed and safety.
INSIGHT

Rings Protect System Integrity

  • Ring levels separate privileged kernel code (Ring 0) from user applications (Ring 3) to protect system integrity.
  • Only code running in Ring 0 can modify hardware access and virtual-to-physical memory mappings.
INSIGHT

Why Virtual Memory Matters

  • Virtual memory gives each process an isolated address space the kernel maps to physical RAM.
  • This isolation prevents one app's bugs from corrupting another app or the kernel.
Get the Snipd Podcast app to discover more snips from this episode
Get the app