Read my edit. By definition you're right, it does increase the attack surface, but in reality, you're wrong, because of the functionality it provides. Err no, *cough* PatchGuard. This only affects 32bit versions of the O.S., and since when is the kernel an internet facing application? I assume you mean using an Internet facing application that has kernel hooks, sounds silly to me. Anyway, not gonna beat my head against a wall with you about this again.