If you want to know what PaX is/does, there's the bunch of documentation on the first link on the page: http://pax.grsecurity.net/docs/
Additional information is in the configuration help for each of its options in the patch itself.
As for the Windows comments in your post(s), I don't see what's so shocking about saying certain third parties have implemented some of same techniques implemented in PaX. Take WehnTrust for instance, which implemented ASLR on Windows (even implementing RANDEXEC through its own version of vma mirroring used in PaX). The source is available -- it's actually a nice piece of work, considering that it's more difficult (but more interesting/rewarding) to implement security in Windows than Linux as you have to get around the problem of not having any source. The person who wrote it now works for Microsoft, which brings me to my next point: the anti-Microsoft view you have of their security is pretty outdated. They've actually been taking security seriously for some time now (which I can't say for the official policies of Linux kernel developers) and employ a large number of really bright security experts (like Matt Miller, the WehnTrust author).
At the same time, it's obviously true that some (or most) of the third party security improvements for Windows claim more than they're actually capable of. There was a particular product I won't mention the name of that claimed detection/prevention of "ret2libc attacks". Since noone else has actually solved this problem yet, I was curious to see what the "protection" entailed. It turned out that the software was just checking to see if the return address for an API call (only the ones it cared about enough to hook) pointed into the stack or to a function prologue -- not true detection/prevention, as it can be worked around by techniques that have been public for years.
I don't envy the monstrous task Microsoft has of improving their security. Any improvements have to be done in such a way that doesn't break application compatibility. Given the amount of software on Windows, most of which only exists in binary form and where many of the authors are long gone -- it's no small feat. In some cases their improvements turn out to be unpopular (UAC) or they have to sacrifice some additional security. This is no different from any other major vendor though -- Red Hat sacrificed some additional security in their Exec-Shield implementation in the name of perceived application compatibility.