Hey Brad, I got a "you are embarrassing yourself" email from someone providing almost no details. You can probably guess how much weight I give emails that are FUD-secretive in nature. [It's my open source mentality, I think.]
In any case, this event reminds me that I am willing to reply on specific points without feeling the obligation to become an expert on every facet of the discussion. This does mean I might misfire, but I encourage anyone to always try to correct errors in postings that bother them enough. This helps the author and the readers coming after that may also not be experts either.
Excuse me if I was harsh and am not aware of all the good work you and anyone else may have done.
>> As for the Windows comments in your post(s), I don't see what's so shocking about saying certain third parties have implemented some of same techniques implemented in PaX.
Nothing wrong. What happened is that I became suspect over your motives and realized that, regardless of your motives, you were providing material that others out of the spotlight could point at to say, "see all that controversy surrounding Linux/SELinux". Taking everything into account, I thought maybe PaX was a product intended to compete directly with SELinux and had to ask just how a third party could ever believe they could solve Microsoft's problems for Microsoft. Some of their "problems" are based on business decisions which involve protecting monopolies -- eg, by keeping source closed and by making it difficult to have the actual interfaces fully resolved by third parties.
Microsoft can certainly try to leverage PaX. We just can't say nearly as much about the final product Microsoft comes up with without having access to the full source.. A single line of code, or a single module certainly, can bypass apparent security. The task of reverse engineering is an art. The test space is virtually infinite and you have a much longer less precise task ahead without the benefit of source code (including of compilers, etc). Some of the prodding is even illegal according to their EULA, meaning that the number of people even attempting such a task will be further limited.
>> considering that it's more difficult (but more interesting/rewarding) to implement security in Windows than Linux as you have to get around the problem of not having any source.
Just want to mention that interesting in one sense is not interesting in another.
>> The person who wrote it now works for Microsoft
See, even that individual probably preferred to see Microsoft's source. I mean there is a reason the FOSS world shares source. "Interesting" is great and all, but..
..show me the source.
>> the anti-Microsoft view you have of their security is pretty outdated
I did not intend to appear to mock their past (too much). I said that *all* closed source vendors are untrustworthy. This is an academic pov. It's like the example you gave where someone made outrageous claims but kept the magic secret.
Put up (the source code) or shut up is my reply to anyone that wants trust, especially when the software is that complex. Open review is the judge.
In Microsoft's case, seeing some code (let's assume we get access) doesn't convince me an iota that this is what they are shipping, so while I could critique, I would not for a second believe I was actually getting the information I would need to make a security decision in the way I could if I had source.
I don't trust closed source (that I can't change and build to verify). I might run the binaries and accept certain risks, however, but that is a different issue to having the confidence the comes only from open source code.
>> They've actually been taking security seriously for some time now (which I can't say for the official policies of Linux kernel developers)..
That's an unfounded statement. Linus and many Linux developers have taken security more seriously than many that will ever pass through Microsoft.
You can't just start taking security seriously after so much has been invested and pretend you care more about security than those that have taken it more seriously from the start.
Microsoft has a long history of deceptive marketing shrewdness. Their engineers are not the ones making statements on behalf of Microsoft. In fact, their engineers don't make the final decisions in any way.
>> and employ a large number of really bright security experts
I would bet a farm that Microsoft cannot match the number of really bright security experts that currently do or will work on Linux. [Academic institutions, private security researchers, major companies with lots of expertise on staff.. etc, all have access to Linux but not to Windows.]
>> Any improvements have to be done in such a way that doesn't break application compatibility.
Every update Microsoft sends out breaks something, generally speaking. Vista was a mess, but you don't have to be that obvious in one large shot to know that lots of things can break when you don't test for them (conduct analysis, etc). Fixing a bug in Windows will break software that was written with that bug in mind, for example.
Microsoft's interest is to their stockholders, not to the users. They don't give users the benefit of source code, for starters. The users have the source to Linux and their own best interests in mind.
Red Hat is kept in check (so long as they stick to their model) by the public, by the wide open source community. Who keeps Microsoft in check? Certainly not the public.
Closed source is magic. I don't trust it.
And everyone who has gone to work at Microsoft apparently also preferred not to take Microsoft at their word but rather wanted to see some source (of course, mere employees cannot expect to have control and knowledge over the final product because of access restrictions and inability to privately verify the bits through their personal compilation checks).
>> In some cases their improvements turn out to be unpopular (UAC) or they have to sacrifice some additional security. This is no different from any other major vendor though -- Red Hat sacrificed some additional security in their Exec-Shield implementation in the name of perceived application compatibility.
You still can't compare what you can't see with what you can.
[Broken record again: You don't know what Microsoft ships. You don't know their bugs or what process gives the final pass over their bits. Ditto for all their updates.]
To finish, I don't intend to be harsh to you. My beef, primarily, is with those that attack FOSS unjustly, eg, with whom I like to call Monopolysoft, with their dirty tactics, false promises, and lack of transparency.
[FWIW, they keep cutting back and losing quality individuals. Customers relying on them, a shrinking number, might not be thinking long term in putting all their eggs into a single basket.]