Re: Services, @h4rm0ny
I would like to clarify a little more on what I said earlier.
1) free and/or open source:
Security through obscurity has been demonstrated to be a fallacy time and again. Moreover, dangerous bugs in proprietary apps are spotted through the reverse engineering usually. So, it's an exploit gets ready before you get a chance to see a code (especially, for someone that wants to patch it before MS or any other owner finds time and resources to do it for you and get it shipped)
2) when people question the advantage of the code being available for study, they perhaps might have something different than me (and many other people) in mind. So what do we have here? Linux kernel that surpassed any proprietary kernel implementation in so many categories. And BTW, the only way you can defend proprietary implementation of a particular project is to compare the binaries performance. And what can we compare? The abominable Flash-player vs mplayer or vlc? adobe pdf reader with evince/atril, kpdf etc?
In more details -- 64 bit skype version for GNU/Linux vs gpl-ed linphone. I got several 64bit Debian (and Debian systems here). Whenever I install skype, MS offers a 32bit version only. I have to use a multiarch option for it and install a whole lot of i386 libs (the apt does it for me) Perhaps due to this fact, I can't get the sound properly, you get so many sound devices and options in the options->sound devices tab, so it's a poor non-user-friendly, which doesn't work reliably anyways. To compare it with linphone available for most architectures for bot 32 and 64 versions. Works flawlessly out of the box. BTW, it's not the only case of a proprietary code that has portability issues. What that tells us? Without looking at the particular source code, one might observe a design problem, as I mentioned earlier, perhaps the developers could not distinguish all modules that should be separated. Do you have another hypothesis why MS cannot bring their code in order?
This is a response to your "That I flat-out reject as straight bias. You're just stating that GNU/Linux programmers are better than MS programmers..."
I'm trying to remember the last time I actually compiled my own kernel and I'm pretty sure it was about three years ago...
I do it regularly, it's no rocket science and is easily automated. The only obstacle is the hardware that builds, it better be a multicore recent system, like one of my machines I utilize for it spends about 10 mins to do it. More importantly, that you conveniently forget or talk this issue down. Don't you know that different distributions use different configs with different options turned on and off? There are a lot of intersections, yet they are not quite identical. Let's take an example of the last CVE, CVE-2014-2523 found in the Linux source code. If you look and see which distros and versions are vulnerable, you'd find no common denominator: most generic kernels shipped have this dccp protocol option turned off. Mine is on though (I am using a customized 3.12 version from Debian sid). Let us now try figuring this out for Windows. Do we have any variations in the kernel among the current up-to-date version? There might be some between XP, Vista, 8 and 8.1. Not as many as with the Linux versions even in the 3.* range, and none withing the same version of OS or kernel as a particular Linux kernel version can have.
If this is not a great advantage, I don't know what is for you? I mean, if you do not recognize heterogeneity as a huge advantage before homogeneity from the security stand point, we have different views here.
That's pretty much just a restatement of your previous point...
Not necessarily, the kernel is one thing, particular setups may not have to follow it. Once again, MS have/has been deaf for quite a long time to various remarks about their weakness as no way to strip a system down to a bare minimum before. They now recognize that and are talking about lowering the attack surface. And they are getting better, yet still not quite the same place where Debian and most other Linux and BSD distros have been for decades already.
Yes, a million different variations are great for consistent security and making sure your fix for your software is on all platforms in all the different packages. Surrrrre.
It's a flawed argument in my opinion. My counter to this is that had never been a problem in the past. Or you know any examples where this was a case? Committing a patch to all versions of the kernel are absolutely not a big deal, thanks to git. Distros are even faster to patch very important vulnerabilities. If we're talking about the kernel again. No waiting for the Tuesdays patch, remember ? :)
Again, you're shifting things into a weird game of My Team scores more points than Your Team...
If you didn't get it, I'll reiterate it for you, now it makes more sense after you have praised MS acl in your other comment, I would like you to come back to the Android open source realization of what MS should have done to fight so many trojan issues. No they didn't invent it, neither they touch upon many other categories. I mentioned them aplenty above. And BTW, the ultimate incentive for MS and most other proprietary entities are making as much money as possible. MS is a huge company, they probably have many talented programmers and designers (I mean, project and software designers). They also have as many or more managers, lawyers, financiers that have very different agendas than producing a good code and design. No, am I wrong? Didn't they try to "implant IE into the OS" to make non removable? What about the Vista to require more resources to make people upgrade to higher end hardware? What about their decisions in security, like ease of Auto-Play/Run? The decision to hide API's, poorly documenting them? To not ship products for alternative OSes damaging the design decisions so many times (remember 64 bit rewrite issues)? Deliberate incompatibility with other competitors products in their own? If this doesn't appeal to you, I apologize...