As a regular contributor to Katherine Noyes' Linux Blog Safari on Linux Insider, I was recently asked to comment on the NSA recommending Vista for best security. For those who don't already know, Vista is a train wreck, but the situation is at least slightly more insidious than simple stupidity.
When I see the federal government recommend the products of one of its actual constituents I am annoyed but not surprised. Remember when Bush's boy Ashcroft gave Microsoft a free pass after the DOJ found that they had illegally abused their monopoly position? (And have you noticed where Ashcroft is now?) It comes as no shock to see the NSA failing to promote Linux when the federal government is clearly a friend to Microsoft, and vice versa. And let us not forget the well-foreshadowed speculation that Vista may contain an NSA back door. Since there is no way for an independent reviewer to know that the code they are reviewing is what is actually being distributed with Windows or via Windows (or Microsoft) Update, clearly it is irresponsible at best to utilize Windows in any case where security is important. Interestingly, the NSA recently recommended that users upgrade to Windows 7, but I think we already know that's just Vista-dot-one.
Is the NSA recommending Vista while simultaneously recommending Windows 7 in order to catch some specific user or group of users with their pants down? Why not suggest The NSA's own Security-Enhanced Linux, which by any reasonable measurement is more secure than any edition of windows?1
- 1. Yes, selinux is just a modification to the Linux kernel; there is still the rest of the distribution to consider. I do not see this as a significant problem but am open to discussion.