I am referring to this:
Debug symbols are usually not in production builds. However, microsoft forgot to remove debug symbols. That’s why textual string “nsakey” was found inside Windows: unstripped debug symbols in production build
Quote from the original which started the speculation:
https://web.archive.org/web/20000617163417/http://www.cryptonym.com/hottopics/msft-nsa/msft-nsa.html
Note 1: many people have written us and assumed that we “reverse engineered” Microsoft’s code. This is not true; we did not reverse engineer Microsoft code at any time. In fact, the debugging symbols were found using standard Microsoft-purchased programmer’s tools, completely by accident, when debugging one of our own programs.
If Microsoft didn’t forget to strip debug symbols in production build, then textual string “nsakey” would be nowhere to be found.
Quote x86 Disassembly/Disassemblers and Decompilers - Wikibooks, open books for an open world
User defined textual identifiers, such as variable names, label names, and macros are removed by the assembly process.
Nobody can reverse engineer the source code.
Citation required.
(Required for Finding Backdoors in Freedom Software vs Non-Freedom Software not so much for NSAKEY.)
Enabling/disabling debugging symbols is just a single variable.
Obvious backdoors such as hardcoded username / password happened in past. Wikipedia has a small list: Backdoor (computing) - Wikipedia
Yes, but I guess we have enough points in this thread. Could easily get overwhelming.
That’s a stylistic issue rather than factual claim issue?
It doesn’t have to be. That wiki page doesn’t say it’s limited to security and privacy only. It’s a Freedom Software Linux distribution advocating for use a Freedom Software whenever possible. Summarizing as reasonably sufficient arguments, as neutral, concise, factual as reasonably possible.
If you point out any duplication, I’ll try to reduce. However, some things are duplicated because without re-mentioning the conclusion chapters couldn’t be reasonably argued. That’s also if someone jumps to the conclusion, then many of claims may seem unlikely, big, … therefore adding internal links to the parts of the page where these points are made in detail with links to sources.
That kind of duplication isn’t a big deal. Since that claim seems so strong, it’s good to point at various sources to proof that this interpretation isn’t just an outlier.
Each one has to be interpreted by itself. I don’t interpret them the way you do. For example, they don’t say “Linux has security issues. Use Windows 10 instead.”
Needs to be more specific.
These are irrelevant since Windows fails at the finishing line. Already addressed with this part:
Microsoft provides Tyrant Security. Not Freedom Security. (Tyrant Security vs Freedom Security) Windows comes with some innovative security technologies, however privacy and user freedom is terrible. Security and privacy have a strong connection. Quote Bruce Schneier Security vs. Privacy [archive], The Value of Privacy [archive]:
There is no security without privacy.
I equate privacy with security because they are very much related in the real world especially for whistleblowers.
Windows already is on its dedicated page:
Microsoft Windows Hosts
The chapters could be re-organized. Content shuffled around. But or now, I am mostly interested in precise factual claims.
Interesting counter viewpoint:
(Link shared originally by @madaidan.)
Right. There’s a lot to analyze, document. I’ll work on that once a standalone release of kicksecure.org and Kicksecure is done.
One thing: users still need to use a secure browser without any CVE currently being exploited in the wild.
related:
Chromium Browser for Kicksecure Discussions (not Whonix) - #82 by Patrick
…because you don’t want to test the the robustness of the virtualizer against locally malware running local code execution in order to break out of virtualizer or do other highly unwanted activity:
During such times of compromise (temporary inside disposable VM or as long as a persistent VM gets re-used), some points from The Importance of a Malware Free System apply.
If ignoring or disagreeing with most points of Microsoft Windows Hosts and concentrating on Linux | Madaidan's Insecurities alone I can now even understand that point as well as the point “Windows more secure than Linux”. Just that we don’t agree on various premises.
Which premises? That’s what Microsoft Windows Hosts is for.
To address that, please refer to these chapters:
- The Tyranny of the Default
- Inescapable Telemetry
- And then also the conclusion: Microsoft Windows Hosts