"Just trust us" as Microsoft's security policy
By kucharsk on Oct 24, 2006
While the desire to avoid having multiple application-installed kernel patches floating around is noble, I would have to ask if you trust Microsoft to know what is best for you. Perhaps next Microsoft will decide to deliver the "64-bit Windows Vista Service Pack 1" kernel on a secure ROM encrypted with your Windows license registration number. Time will tell if I've just inadvertently given away their strategy for 2009, but we can see how well "security through obscurity" has worked for Microsoft to date.
Compare that approach to that of OpenSolaris. While patching the kernel is something we go out of our way to make sure you don't have to do, we certainly don't forbid it. Our kernel API? Documented right here. You can browse the OpenSolaris source code here, or jump right to the kernel source directories here. It's up to you. We don't need to hide our kernel from anyone, least of all developers who want to know how things work. There are even books written by Sun engineers explaining how things work in detail.
If we don't already provide a capability you want, go ahead and add it. Submit the source code and we may even integrate it directly into our tree. Find a security bug? By all means let us know; you can even submit a fix if you like. Want to write your own scheduler? Feel free. New VM subsystem? If you've got the time and talent, go for it.
The key is that we won't prevent you from doing what you need or just want to do to make OpenSolaris more useful for you. We try to make OpenSolaris as feature rich as possible "out of the box," but logic dictates that we can never be all things to all people. You should feel free to customize things if you need to for your particular environment. That's what open source is all about.
In short, you're in control of your Operating System when you run OpenSolaris. Isn't that the way it should be?
If you're Microsoft, apparently not.