This blog is about my security work at Microsoft, not my past work in Linux. However, in a recent blog “AppArmor is Dead”, Russ Coker basically called me out by citing both this blog and AppArmor in the same post, so I am going to briefly go off topic and talk about Linux.
Russ says that AppArmor is dead, because of the massive layoff from Novell of AppArmor workers in 2007, and SUSE’s recent decision to add SELinux as an option. He’s right that neither of these events is good for ApArmor, but I think he may be overstating things a little. AppArmor was added as the default security option in Ubuntu and Mandriva Linux, because of user demand for usable security.
In contrast, I suspect that SELinux was added to SUSE Linux because Novell would like to sell more SUSE into US Federal Government accounts, where some of them have mandated SELinux as a requirement. This is actually reasonable, since SELinux is designed for Federal security requirements, and it shows in the usability J
I am no longer involved in the AppArmor project, as I work for Microsoft now, and providing Windows with more usable security is where I put my creative energy. So maybe AppArmor is dying, maybe it isn’t. If AppArmor does die, then in some sense it just makes my job here of enhancing the Windows security value proposition vs. Linux that much easier.
So go ahead, make my day: ignore the popularity of AppArmor in the user community, keep blocking AppArmor from inclusion in Linus’ kernel. If all I have to do is make Windows security easier and more effective to deploy than SELinux, then my job is practically done for me J