The default assumption is not “everything is unhackable”. The burden of proof is on you/vendors to prove that a vendor can protect against commercial hackers.
What, are we just supposed to assume that their product works until a exhaustive third-party analysis with no access to the design proves it is mathematically impossible otherwise. Can I also claim I have a faster-than-light drive and you have to believe me until you can prove otherwise even if I have never demonstrated it actually going FTL? That is a totally ridiculous position.
But since you want some evidence. Not a single one of those companies has ever once been able to achieve a EAL5 or higher certification for their software which indicates “resistance to penetration attackers with a moderate attack potential”. They have tried numerous times for their headline products in the past and present and have at most been able to achieve EAL4 for locked down configurations the vendors personally implemented which is only adequate for “assumed non-hostile and well-managed user community requiring protection against threats of inadvertent or casual attempts to breach the system security“.
This is certification standard they are legally required to certify against to sell to the US government and which is advertised, sometimes exclusively, on all of their security pages. All of those companies have tried and failed to achieve higher certification levels for literal decades over tens of software versions and billions of dollars spent.
So yeah, your turn. Find one single counterexample. If you can not even find one measly verified/certified example of what you said in the entire world, I think I have proved my point to anybody still reading this.
If you are going to just keep hemming and hawing or post a unverified or useless certification do not bother to respond, that will just look bad for you.
I see no reason to continue this conversation. All you're doing is deflecting, moving the goal posts and making stuff up (lacking EAL5 certification isn't proof these products are bad and there is ZERO evidence Microsoft, et. al. have spent $1 let alone "billions" of dollars in any failed attempts to get EAL5 certification.)
> If you are going to just keep hemming and hawing or post an unverified or useless certification do not bother to respond, that will just look bad for you.
What, are we just supposed to assume that their product works until a exhaustive third-party analysis with no access to the design proves it is mathematically impossible otherwise. Can I also claim I have a faster-than-light drive and you have to believe me until you can prove otherwise even if I have never demonstrated it actually going FTL? That is a totally ridiculous position.
But since you want some evidence. Not a single one of those companies has ever once been able to achieve a EAL5 or higher certification for their software which indicates “resistance to penetration attackers with a moderate attack potential”. They have tried numerous times for their headline products in the past and present and have at most been able to achieve EAL4 for locked down configurations the vendors personally implemented which is only adequate for “assumed non-hostile and well-managed user community requiring protection against threats of inadvertent or casual attempts to breach the system security“.
This is certification standard they are legally required to certify against to sell to the US government and which is advertised, sometimes exclusively, on all of their security pages. All of those companies have tried and failed to achieve higher certification levels for literal decades over tens of software versions and billions of dollars spent.
So yeah, your turn. Find one single counterexample. If you can not even find one measly verified/certified example of what you said in the entire world, I think I have proved my point to anybody still reading this.
If you are going to just keep hemming and hawing or post a unverified or useless certification do not bother to respond, that will just look bad for you.