Microsoft Opens Source to China

angst7 writes "ZDNet is reporting that Microsoft has signed an agreement which would allow the Chinese government access to Windows source code. This is part of an effort to curb the shift toward Linux in China due to that country's concerns regarding the security of closed source software." Reader NZheretic points out that less than a year ago, Jim Allchin swore under oath that disclosing the Windows operating system source code could damage national security.

This won't help them detect intentional back doors

[David+Leppik]

While I can see how this will help China discover unintentional backdoors, this won't help them against intentional backdoors.

There was an old hack which Ken Thompson used to give himself access to all Unix systems, as a proof-of-concept of why you shouldn't trust source code. He didn't modify the Unix source code. Nor did he modify the C compiler used to generate the Unix binaries. He modified the C compiler used to compile the C compiler. Full source code access wouldn't help you see the exploit.

Details are at
http://www.wbglinks.net/pages/reads/hacksexplain ed /thompson.html.

China doesn't have the rights to compile the source code they get. Even if they do (and I'm sure they will, if it's of any use to them) they won't be able to verify that the code is free of intentional backdoors-- because presumably it requires M$'s compiler. Even if they get access to the compiler source code (and I don't think they do) they can't verify that it doesn't have a back door.

If I were China I'd be afraid that the US government has hidden an exploit in Windows. That may seem paranoid, but security folks are supposed to be a little paranoid. I wouldn't trust Windows, source code or not.

Come to think of it, I wouldn't trust the American-designed processor, BIOS, disk controllers, RAM, keyboard controller, chip design tools, etc.