Slashdot Mirror
Microsoft Opens Source to China
angst7 writes "ZDNet is reporting that Microsoft has signed an agreement which would allow the Chinese government access to Windows source code. This is part of an effort to curb the shift toward Linux in China due to that country's concerns regarding the security of closed source software." Reader NZheretic points out that less than a year ago, Jim Allchin swore under oath that disclosing the Windows operating system source code could damage national security.
And I thought it was just Bill Clinton that sold us out to the Red Chinese...
I guess Drudge was wrong all along, eh?
Now that China has the source code we can look forward to some really nasty ones.
less than a year ago, Jim Allchin swore under oath that disclosing the Windows operating system source code could damage national security.
So, does this open the door for a purjury investigation? I would think that a number of companies would look upon this with great interest.
Visit Jonesblog and say hello.
It's just that M$ can't go after China with an army of lawyers. When a school or corp breaks their NDA, they end up in court. I wonder what happens when China breaks NDA.
Learn from the mistakes of others. There isn't enough time to make them all yourself.
That's what I was going to say. I was also wondering if MS should even be sharing with China's Government? I mean they are an evil bunch. Why is MS helping China who will just use Windows to better exploit its people. Oh wait, now I remember why. $$$
I would NEVER do business with China for all the money in the world, I guess I'm not surprised MS will though. We can't prevent China from using Linux since its freely available, but at the same time I don't think MS or any other American company should be selling China technology or any other products.
Trade secrets: Beyond a doubt there are piles of things in the source code that could be considered trade secrets. One way to protect trade secrets is to make certain that they are widely available but not legally available. In the cynic's view (i.e. mine) M$ wants the code to be leaked by China.
If the code is illegally leaked, it is very easy for M$ to accuse other products (future Linux apps?) of using illegally acquired trade secrets. How can the authors, living in countries around the world, prove that none of them have ever seen illegally leaked material?
Based on what I have read about the development of the clone of the IBM BIOS, it appears that the burden of proof de facto lies on the defendant to show that they are not using trade secrets illegally.
This may give M$ a very big gun to point at any colloboratively developed code that they don't care for.
Sorting through 50 million lines of code, finding hundreds of thousands of vulnerabilities to exploit in windows, and thereby becoming the predominant information-warfare player, at least in terms of potential mass disruption, on the planet.
Someone in China is smiling sagely over this one.
Although I've always felt that "cyberwar" scenarios were rather overblown attempts at giving backroom geeks frontline roles, the military certainly takes it seriously; one well-received military paper a few years ago warned that America's IT defenses were on a par with the ability of Task Force Smith (whose ignominious retreat from Korean forces showed how woefully unprepared America was for the Korean conflict).
As we know, China has been touted as the first great cyberwar enemy; allegedly, China does have a "hacker brigade" tasked with disrupting American networks and computer systems in times of war, to rectify the strategic imbalance between the two nations. Now, Microsoft plans to open to a strategic rival of the U.S. the internal code that will power the Navy's upcoming CVN-77 aircraft carrier, plus other "smart ships."
This raises an interesting question for the Administration: although, as Vann H. Van Diepen (Director of the Office of Chemical, Biological, and Missile Nonproliferation) told Congress, export controls to China are not enforced in "areas where the technology is widely available as commodity items ... such as low-level computers," the source code to a mission-critical operating system used by military C4 systems is certainly not a "commodity item," nor is it "widely available." Will the White House put national security over Microsoft's profits? Les Kinsolving, call your office!
"Freedom is kind of a hobby with me, and I have disposable income that I'll spend to find out how to get people more."
I,
Know that there are export restrictions for crypto software and the like and I'm sure MS isn't sharing this type of material.
But, given the number of times MS software has been shown to be quite a good host for viruses etc. shouldn't there be someone at the Commerce Department reviewing MS's shared code policy.
Basically, I'm seeing MS sharing source code with probable enemies of the US and it makes me nervous.
What's China gonna do with this source code.
Well, they could certainly look for exploits, "No need to try to hack the darn binaries anymore, we got the source Bob."
After identifying the exploits they could EASILY turn around and use them against computers in the US.
For example, what about all those Navy ships out there that are being fitted with MS software? Do you really want the ships Phalenx (spelling?) system networked to and sharing network assets with MS OS's that could be compromised by a sneaky Chinese spy onboard with a floppy full of viruses?
What makes this even worse is that MS is handing over this material to the bad guys and I'll bet you that a majority of our military cannot get their hands on it. Nor can the majority of the FBI personel or the CIA or the NSA I would bet.
This is similar to handing over nuclear technology to the North Koreans so that they can build a power plant. See where that get us?
As much as I dislike saying it, if everybody on our side cannot see the source code, then nobody should be allowed to see it.
Caution: Contents under pressure
You missed the original poster's point. He was asking what happens if China gets the source, but cannot verify that the binaries that they were given (e.g. the shrink-wrapped version) is based on this source-code or something else (e.g. this with some special calls to MSNSAWeakenSSLKeySpace(true)).
Ultimately, if China cannot reproduce the binaries from the source, they will probably have to dismiss this as a marketting stunt.
two far east countries essentially "force" MS to change it's policies but the U.S. can't do anything to control them? Proving once again our government if far to beholden to corporate interest.
When can we expect to see the $5 knock-off CDs of the source hawked on Hong Kong street corners?
"Your superior intellect is no match for our puny weapons!"
Actually some versions of code red did have code to detect the language that a site's web pages were in and trashed the site if it wasn't in Chineese. Then a few days after this was discovered a second verison of the same worm appeared which did the opposite. Code Red hit at the time that the US spy plane was forced down in China.
There are plenty of examples of politically motivated hacking, the Palestinians and Israelis have been having an ongoing proxy war for some time. However almost all the events appear to be the work of independent agents working on their own rather than being coordinated cyber-warfare.
The only example of state sponsored cyberwarfare I am aware of is the attacks on Usenet by Hasan B-) Mutlu and Serdar Argic who roboposted thousands of anti-armenian propaganda messages. Mutlu and Argic were both pseudonyms used by an officer of thr turkish intelligence service which was concerned that reports on the Turkish massacre of Armenians during world war I were circulating on Usenet and damaging the image of Turkey abroad at a time when the post USSR CIS was fragmenting into racial warfare. So they roboposted claims of a bogus masacre of turks by armenians repeatedly in order to drown out and discredit the genuine claims that the turks massacred the armenians.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
Name five?
:-), neither do I. I kinda like it that way, I prefer not to have MS lawyers do cavity searches looking for their source.
If they had, then there would be copies of the Windows source floating around for a while now. Also, we would have heard some major eruptions from the Dept of Homeland Security.
Sorry, but Universities do have access to the source. I have a friend who worked on a project that was granted access. You have to apply to MS, they have to like the project, you sign NDAs and agree to keep lab locked, CDs secured, etc. MS gets the right to incorporate your research, you are allowed to publish, move to a different University and take the license with you. It's real. The source probably is out there somewhere, you just don't run in l33t enough circles
I tried to write something that was quick to read, but to the point. Who knows, maybe someone will notice. I'm not holding my breath, though.
=====
Despite the fact that Microsoft's software is widely known to contain many security vulnerabilities, the U.S. government and military heavily rely on Microsoft's Windows operating system to peform vital government functions.
It is relatively easy to find security vulnerabilities in software when you have access to the source code of that software (source code is what defines software; people read and write source code).
In light of this fact, Microsoft has claimed that sharing information about its software with competitors could damage national security.
More important than any competitor to Microsoft, China now has the source code to Microsoft's Windows operating system.
Shouldn't the U.S. government move in the direction of open software that is not ultimately controlled by any one entity? As a concerned and informed citizen, I would wholeheartedly suggest Senator Warner support open source software and vote against bills like the DMCA that stifle the progress of open source software.
I understand that China is not allowed to compile the program. That being the case how can they be sure that they have the complete source.
The only way that I can see a government feeling warm and fuzzy about this would be if they were allowed to examine all 500 million lines of code and to compile it themselves and distribute that.
Even doing this they will have to do the same thing to every update and every proprietary piece of software that they run on government computers.
I think that Linux is still the way to go for China.
The race isn't always to the swift... but that's the way to bet!
Contrary to your assertion, many people outside of MS do have access to MS source. "Open Source" is not the only way to see source. China will probably sign an NDA just like the US corporations and universities do, and presumably the US government. Hell China might even abide by the NDA, why would they want to let their civilians to have access to the source. They are bigger control freaks than MS.
If, according to Allchin:
"It is no exaggeration to say that the national security is also implicated by the efforts of hackers to break into computing networks," Allchin testified. "Computers, including many running Windows operating systems, are used throughout the United States Department of Defense and by the armed forces of the United States in Afghanistan and elsewhere."
Then why isn't the military running NSA Linux? Because they don't like OpenOffice? Because they can't see Sorenson video in Quicktime? Because Opera borks their MSN page?
It is not that long to compile the Linux KERNEL,
But how much time does it take to compile the kernel
Bash, GNU tools, KDE or Gnome, all shared librairies, etc etc?
Not flaming or anything, just a question...
I'd rather be sailing...
DVD-CSS aside, that's not how it's supposed to work. In theory the difference between trade secret and patent is that with a patent, the Government enforces your exclusive right to use the development in return for you telling everyone how it's done. With trade secret, you take the chance of independent discovery. So if an organization chooses to hide a development as a trade secret and the secret gets out, they've got no recourse other than to recover damages for breach of confidentiality. (That only works with those who have a duty of confidentiality in the first place, of course.) The genie doesn't go back in the bottle.
Of course, that's theory.
Still, MS would have a decidedly difficult time going after Tridge for "trade secret violation" based on a speculation that he found out about some SMB operation from leaked Chinese source.
Lacking <sarcasm> tags,
Maybe. Perspective is everything.
Given how (the US) government is run, I would not think it is uncommon for critical information to be stored, accessed, or backed up by Windows machines.
So, this "hurts" US National Security only in the sense that we are and have been doing something stupid. Windows or any other closed source system should not be housing anything near secret or close to secret (the latter the "new" hunt going on). Or, at least, the US government should have used its significant buying power to pressure MS into releasing source, which now the USSR and China seem to have.
But such Windows machines probably are used in such activities with inadequate security precautions. Which is stupid on the government's part. Stupid because of the consistently feature of Windows known as security holes. Made stupider given that other countries now have source to the very OSs that were believed to be closed; which may (see the maybe above) very well lead to more exploits (not that security holes are necessarily found that way, but it does seem to be easier to find and find such holes with source).
I personally think this is a bad thing and something the government is being shown up on--they were asses in being stpuid in the first place, they continue to screw up, they were unwilling or not compelled to do what China just did, and they won't change, and probably still won't.
How *big* of a concern this is, well, one stupidity frequently leads to another but doesn't necessarily worsen.
Or, put another way, it is abysmal that this MAY be a threat because it never should have been.
My question is, what happens if they violate this agreement? I mean what could MS possibly do the Chinese government is they (China) decides to modify, redistribute, or simply publish it? Are they (MS) gonna file lawsuits, pursuade the US to go after them, what? An American corp has essentually zero scare power when it comes to a foreign nation.
...maybe Bill G is hoping that having Windows and Linux both "open" in the same chaotic marketplace (Asia) will quickly lead to enough "contamination" in Linux distros to "open" the door to generalized lawsuits.
We all know that there is really nothing new in code. Part of what makes an open application clean in the sense of free from copyright issues is not the absence of certain ideas or particular implementations of them, but the absence of a means for those ideas to have been lifted entirely from proprietary versions of the same ideas. Microsoft has always protected their code and this is actually a Good Thing for "clean room" OOS developers coming up with the same solutions as M$ codemonkeys.
Now, if Microsoft could point to Asia and say "our crown jewels made their way into Linux because of our ill-advised opening of Windows in Asia wink wink" do you think a sympathetic judge somewhere might be bri...er...convinced to slap an injunction on the further distribution of OOS software developed after the date of Windows source release to China? And even if they (M$ and the Chinese) aren't actually thinking along those lines right now, do you think they (M$) will hesitate a New York minute to take such action if the opportunity presents itself?
So you see my Prince, perhaps the binaries are not the issue. We all know what the issue is for M$, don't we.
Signed,
Nicolo Machiaveli
=^..^= all your rodent are belong to us
Before that would happen, Windows would have to be:
a) Free software and
b) No longer controlled by Microsoft.
That simply isn't going to happen, ever. Microsoft have no incentive to let go of Windows, and until that happens Linux will be as important as it always was, not because it's more stable or tweakable or whatever, but because it's owned by everybody.
From an Infoworld article [infoworld.com] on the subject:
"Governments signing up to the security program will be able to build systems that offer the high levels of security required for national security, Microsoft has said. However, government users will not be allowed to make modifications to the code or compile the source code into Windows programs themselves, according to Microsoft."
Yeah, real 'open'.
Hmmm - So MS took their windows source, compiled it, modified the code to remove the backdoors, and sent it to China. To ensure that China aren't then going to modify the source, they make sure the source is not buildable - Have in the agreement that they don't give China some important part of the building process.
So China search through the code, find no backdoors (because they have been removed), but runs the original version of the code with the backdoors still in it, because they are not able to build fresh sources.
Seems like a good deal to me.