Slashdot Mirror

← Back to Stories (view on slashdot.org)

China Prepares To Examine MS Windows Code

Posted by timothy on from the and-yours-too-if-you'd-like dept.

Stargoat writes "CNet reports that China is looking into MS's source code for Windows. They are looking both to increase security as well as perhaps create a Chinese version of Linux. Or are they perhaps concerned with rumors of deliberate holes left in the software for the NSA to exploit?" Here's an earlier Slashdot post about the Microsoft-China agreement.

11 of 468 comments (clear)

  1. Whats the use? by zaroastra · · Score: 5, Interesting

    whats the use of inspecting some offsite code when you have ABSOLUTELY NO WARRANTY that the code you're looking at is the one that is delivered in your compiled version?
    In my language we have an expresion for that, that could be roughly tranlated to trying to stop the wind with a fork.

    --
    I'm trying to get modded "Interesting Flamebait Informative and Insightful Redundant Troll" *-* Please Help *-*
    1. Re:Whats the use? by rupe · · Score: 4, Interesting

      Even that is not enough. They code might require the use of Microsofts compiler.

      True example, the famous hole in cc, that whenever it noticed that it was compiling "login.c" would introduce a backdoor. Not only that but whenever it noticed it was compiling itself would reintroduce the same code, so that even by inspecting the compiler source you couldnt find the exploit.

      Details can be found on google.

  2. Can China regerate a standard build ? by Alain+Williams · · Score: 4, Interesting

    It would be interesting to see if the Chinese can type 'make' (or whatever is the MS Windows equivalent) and end up with something that is bit wise identical to what MS ships as part of a standard distribution. If they cannot do this, one has to question why not ? and we will be left with the suspicion that there is something that MS doesn't want the Chinese to see (be that different MS or NSA code).

  3. Why would you think that? by Nijika · · Score: 5, Interesting
    While I'm sure that the NSA is no slouch when it comes to computer infiltration, I've never been one to believe that they've got some magical super powers outside the realm of known technical limitations. Let's not forget that most of what any government says it can do is a large percentage smoke and mirrors to keep the public feeling safe (PATRIOT missles) or unsafe (PATRIOT act) as it may be. On top of that the Chinese have never been pushovers when it comes to technology. They're in the asia pacific region, which is undoubtably a world hotspot for technological advances. Hell, the PC you're using right now is probably 60% chinese and 90% asian in manufacture and design.

    With all that in mind, I'd say any advantage the NSA can get, it would take. And with THAT in mind, I think it's perfectly reasonable for the Chinese government to fully inspect any operating system it may run.

    --
    Luck favors the prepared, darling.
  4. What about changes made by Windows Update? by a.koepke · · Score: 4, Interesting

    What about them running windows update with these machines. In 6 months time and after many security patches ;) the code is not going to be the same. So what is to stop MS coding something in a patch that restores any backdoors that they might have removed? Is the Chinese government going to examine the code for every critical update and service pack it installs?

    --


    (\(\
    (^.^)
    (")")
    *This is the cute bunny virus, please copy this into your sig so it can spread
  5. Re:NSA by CaffeineFreak · · Score: 4, Interesting

    And one assumes from this that the chinese government can infiltrate the NSA mainframes.

    Does that make you feel safe?

  6. Funniest line in the article by Mark_in_Brazil · · Score: 5, Interesting
    Haw haw... Sorry, but there's a throwaway line in the article that just made me laugh:
    China--potentially a huge market for Microsoft, once the problem of software piracy is solved--
    Riiiiiiiight. And when, exactly will "the problem of software piracy" be solved? And how?
    I haven't seen anything reported on Slashdot or anywhere else that would "solve the problem of software piracy" and make China a huge market for Microsoft at the same time...

    --Mark
    --
    "It is nice to know that the computer understands the problem. But I would like to understand it too." --Eugene Wigner
  7. Re:not going to help by greppling · · Score: 4, Interesting
    As a point in favour of your reasoning: When there was the big debate in Germany about Linux use in the German parliament, there was also the question about Windows source code being made available to the German government.

    But the source code would never have been allowed to go to the BSI (Federal agency of IT security), which would be the only department of the government with

    • the resources
    • the competence
    for just a partial audit of the sources. So I agree all this shared-source is just a PR stunt.
  8. Rumors said that... by 2Bits · · Score: 4, Interesting
    A couple of posts already mentioned that MS is not gonna give China compilable code, etc. Here's what I heard.

    [Disclaimer: I'm not involved in any negotiation or anything, just heard this from someone whose boss is an insider. So take this with a big grain of salt!]
    Actually, it's not exactly true. Here are a few of the conditions that have been brought up by China, the main reasons being that China must be able to verify what MS claims.
    • MS must provide the compilable source code
    • China must send a team to MS (to the Redmond campus actually, not sure if they would be allowed to get into the building of Windows engineering team) to learn how to build it, and have some training about the Windows internals
    • MS must show how to do the build and a way to compare the final binary with the binary distributed by MS

    I've not asked about the issues about the patches, as I consider it to be a waste of time, and China should be concentrating money and energy on improving Linux, or heck, if we don't want to release the code changes, we can take one of the BSDs too.
  9. NSA backdoors? by Erwos · · Score: 3, Interesting

    I've never understood the kind of schiznophrenia that /.'ers approach NSA with.

    On one hand, they wrote SELinux, which _no one_ has been able to find any deliberate backdoors in. It is exactly what they said it was: a security-enhanced, hardened Linux.

    Yet, on the other hand, we accuse NSA of rigging Windows with backholes for them. Can we at least make up our minds on whether NSA believes in deliberate backdoors or not? It strikes me that the only "evidence" of an NSA backdoor in Windows was the infamous NSAkey brouhaha, but this is _hardly_ hard proof of anything.

    If NSA can use a backdoor, then so, theoretically, can enemy governments. That's hardly good security, and if there's one thing that NSA knows, it's good security.

    -Erwos

    --
    Plausible conjecture should not be misrepresented as proof positive.
  10. Re:Would You Trust an American OS? by kalidasa · · Score: 3, Interesting

    Actually, no, the folks who gave us Hiroshima, Nagasaki, Vietnam, CIA sponsored overthrows of South American governments, and the genocide of the Amerinds are all dead or retired; while one of the fellows who came up with the idea of the Tiananmen Square massacre is himself head honcho in China. Read the Tiananmen Papers, for god's sake.