Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft to Offer Patches to U.S. Govt. First

Posted by ryuzaki0 on from the preferencial-treatment dept.

Elitist_Phoenix writes "Reuters reports that 'Microsoft is to give the U.S. government priority in fixing security holes in Windows and other software, The Wall Street Journal reported on Friday. Under a plan to take effect later this year, Microsoft will give the U.S. Air Force versions of software 'patches' to fix serious security vulnerabilities up to a month before they are available to others.' Yet another attempt to fight off impending doom, by trying to keep the government away from open source?"

6 of 344 comments (clear)

  1. What if... by 0x461FAB0BD7D2 · · Score: 5, Interesting

    the patches screw up the systems, as has happened in the past?

    Also, how would other governments see this? Would they accept being 'second-class customers', no different in Microsoft's eyes to the Average Joe?

  2. Re:Safety First by Rangataua · · Score: 5, Interesting

    I wonder how long it will be before someone creates a virus based on knowledge found in a patch that has only been released to the government.

  3. Great idea. by Mz6 · · Score: 4, Interesting

    As a DoD Defense Contractor working on these systems, I think this will help tremendously. Currently, we only get patches when Microsoft posts them on their website. From there it needs to be thoroughly tested to ensure the patch will still allow critical software to continue functioning (the government can ill-afford downtime on some of these systems). Beyond that, it then needs to be applied to thousands of other machines on several differnet networks. Of course, we only have a small window to get this all completed. With an extra month to have this completed, we have a small advantage to have these systems patched.

    --
    Hmmm.
  4. Could 0wned admins sue MS? by fuzzy12345 · · Score: 4, Interesting
    I've wondered about the legality of such behaviour. At the point where a company knows its product has a vulnerability, has a fix for that vulnerability, and deliberately withholds the fix from customers, knowing that some of them are likely to be hacked and suffer losses, is it not negligent?

    This would likely vary from jurisdiction to jurisdiction. Anyone got an amateur/professional legal opinion?

    --

    Everybody's a libertarian 'till their neighbour's becomes a crack house.
  5. Re:Haha by Total_Wimp · · Score: 5, Interesting

    If you were the Japanese government, would you want to know that the US were getting referential treatment?

    If you were the Chinese government, would you want to know the US is getting free help from Microsoft to spy on you? Probably not.

    If you were a concerned person living in another county who happens to find out about an exploit in Windows, would you want the US government getting a month-long head start on hacking/spying on the rest of the world, possibly even including the country you live in?

    Microsoft has spent years trying to convince people who find exploits to "do the ethical thing" and tell them about it before letting the rest of the world know. If you happen to be a citizen of another country, this puts a very big question mark on whether giving MS the exploit is "the ethical thing" to do.

    My best guess is that otherwise helpful security proffesionals who happen to live outside our borders will be posting more and more exploits directly to the web because of this policy. Ironically, that will end up making things _less_ secure for the Air Force in the long run.

    TW

  6. Re:Haha by Fat+Cow · · Score: 3, Interesting

    exactly. since the patch is new software, the only way the government is getting it early is if everyone else is getting it late.

    it's also, bad on the government's part to be complicit in this witholding of security fixes - it makes the country less secure, not more secure.

    --
    stay frosty and alert