Slashdot Mirror
Microsoft Gets Help From NSA for Vista Security
An anonymous reader writes "The Washington Post is reporting that Microsoft received help from the National Security Agency in protecting the Vista operating system from worms and viruses. The Agency aimed to help as many people as they could, and chose to assist Vista with good reason: the OS still has a 90 percent lock on the PC market, with some 600 million Vista users expected by 2010. From the article: 'The Redmond, Wash., software maker declined to be specific about the contributions the NSA made to secure the Windows operating system ... Microsoft said this is not the first time it has sought help from the NSA. For about four years, Microsoft has tapped the spy agency for security expertise in reviewing its operating systems, including the Windows XP consumer version and the Windows Server 2003 for corporate customers.'"
Information Assurance has long been one of NSA's primary missions. NSA ran the Trusted Product Evaluation Program (TPEP) since 1983, which evaluated off-the-shelf commercial products against standardized security criteria, and employed various experts from government, military, academia, and industry. Contributions or recommendations from TPEP often were incorporated into future iterations of vendor products. The expanded Common Criteria programs, which grew in part out of the US Trusted Computer System Evaluation Criteria (TCSEC, the famous Rainbow Series of security publications), picked up where TPEP left off, now administered by the National Information Assurance Partnership (NAIP) of NSA and NIST.
NSA's Information Assurance Directorate also provides public security configuration guides for many popular applications, operating systems, database servers, routers, and other networking equipment.
Also, don't forget to check out NSA's Security-enhanced Linux (SELinux) (FAQ).
When US computing, communications, and networking implementations are more secure, we all benefit, and NSA contributes to this in its overall mission.
Wouldn't it be nice to be a company so large and dominant in it's industry yet so inept in delivering a code-complete product it gets help (I'm assuming for free) from government agencies to try and get it right? So, my tax dollars at work for Microsoft... (the article does mention Microsoft gets this help for free, I can only assume then "we" foot the bill).
I'm not saying Microsoft shouldn't collaborate with external organizations, but why am I paying for it? Even more reason to be upset about their usurious rates for their new OS. Consider that the drive I bought at Costco 10 years ago (500MB) costs on the order of 500 to 1000 times more (that's almost two magnitudes) than storage today, and that Microsoft continues to charge at the same rate -- they even seem to adjust for inflation.
</rant>
.. They contributed "WIRETAP.DLL" and "TERRORSCAN.EXE" which are required components to pass the new-and-improved Windows Genuine Advantage test, right?!?
To Terminate, or not to Terminate, that's the question - SCSIROB
...For Corporate Work
Wow! And it's not even out yet!
-----
Sorry, I'm only a 1336 h4x0r.
1) Write crappy software
2) Get a tax-payer based agency to partly fix your crap
3) Apply your illegal monopoly power
4) Profit!
So our Taxes (for us US residents) are going to the Government (NSA included) to help secure Vista so Microsoft can sell it to us Taxpayers and make more money. What do you say that Microsoft should mark down the price of each Vista copy sold by $1 until the monetary value of the NSA's help is repaid?
I'm buying more stock in Alcoa, that is. With the surge in Reynolds Wrap sales, I'll make a fortune! My just buy a roll myself.
The world is made by those who show up for the job.
Like the NSA knows about security
If the NSA can help Microsoft tighten up it's shitty systems then that's good. There are already positive benefits from NSA research into the Flask OS in the form of GNU/Linux's SElinux.
The only problem I have with any of this is that this is another government subsidy (read our tax dollars) going to subsidise a private company which should (given the vast profits it makes) be able to pay for its own security research instead of dipping its snout into the public trough.
Hey, here's a tip for all you foreign governments out there: Don't use Windows! I hope that helps!
Seriously, I can't believe that there isn't greater demand for other alternatives to Windows in foreign governments. I wonder if Mahmoud Ahmadinejad uses windows...
This is the agency that used to be so paranoid it manufactured it's own CPUs. They're not recommending a closed source OS, it's more an indictment that the best funded monopoly in history is incapable of securing it's own shoddy software.
I remember reading the "if they made toasters" a while back,
NSA: Your Toaster would have a hidden back door, just in case of national security
Microsoft: it would weigh 95 tons, and would do every thing apple has done but 5 years later
WulframII - Free Online Mutiplayer 3D Tank Shooting Game
When they make, "The Good Virus Shepherd."
What??
Were they having problems getting the new NSAKEY http://en.wikipedia.org/wiki/NSAKEY to work?
How convoluted is this- that the same government that fines MS for anti-trust issues grants them "advice" and tech.
Not to add fuel to the fire, but where's Apple in all of this, or is it because Vista will be running on all the government PC's? Naw, that couldn't be the case.
Tony Almeda used a Mac on 24.
You have no chance to generate non-predictable keys. Make your time.
Ha-ha-ha.
Love,
NSA
Now we have further proof of government incompetence ! I see a movie here... "They couldn't fix Windows, how the hell are they gonna save us?"
Using GNU/Linux -- Windows-free zone!
Jack Thompson? Is that you?
Unless I missed it, while reading the article I kept expecting there to be a mention about the possible inclusion of a backdoor. Maybe my tinfoil hat is too tight but it seems like a valid question these days when discussing the NSA and operating systems. Especially for an upcoming consumer OS given that the sixpack set is reading more and more about privacy and fourth ammendment concerns in the mainstream press.
Point being, it seems like something that the vendor would want to dispel pronto. (Yes, Apple and Novell also as they collaborate with the NSA per TFA).
I certainly understand and share the frustration of tax-dollars helping a healthy and profitable corporation, but another way to look at this is NSA is helping the users. The proper long-term solution would, probably, be to make software vendors liable for flaws in their products — as is the case with most other industries. Short-term, however, National Security Agency making personal computers harder to hijack does, indeed, contribute to, uhmm, national security...
Microsoft is not the only entity to benefit either, BTW. For example, FreeBSD cvs-commit messages have plenty of acknowledgments of government's help (fgrep for TrustedBSD). The NSA-funded SELinux is another example...
NSA is, supposedly, full of very smart, technically adept people, who, no doubt, strongly prefer Unix-like OSes (on average) to Microsoft's offerings. However, with Microsoft's market-dominance, it gives a lot more bang for the NSA's buck to help them, rather than the OSS projects...
Granted, there is a danger of this solution perpetuating the problem, but that's a distant and lesser danger, than the present and grave one of millions of zombies arraigned into bot-nets and immediately usable (and up for hire) against businesses and government institutions alike.
In Soviet Washington the swamp drains you.
"For YEARS"? the NSA has helped MS with security issues? The mind reels. A bunch of talented amateurs building Linux do a better effort than the combined efforts of MS and the NSA. The next time the NSA comes to help me with a problem I think I'll politely decline.
On one hand since the NSA has been helping with linux security for years with SELinux, it seems only fair that they would be willing to similarly assist M$. But my concern would be whether they are violating the GPL under which they released SELinux. If they are using concepts they developed for the open source SELinux in Vista, shouldn't M$ be required to open source at least those portions of Vista?
This doesn't sound like a major code review. This sounds more like the NSA tested Vista (something they were going to have to do anyway) and just let microsoft see some of the test results and give them specific guidance as to what they could do to make things more secure. All of which is something they'd probably be willing to do for Apple or any other companies that make products that are either in use or will be in use within DoD.
They did the same thing for DES back in the day, remember?
You are attempting to read sigs. Cancel or Allow?
Only to idiots, are orders laws.
-- Henning von Tresckow
At leat they are wasting their time and resources in something usefull to the majority of the user and not in a minority Linuzz obscure distro that only 4 cats can use. That is good use for tax money: invert it for the good of the majority of the society. And moderate down me, I don't fucking care.
It's time to realise that Abble's products are the biggest abomination these days. Just say NO to the dumb iAbble way!!
NSA? I know "S" and "R" are kinda near eachother... but really!
"Wouldn't it be nice to be a company so large and dominant in it's industry yet so inept in delivering a code-complete product it gets help (I'm assuming for free) from government agencies to try and get it right? So, my tax dollars at work for Microsoft... (the article does mention Microsoft gets this help for free, I can only assume then "we" foot the bill)."
The NSA has many reasons to help MS. From the article it is obvious that they recognize that MS has a pervasive monopoly in desktop OSes and is expected to continue to. (Anyone hear the DOJ going EEK here?) If they secure this OS they make their lives easier and safer for the foreseeable future. Besides, they can get in on the development of the code and make sure that they will have the "behind the scenes" access that they want. (for your personal protection of course!)
"I'm not saying Microsoft shouldn't collaborate with external organizations, but why am I paying for it? Even more reason to be upset about their usurious rates for their new OS. Consider that the drive I bought at Costco 10 years ago (500MB) costs on the order of 500 to 1000 times more (that's almost two magnitudes) than storage today, and that Microsoft continues to charge at the same rate -- they even seem to adjust for inflation."
Huh?
Comment removed based on user account deletion
Microsoft gets help from NSA on VISTA!
Is this better or worse? Now we have the power hungry NSA helping the money hungry Microshaft write the code for the latest and greatest Windows (TM) OS. Does this mean that we are going to be beta testing the bugs for the NSA now too?
NEWS FLASH
The US was down today while administrators patched the NSA Mainframe against some poor insignificant smucks xml buffer overflow that almost started a meltdown in the communities power plant.
In other news the FBI released the Windows Vista version guide....
There are only two steps in the gathering of ultimate knowledge. Open your eyes and, RTFM!
www.ahmadinejad.ir/
Ask him!
"For about four years, Microsoft has tapped the spy agency for security expertise in reviewing its operating systems, including the Windows XP consumer version..."
Jeez. If I were either MS or NSA I wouldn't even admit that given the XP home security record.
"Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
When is the NSA gonna help with Red Hat, Mandrake or Mac OS? I must say that this is totally off the board. MS should be paying the NSA to help with this. They should be footing the bill!
When a man lies he murders a part of the world.
lol
Actually, its kinda creepy...
...or worked for Microsoft. But they found out my parents were married.
Like only NSA could help secure an OS........I bet thats the official excuse for MS-NSA cooperation for inserting an NSA spy agent in the Vista. MS has already shown disregard for civil liberties by including DRM, so why would they object to this? I'm sure they couldve used a ton of other groups, as well as increasing in-house teams, to help them actually "secure" Vista. But they specifically are working with a domestic SPY agency.
Oh come on, be realistic with your paranoia! Any information about that would be a national secret. When government spyware is put into Windows, you won't hear anything about it. It may already have happened. If it has not, then it could be done with a few days notice via Windows Update. AT&T didn't object to the government tapping all the international phone lines, and Microsoft won't object to extra code being added to outgoing updates. It will be made legal at a later stage, after it is discovered.
"China"
"N. Korea"
anywhere in the Middle East
"Russia"
You get the idea....
The longer and more complex it is, the more likely it is to be written down on a post it stuck to the side of the monitor. Especially if you have multiple passwords on different change cycles. "Must have a capital letter, special character, number, be at least 8 characters long, and change every 3 months" is probably, in the long run, no more secure than "must be at least 8 characters long, contain one or more non-alphabetic characters, and change twice a year".
Best Slashdot Co
It doesn't sound like NSA helped write code - it sounds like their primary contribution was in testing:
."
"The NSA also declined to be specific but said it used two groups -- a "red team" and a "blue team" -- to test Vista's security. The red team, for instance, posed as "the determined, technically competent adversary" to disrupt, corrupt or steal information. "They pretend to be bad guys," Sager said. The blue team helped Defense Department system administrators with Vista's configuration
Also, Microsoft isn't the only company that NSA and other govt. agencies have helped with security. Besides SELinux, which others have mentioned, there's Apple:
"Other software makers have turned to government agencies for security advice, including Apple, which makes the Mac OS X operating system. "We work with a number of U.S. government agencies on Mac OS X security and collaborated with the NSA on the Mac OS X security configuration guide," said Apple spokesman Anuj Nayar in an e-mail."
So this isn't that big a deal, it's just that Microsoft is trying to capitalize on the relationship to counter the prevailing belief (or truth?) that Windows is insecure and that Vista is no big improvement.
No sig? Sigh...
Microsoft does not employ the best and the smartest - splains a-lot.
They should ask for help to the Vatican, after all, is a miracle what they are looking for.
Perhaps Microsoft will put the NSA to task on figuring out how to get IE compatible with industry standards.
Get your tagline off my lawn.
Ever heard of SELinux? Guess who built it? Yes, the NSA.
If you would RTFA, you would see that they do work with Apple and Novell, at least.
Grow up, fanboy.
The encryption cat is out of the bag, so if you can't own the communication channel, own the computers on either end.
Sure, I'm just delusional. But then again, there was that WMF exploit that according to Security guy Steve Gibson (grc.com and the SecurityNow podcast) inferred that was deliberately put in the code by someone (though he didn't point the finger at MS, some contractor for MS, at the Gov't direction, or anyone else). Before it was patched, it allowed the execution of arbitrary code on a client computer, caused by merely visiting a website that had a WMF icon/image in it.
Sure sound like a useful tool to fight terrorists who communicate on the internet (or anyone else).
When is the NSA gonna help with Red Hat, Mandrake or Mac OS? I must say that this is totally off the board. MS should be paying the NSA to help with this. They should be footing the bill!
http://www.nsa.gov/selinux/
Its only fair that the NSA helps Microsoft.
Enjoy,
It's just the normal noises in here.
I want to know what NSA did get in return for the help. Far as I know, help from NSA doesn't come cheap, it also doesn't come with some type of a attachment that benefits NSA.
NSAKEY Second Edition?
A bit of history
http://en.wikipedia.org/wiki/NSAKEY
...OS will always be the most Vulnerable (Spelling?) Maybe the NSA can slow down how fast Windows gets raped.
Indoctrinate : to instruct especially in fundamentals or rudiments Educate : to develop mentally, morally, or aestheti
When IBM invented DES, the NSA asked to review it before IBM started selling it. DES is an encryption algorithm that involves repeatedly permuting and shifting bits. The bit shifting phase is handled by sending the permuted bits through what are called s-boxes which basically say 'move this bit over there'. NSA "requested" two revisions to DES - shorten the key to 56 bits and re-arrange some of the s-box operations. NSA didn't say why that would be "better" but made it clear to IBM that if IBM didn't comply, IBM would run into difficulties selling DES. The kind of difficulties that governments are very adept at raising. So IBM complied and implemented NSA's "requests." The presumption has always been that NSA knew how to crack the revised version of DES.
I'm curious if NSA made similar "requests" to Microsoft.
It's a little more complex than that.
"Good" passwords (which, as you note, are more likely to get written down) are much better against remote attacks but often no better or even worse (because they get written down) against local attacks. It all comes down to what you are trying to protect against. If the majority of the people you are worried about have access to the sticky notes on your monitor, long passwords that need to be written down are not going to help much (unless you make a habit of writing them down incorrectly).
But for most net-connected resources these days, strong passwords are probably better simply because there are more bad guys "out there" than "in here."
If this is not the case for you--if, in other words, there are more bad guys within your office than outside it--you may want to change jobs and report your present employer to the authorities. (Unless of course your present employer is "the authorities", in which case you should probably also start carrying a Geiger counter as soon as you quit.)
--MarkusQ
Isn't this a bit like chickens getting help from a pack of wolves for their security needs?
Perhaps I'm being too cynical, as both MS and the NSA have just stellar track records on their concern for an individual's privacy . . .
Comment removed based on user account deletion
Question: Does not this totally work against Microsoft in the eyes of foreign governments?
Trimm
:)
;)
Trimm
Voice: uh..hello?
Microsoft: Hi, i'm microsoft and i'd like to contact your support!
Voice: hmm support? who do you want to talk?
Microsoft: Well, NVS - NSA Vista Supoport, can i?
Voice: Ops.. gasp! uhm i think you called wrong number, there is no NSA, it doesn't exist!
Microsoft: wait! i..
TUM TUM TUM
Microsoft: Damm!!!
Now they know how we feel
just kidding
we are here to help.
Right....
Undetectable Steganography? Yep, there's an app fo
Of course I want the NSA I pay for and depend on to protect me working to make Vista safer. Because Vista is part of the security environment, eventually the biggest part. It's such a threat to Americans' security that NSA should be able to require MS to let NSA help secure it.
The problem is that NSA costs money to operate. Tax money. Tax money that Microsoft doesn't pay. Microsoft cuts costs by ignoring security whenever it can (most of the time). While raking in literally untold $BILLIONS in profits. Now their security work is being subsidized by free work by NSA. So I'm paying for Microsoft to be able to brag that "Vista is secured by the NSA", which will increase its sales. I doubt that JoeSchmoeLinux, Inc, gets Microsoft's attention from the NSA, even proportionate to the benefit it would provide.
Of course I want NSA helping secure Vista, because that makes us safer, NSA's job. I just want Microsoft to pay its share of providing it that benefit. That would mean paying at least its share of taxes, something like $30BILLION or more a year, plus a fee for "special treatment" by the NSA that other companies don't get. Or at least make NSA's Vista work public, so the public can benefit, including MS competitors even if they're small.
That would also make the work even more secure, instead of relying on security through obscurity which MS prefers to protect its profits more than its operations. The secret/proprietary work also lets the NSA hide literal spyware in Vista, which is absolutely unacceptable. Since the NSA is busy spying on Americans right now, including filtering this message, I am now in the business of paying the NSA to spy on me, in violation of my inalienable rights, by putting their spyware into commercial code subsidized by my "NSA fees".
When MS pays NSA to produce "open security" that others can share, I'll be safer. Until then, it's all part of the increasingly unsustainable threat to my security at every level, from economics to privacy to tyranny.
--
make install -not war
That WMF flaw is older than the commercial internet.
It was an artifact of supporting OLE in WMF and how thread control (hah) in Windows 3.1 worked... kept backwards compatible to this day.
It was a shitty design from the getgo, malice or "terrarist fightin' tool" have nothing to do with it. Also, Steve Gibson is a tool. Seriously, get your security news from ANYWHERE else.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
My 3 year old Sony TVR-38 video recorder died a few weeks ago. Looked up Sony Service on Google, got directed to the Sony website without any fuss. They offered to fix it for $240 which I thought was reasonable given that it's worked quite well and hard for the time I've owned it. Shipped it off (would have been free except for the fact I live the middle of nowhere). Twelve days later the thing shows up. Works fine. Had some little gizmo inside that needed replacement. Fixed for free. Nada. No charge.
Now, I think just as poorly of Sony Corporate policies as any slashdotter but give the company it's due. Unfortunately it's things like this that make me think of buying another Sony product in the future. Sigh.
Faster! Faster! Faster would be better!
Won't it be a huge suprise in 5 year's time when... shock horror the NSA is revealed to collect logs of every Vista user's browsing habits, programs used, documents produced, email history... It seems to be the way the US govt does things nowadays.
Start with a dodgy idea that doesn't hold up to scrutiny, secretly implement it, cite national security, deny, deny, deny, throw law suits around, get a presidential exemption then eventually get busted. But ha ha all your shit is still on record. Don't mess with the govt, that's the message loud and clear. I'll be damned if I keep Vista on the next PC I buy.
If this did happen, how would anyone other than M$ and NSA know?
Only 'flamers' flame!
Does slashdot hate my posts?
Why Irak didnt work... :)
Really, isnt it enjoyable that MS has sought the NSA help for security since w2k to no avail?
Bad, BAD PR for the NSA.
NO SIG
Useful, "Karma-Whoring" replies, or petty arguments that give no information, and give no leads to discover things for yourself?
The Karma system, here, is doing its job. That some people "abuse" it by responding to incentives is, I have to say, a bizzare position.
Wikileaks, no DNS
This exploit did not exist in win3.1, it was added later.
If Gibson is a tool, I'd ask, "A tool of what?". Who is paying him off? Interject a meaningful insult next time.
I am quite serious. Windows Vista will be going all over the world in some form or another, I would think it was remiss of them if the NSA *didn't* tell MS that they were adding a backdoor to Vista and hand them the code. I bet they will be more cautious about placing it than the last time they added one, but it will be there. I am sure in compensation they help MS tighten up the rest of the security to ensure foreign governments can't crack it as effectively as the NSA.
:P
I am sure this will be modded paranoid, or humourous, but I am actually quite serious. The NSA's job is to spy on foreigners that might be a threat to the US (and now it seems on US citizens as well, given Echelon and all that), so would it be in the US government's national interest to let the Vista OS go out of the country without testing it to make sure its crypto was up to standard - and that the NSA had a way through that crypto if needs be? I don't think so. Oh, and I am a Canadian not a US citizen
"The first time I got drunk, I got married. The second time I bought a chimpanzee, after that I stayed sober" Arian Seid
As a USA taxpayer, I believe that this is an example of what our government should be doing.
Before the politically motivated "war on terror", I remember seeing news articles about our FBI working with foreign governments to break up foreign hacking rings. Since 911 I don't recall hearing about this anymore.
Our NSA has in the past also donated Linux security enhancements. Excellent! Protecting our national infrastructure.
A little off topic, but this issue has me fairly angry: our government should spend money on just a few things (education, critical infrastructure, defending our country from direct attacks - not Bush's radical foreign adventures, and a minimal social security style safety net). Huge tax breaks for oil companies, attacking foreign countries for the financial benefit of a few corporation, etc. just does not cut it as good government.
The cost of Bush nuking Iran (if that happens) will end up ruining our economy and our way of life - not to mention making us a pariah state.
Of course, one cannot make the stronger statement that the government is doing a better job than the free market, since MS has a monopoly in desktop computers. Maybe it is an example of the extra burden that falls on a government does not deal with anti-competitive monopolies in the market place?
--- guns don't kill people, people with guns kill people ---
In Soviet Russia, Vista backdoors YOU!
You can have my SIG when you pry it from my cold, dead hands.
Yeah, Linux folks would never think of working with a SPY agency either. Oh, wait...
This is a wake up call to those who don't see this following a theme that could lead to the NSA, DHS, or other organization from having direct access to your computer, your use of that computer, without you knowing it.
Microsoft managed to get he DHS to tell everyone to upgrade to SP2 because SP2 had certain features that allowed Microsoft to more easily determine things about your computer. It also aided them in determining if you are a pirate. The DHS has to have received something in return. In my humble opinion, it would not be far fetched to conclude that Microsoft has given something in return. What bothers me more would be to see the DHS telling everyone to upgrade to Vista--which has a slew of technologies that offend the sensibilities of most informed people.
This continued involvement with the NSA which is known for its black-ops type practices and the DHS which also has been participating in some very nefarious practices against the citizens of the US is just part of greater theme.
Now, why would the NSA and DHS not involve themselves with a technology company that has a monopoly thus guaranteeing that they had access to the vast majority of the US and world's computers? This is unparalleled access to every nook and cranny of our lives. Microsoft's voluntary involvement with these two government organizations has to be something more than just Microsoft getting free advice and technology.
We know this because you don't see other companies doing the same thing with the DHS and NSA. No other company can give these two organizations as much penetration into the US population.
Microsoft has been using closed proprietary code and implementing technologies that are not generally detectable by even some of the best hackers/scientists. The way the activation of XP works is hidden to the degree that hackers still haven't effectively broken it, in fact, they are using the pirated corporate XP Pro product key. If Microsoft can hide such such technology for 5 years they can also hide other bits and pieces not related to the OS but to other agencies bent on monitoring our behavior, patterns, etc.
What troubles me is that the Federal government was pursuing Microsoft quite sternly regarding the anti-trust case/penalties, but now they have all but given up on anything related to it. It tells me that the government has decided that the greater potential benefit to them is the ability to work with Microsoft, at some loss to the citizens in terms of allowing Microsoft to maintain it's monopoly, in order to be able to manage/monitor a citizens access to computers.
I know some of this sounds conspiratorial and even extreme, but consider how the Bush administration has been stealing away our rights to privacy, has been spying on the American public through covert agreements with the likes of the phone company, the law signed by Bush to allow the government to open our private mail and how the Bush administration will not turn over Internet control to a non-US third party for management.
I see a greater theme. This isn't as simple as having Microsoft gain some technology advancement from the NSA. Something else is going on here.
You can lead a man with reason but you can't make him think.
Yes, every time hackers publish one security hole the NSA needs to work with them to get a new back door added.
In parallel, in Microsoft's China offices, the equivalent of the NSA in China is busily adding their own back doors. Same for every country in which any closed-source company has developers.
well , apparently it was more fair to help M$ , and less fair to help anyone else, 2120943,00.htm
http://news.zdnet.co.uk/itmanagement/0,1000000308
Why do you think that the vatican could make miracles?
Why don't you turn to God directly?
God and the church are very, very different things. Church bosses often talk as if they were mandated by God, which they are not, and indeed they often talk and act like charlatans. We all have to take on ourselves to live according to the Word. Then we ourselves will be the miracles.
In a time where huge portions of intelligence efforts are focused on gaining advantage for the countries domestic economy, i bet non-US companies will love to hear that american secret services are responsible for security in the soon-to-be most widespread closed-source desktop operating system.
Let the shit hit the fan! O_o
I suppose Microsoft got a referral from Crypto AG...
Hey, you try to find an open nick these days!
I suppose it depends on what you mean by incidents. While one system intrusion may net thousands of identities, it's still only one incident in terms of the password being compromised (if that is in fact how they get the data--insiders often have easier ways to get things than cracking passwords). While I would agree that attacks by insiders typically compromise more data, I would dispute that they are more frequent. Numerically, the majority of all computer security incidences are most probably bot-net abductions, which are almost always done remotely.
--MarkusQ
I hate to dampen your outrage but MSFT has paid an average of $4.7 Billion in income taxes over the last 3 years on income averaging $15.7 Billion over the same period of time: http://finance.yahoo.com/q/is?s=MSFT&annual
Mmmm.. Donuts
You can't uninstall evil.
This sig all sigs devours
"90 percent lock on the PC market" ... Wow! And it's not even out yet!
Government and corporate planning tends to go that way. Some famous examples include:
Sometimes, things just don't go according to plan, which is good. Prosperity comes from mutual respect and free trade. The kind that comes from screwing people is expensive and short lived.
Friends don't help friends install M$ junk.
When US computing, communications, and networking implementations are more secure, we all benefit, and NSA contributes to this in its overall mission.
Sounds great, but it's not because the NSA can not fix Microsoft's broken development model. Our "benefit" depends entirely on what you consider "secure". The former USSR, with a guard at every copy machine, could have been considered secure. Even if you use the right definition, "software is made more difficult for others to exploit and disrupt network public networks with," Microsoft has yet to show any benefit from this form of corporate welfare. The worst kind of "help" maintains Microsoft's monopoly position: use of non free methods for document access and storage. Vista was made the same way every other M$ OS was and it's not going to be any more secure.
The best thing than can happen to World computing is for people to stop using M$ and start using a good mix of the alternatives, heavily favoring the high quality free ones. Microsoft is the definitive host for the everything you think the NSA is helping to fix. The easiest way for government to encourage rational computer usage is to using Microsoft themselves. At the end of the day, you have to wonder why all levels of government pay huge licensing fees to obscure public records.
Friends don't help friends install M$ junk.
Windows XP = WinXP Windows 2000 = Win2k Windows Vista = Backdoor Betty
I've used position sensitive passwords where both my hands make the same remembered movements on the keyboard, with different results depending on start position since I worked at Bell Labs in the early '80s.
It allows me easily repeated logins to assorted systems, without having obvious passwords. I've found that three simple patterns with five different starting positions provide me with enough variation in long passwords to meet my needs without writing down the passwords anywhere.
At MOST all I would ever need to remember is the initial character, and the rest is automatic and lightening fast, just like playing a familiar piece of music...
I feel fairly secure with my simple method - and I feel it is better than many much more complex methods.
--
Tomas
The NSA helped make XP more secure ... yeah, and that worked.
I don't think you can compare it that easily, because linux is kind of "public domain" - when the NSA secured it, it was a benefit for the people
when they secure windows on the other hand, it's a benefit for a corporation (which has enough money to pay for that service instead of using tax dollars for it.... in a way this means that microsoft gets tax dollars)
The MAFIAA is a bunch of mindless jerks who will be the first up against the wall when the revolution comes
Except that SELinux is actually separate from "regular" Linux. Those "Linux folks" have not integrated the changes into the official code base.
1) Are M$ security developers not competence enough to secure their own O$? :).
2) Are NSA stupid to help multi BILLION dollar profit company ? Wait, M$ might be 'donated' some money to them
Like, for instance, Gates123
For a long time there was endless speculation about a possible back-door embedded by NSA/IBM into the DES S-boxes, but later on it was discovered that the S-boxes selected were optimal against a mode of attack known to the NSA but unknown in the public sector (differential IIRC). People get a little crazy with speculation about NSA back doors. Think about the DES. If the DES had a back door, any stars-and-stripes loathing infidel could potentially have discovered, or bought, or obtained via "special extraction" the billion dollar secret and hacked directly into the US banking system. Do you really think the NSA wants to put an exploitable back door into 600 million copies of Vista and then have to protect that secret forever after from the Arabs, the Chinese, the Korean script kiddies?
My own opinion about DES is that the NSA wanted brute force to be the only viable method and that they developed a capability--not necessarily cost effective--to crack DES by brute force where absolutely necessitated. The fact of the matter is that the NSA is 99% reliant on traffic analysis and only 1% reliant on code breaking (which simply costs too much on the grand scale of modern communications), of which 90% consists of scooping up leaked passwords by simpler means, then the mass-parallel trillion password dictionary attack, and only then bringing to bear real resources.
I've long suspect the NSA implemented a DES cracking chip using electron beam lithography on semiconductor substrates grown in space. They spent a lot of money on space-based crystalography. With enough of a fetish on purity they could potentially have engraved a DES breaking die in the ten to one hundred square centimeter range at transistor sizes comparable to current technology. The problem with electron beam lithography, such as I've been able to discover, is that it is only good for one-off production processes, it doesn't scale. For a DES chip of this nature, it doesn't need to.
In any case, the NSA would far rather possess a single instance of the magic chip funded by a ten billion dollar investment in space technology than a stupid software hole any hammer-and-tongs turban-wearing slant-eyed Kaczynski might someday discover. In the former scenario, your concern over who else might gain possession of the space crystal is largely confined to volcanic islands, and you have people trained to deal with that on a case-by-case basis. The NSA does not have the resources to combat a vast and varied assortment of million bot e-armies controlled by a globally integrated cartel of insurection, drugs, corruption, and cultural fanaticism.
Sounds more like a covert way to add government backdoors into Vista.
600 mil?
Don't hold your breath M$.
Wonderful
How are us small business tech support guys supposed to support vista or recommend it to our customers. What happens in 6 months when most computers will come with Vista pre-installed....are we supposed to say, oh well buy it anyway, and we'll rack up the support costs integrating it with Windows XP, and re-installing it when it crashes a 100 times before the first 2 service packs.
www.computerrepairboston.com
Systems Made Easy
To quote Albert Einstein: "Insanity is doing the same thing over and over while expecting a different result" Micro$oft has been playing 3 card monty with security vulnerabilities for decades. Every year a new humdinger emerges from Redmond with the old holes patched, and a few new ones added. And with every new OS they release there is more and more "Protection" programs running in the background (Windows Security Center, and a slew of others which can be viewed by running the command services.msc) which have the overall effect of decreasing system performance in a manner significant enough to rival the effects of half the viruses out there. The new Vista OS states its MINIMUM hardware requirements at 1 gig processor with 1.5 gigs of RAM! That is insane for an operating system that is completely inept without installing several gigs worth of additional software. I am currently running ArchLinux with the Beryl window manager which provides FAR superior 3d effects to Vista, and it's running beautifully on a pentium2 processor with 320 megs of RAM! Anyone who has been using computers long enough to remember Windows98 can tell you that XP was no more secure (Regardless of the M$ PR departments claims) than 98, so I must ask: If M$ is deliberately leaving security holes in their OS (Which is obvious to anyone who has ever spent time on a *nix based OS) then what exactly are they hoping to gain from the NSA? Seriously, you have a company who has consistently produced and sold incomplete operating systems that are so flawed at their core and they must be either patched to death or abandoned within a year. Anyone remember windows98 first edition? XP Service Pack2 (Try downloading that little gem on dialup...my entire operating system isn't much bigger than the service pack 2 patch)? Millenium? 2000 (Possibly the best OS to have ever come out of Redmond...unsupported after the first year)? If Microsoft actually cared about security they would do with Vista what they should have been doing all along: Completing the operating system before selling it to a gullible public. How many people do you suppose would buy a car and then wait 6 months for Ford to finish building their hood? I see a number of post from users who are worried that the NSA is putting things in Windows. I am more worried about the NSA running Windows! It would certainly explain the popup of a commercial airliner at the World Trade Center ;)