Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Denies It Built Backdoor Into Windows 7

Posted by timothy on from the how-are-your-wife's-bruises? dept.

CWmike writes "Microsoft has denied that it has built a backdoor into Windows 7, a concern that surfaced yesterday after a senior National Security Agency (NSA) official testified before Congress that the agency had worked on the operating system. 'Microsoft has not and will not put "backdoors" into Windows,' a company spokeswoman said, reacting to a Computerworld story Wednesday. On Monday, Richard Schaeffer, the NSA's information assurance director, told the Senate's Subcommittee on Terrorism and Homeland Security that the agency had partnered with the developer during the creation of Windows 7 'to enhance Microsoft's operating system security guide.' Thursday's categorical denial by Microsoft was accompanied by further explanation of exactly how the NSA participated in the making of Windows 7. 'The work being discussed here is purely in conjunction with our Security Compliance Management Toolkit,' said the spokeswoman. The company rolled out the Windows 7 version of the toolkit late last month, shortly after it officially launched the operating system."

25 of 450 comments (clear)

  1. Really people by jgtg32a · · Score: 5, Insightful

    Why do people think that the back door is in Win7?

    The NSA put the backdoor in the Intel compiler, that's a much better place to put a backdoor or more accurately spread a backdoor

    1. Re:Really people by ajs · · Score: 5, Insightful

      Or the network adapter firmware or the encryption libraries or the BIOS or the processor itself. Yeah, there's no reason to poke a hole in the OS itself when so much of what it depends on is at your finger tips.

      What's more, the NSA does have a legitimate reason to be involved. It's the same reason they wrote the SE/Linux extensions. They are required (in their public role) to provide the federal government with analysis and review of software for security purposes. To avoid having the NSA say, "Win 7 is too insecure, don't use it," Microsoft would go to them for review and comments prior to release, and respond to whatever concerns they have.

      People often forget that the NSA has a public function.

    2. Re:Really people by w0mprat · · Score: 5, Insightful

      Seriously take of your tin foil hats. What makes anyone thing NSA needs any cooperation from any vendor? If any lone black hat can pwn thousands and millions of machines from his bedroom, it stands to reason a well resourced organisation with even half-assed methodological inclination can do things that boggle our script kiddie minds. They have very few barriers to whatever they want to do, they don't need Microsofts help.

      I'll leave you with that while I go to make my 30-char SSH password a little longer.

      --
      After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
    3. Re:Really people by JohnFen · · Score: 5, Insightful

      People often forget that the NSA has a public function.

      Oh, I don't think anyone is forgetting that at all. It's just that the NSA cannot be trusted, and Microsoft cannot be trusted, and so when the two work together the result is something untrustworthy.

  2. On the other hand... by FlyingSquidStudios · · Score: 4, Insightful

    It's not like they need to put a back door on it. There will be about 500 exploits found within the next year as it is.

    --
    http://twitter.com/OLDTELEGRAM
  3. Not really necessary by Misanthrope · · Score: 5, Insightful

    Odds are the NSA is privy to whatever the current exploits are for windows operating systems anyways. I wouldn't be surprised if they had staff working on breaking into Windows machines if for nothing else than attacks on targets outside the US.

    1. Re:Not really necessary by BobMcD · · Score: 4, Insightful

      Yes, this.

      And if they had smuggled something into it, the testimony before Congress would have been sealed. The fact we know about it without some kind of secret leak means that we can be confident the NSA did not think the disclosure was valuable intel.

    2. Re:Not really necessary by amicusNYCL · · Score: 5, Insightful

      I think it's much more likely that the NSA would partner with Microsoft to ensure that Windows is actually more secure, so that those same targets outside of the US cannot get into the US government systems.

      The NSA doesn't need to rely on Windows to gain access to other networks, but considering the fact that many government systems are running Windows, the National Security Agency definitely has an interest in making sure those systems are secure.

      --
      "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
    3. Re:Not really necessary by sexybomber · · Score: 4, Insightful

      This too. I've got a really good sense of smell, so I can smell a rat from a mile away. This story's not hiding one. For all the lies the NSA does tell, they're not going to freakin' lie to Congress at every opportunity. Just because the Boy King did it for eight years straight didn't magically render it OK. I dunno if this guy was under oath or not, but still, that's not something you do lightly. Plus, this isn't the Director making the statement, it's one of the lesser Director bureaucritters (I think the dude's title was "Information Assurance Officer" or something); if he's caught lying to Congress, he's gone. He's one of the guys the Director would pin blame on if he ever got caught.

      Wait a second ...

      <paranoia intensity="100%"> But maybe that's what they want me to think ... oh no.

    4. Re:Not really necessary by cbhacking · · Score: 4, Insightful

      Considering that historically the NSA has improved cryptographic implementations against attacks that were (at the time) unknown to the public, I'd say that's almost certainly BS. For example, DES. Even when their modifications appeared to be weakening the encryption algorithm, once the algorithm was a standard and other parties got around to hunting weaknesses for it, it was found that the modified version (which had become the standard) was far more resistant to attack. Turns out the attack had been known but kept secret, yet the algorithm had been modified to make the attack weaker.

      TL;DR: No, the NSA uses their extensive cryptanalysis knowledge to take backdoors *out* of encryption, rather than to put them in. Remember: we (the US, including the government) use it too, and enemy forces might stumble upon any backdoor they leave/put in place.

      --
      There's no place I could be, since I've found Serenity...
    5. Re:Not really necessary by ShadowRangerRIT · · Score: 4, Insightful

      Sigh. Roughly half (and that's very rough, but it's not laughably off) the staff at NSA are IA types. I knew several co-op program participants who worked on both sides of the aisle. Information Assurance (defined as protecting the integrity of the U.S. government's computers and networks) is a huge part of what the NSA does.

      --
      $_ = "wftedskaebjgdpjgidbsmnjgcdwatb"; tr/a-z/oh, turtleneck Phrase Jar!/; print
  4. "We did NOT put in a backdoor for the NSA." by John+Hasler · · Score: 5, Insightful

    "It's for the RIAA."

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
  5. NSA helped on Linux as well by prestwich · · Score: 5, Insightful

    The NSA did SELinux (for Linux...) so I don't think it's unreasonable to think they might have helped MS on security issues without doing anything nasty.

  6. Idiocy of ComputerWorld and slashdot... by Anonymous Coward · · Score: 5, Insightful

    NSA: "We wrote a guide and a separate tool to help in enterprise security management"

    ComputerWorld: "OMG NSA TROJANED WINDOWS 7"

    NSA: "WTF? We made a document and stand-alone download..."

    ComputerWorld: "CONSPIRACY!"

    NSA: "Uh, we work with linux too you know... SELinux...?"

    ComputerWorld: "FRONTPAGE HEADLINE NEWS! WINDOWS 7 BACKDOOR EXISTS!"

    Slashdot: "ZOMG! NSA MADE A WINDOWS 7 BACKDOOR!"

  7. Strategic Defense Initiative by Corson · · Score: 4, Insightful

    An OS that runs on 90% of computers in the world is a de facto strategic weapon.

  8. Under the PATRIOT act... by jcr · · Score: 4, Insightful

    If Microsoft had assisted the NSA and deliberately buggered their security model for the government's purposes, it would be a federal crime for them to admit it.

    -jcr

    --
    The only title of honor that a tyrant can grant is "Enemy of the State."
  9. Re:I have no problem believing MS this time... by bug1 · · Score: 5, Insightful

    To say it more clearly, the allegation is that NSA put the back door in, microsoft didnt deny it. They are using political speak to make is sound like nobody put back doors in.

    An think about it, what self respecting intelligence agency wouldnt want a back door in windows. Their job is to collect intelligence, and windows is almost everywhere and handles lots of information.

    It might sound paranoid to say windows is bugged by the NSA, but it totally ignorance to suggest they wouldnt want to bug it.

  10. Never believe something until... by Helldesk+Hound · · Score: 5, Insightful

    Never believe something until it is officially denied. :o)

  11. Re:I have no problem believing MS this time... by PopeRatzo · · Score: 5, Insightful

    What the "we're able to shut down your computer if we suspect you may not have an authorized version of our software" backdoor isn't enough of a backdoor for them?

    --
    You are welcome on my lawn.
  12. Re:I have no problem believing MS this time... by Tanktalus · · Score: 4, Insightful

    Or another reasonable conclusion: the spokesperson did not, in fact, talk to every single developer who may have worked with the NSA to confirm that no back door was put in, and managed to get independent "third-party" developers to code-review everything to confirm this, thereby saying the truth as s/he knows it, which does not need to line up with objective truth as it really is.

    I've failed to keep count of the number of times I see a press release from $work claiming that we do or do not do something that I know damned well falls short of the truth. They don't usually ask me.

  13. Re:I have no problem believing MS this time... by HermMunster · · Score: 4, Insightful

    Any admittance by Microsoft that they had would probably be deemed by the US government as a national security threat. Thus they are probably prohibited from saying anything other than a denial.

    This is a company that was convicted of predatory criminal monopolistic practices. They were nearly torn in two. Suddenly it all ended for them as if it never happened and they came through with a sweet deal that gave them even greater market share for products (via their voucher system).

    This same company holds the keys to 90% of the world's computers. The NSA has the dubious role of the most massive electronic communication surveillance entity in the world, of the world. Those two joined mean something other than what that denial professes.

    You can rightfully imagine the dismay about their disclosure for any foreign government.

    If you think there is going to be a serious threat of cyber-attack in the next 20 years, then you are more paranoid than all the tin hat wearing conspiracy theorists in all existence (past and present). At least, give the world those 20 years to undo that monopoly instead of using American tax payer dollars propping up that criminally convicted predatory monopolist.

    --
    You can lead a man with reason but you can't make him think.
  14. Re:I have no problem believing MS this time... by Attila+Dimedici · · Score: 5, Insightful

    .

    An think about it, what self respecting intelligence agency wouldnt want a back door in windows. Their job is to collect intelligence, and windows is almost everywhere and handles lots of information.

    It might sound paranoid to say windows is bugged by the NSA, but it totally ignorance to suggest they wouldnt want to bug it.

    You are overlooking the fact that intelligence agencies are, also, usually tasked with preventing (as much as possible) foreign countries from collecting intelligence about the U.S. government. If Windows has a back door that the NSA can use, how would they prevent foreign intelligence agencies from using it? It is a well understood fact that any security vulnerability that is introduced will be discovered by those with nefarious goals (the NSA would not view their own goals as nefarious, but they would consider the goals of many foreign intelligence agents to be nefarious).

    --
    The truth is that all men having power ought to be mistrusted. James Madison
  15. Re:I have no problem believing MS this time... by truthsearch · · Score: 4, Insightful

    One of the biggest reasons this country is falling apart? On his best night less than 1% of the country is watching his show. You give him way too much credit.

    --
    Developers: We can use your help.
  16. Re:I have no problem believing MS this time... by rtb61 · · Score: 4, Insightful

    Whether they did or did not put a back door in windows is arbitrary. What is of concern is a government department doing free work to improve the profitability of a single corporation against the corporate interests of every other competing corporation. Remember the screams coming out of Redmond when the NSA produce SE Linux, taht would be made available for free to all taxpayers.

    Now you have the NSA and the department of defence attempting to prop up the security incompetence of a corporation at tax payer expense so that corporation can now turn around and charge their customers for work their customers already paid for.

    If M$ is to security incompetent to produce reliable software, no government departments should be steeping ion to to their work for them they should simply stop using their software rather the propping up the company at taxpayer expense.

    Besides everybody knows backdoors belong in hardware not software, any tech person with more than half a brain dual boots and uses the Linux side of things for anything they want to keep safe and secure, the windows side is built to power a game console and that's all it should be used for.

    --
    Chaos - everything, everywhere, everywhen
  17. The NSA has helped LInux in the same way, FFS by Chris+Burke · · Score: 5, Insightful

    Seriously, you're absolutely correct. The NSA has every incentive to improve the security of Windows, not compromise it. They did the same for Linux, where you can see the changes they made. In the past, they've made suggestions for improvements to encryption algorithms that academic researchers later realized had a sound mathematical basis. The NSA is as much about strengthening computer systems as they are compromising them. Hell, if in a particular situation they want to compromise the security of a system, all they usually have to do is ask (see: AT&T et. al.).

    The thing is, they know that important information they want to be kept secret is going to exist on Windows machines. On Linux machines. On [x] machine that isn't necessarily controlled directly by the NSA.

    And even outside such "National Security" secrets... The NSA may want to listen in on your phone calls, but it doesn't help them at all for every Tom, Dick, and Sally to have their credit card information stolen, their bank acccounts phished and plundered, and so on.

    --

    The enemies of Democracy are