Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Denies It Built Backdoor Into Windows 7

Posted by timothy on from the how-are-your-wife's-bruises? dept.

CWmike writes "Microsoft has denied that it has built a backdoor into Windows 7, a concern that surfaced yesterday after a senior National Security Agency (NSA) official testified before Congress that the agency had worked on the operating system. 'Microsoft has not and will not put "backdoors" into Windows,' a company spokeswoman said, reacting to a Computerworld story Wednesday. On Monday, Richard Schaeffer, the NSA's information assurance director, told the Senate's Subcommittee on Terrorism and Homeland Security that the agency had partnered with the developer during the creation of Windows 7 'to enhance Microsoft's operating system security guide.' Thursday's categorical denial by Microsoft was accompanied by further explanation of exactly how the NSA participated in the making of Windows 7. 'The work being discussed here is purely in conjunction with our Security Compliance Management Toolkit,' said the spokeswoman. The company rolled out the Windows 7 version of the toolkit late last month, shortly after it officially launched the operating system."

14 of 450 comments (clear)

  1. Really people by jgtg32a · · Score: 5, Insightful

    Why do people think that the back door is in Win7?

    The NSA put the backdoor in the Intel compiler, that's a much better place to put a backdoor or more accurately spread a backdoor

    1. Re:Really people by ajs · · Score: 5, Insightful

      Or the network adapter firmware or the encryption libraries or the BIOS or the processor itself. Yeah, there's no reason to poke a hole in the OS itself when so much of what it depends on is at your finger tips.

      What's more, the NSA does have a legitimate reason to be involved. It's the same reason they wrote the SE/Linux extensions. They are required (in their public role) to provide the federal government with analysis and review of software for security purposes. To avoid having the NSA say, "Win 7 is too insecure, don't use it," Microsoft would go to them for review and comments prior to release, and respond to whatever concerns they have.

      People often forget that the NSA has a public function.

    2. Re:Really people by w0mprat · · Score: 5, Insightful

      Seriously take of your tin foil hats. What makes anyone thing NSA needs any cooperation from any vendor? If any lone black hat can pwn thousands and millions of machines from his bedroom, it stands to reason a well resourced organisation with even half-assed methodological inclination can do things that boggle our script kiddie minds. They have very few barriers to whatever they want to do, they don't need Microsofts help.

      I'll leave you with that while I go to make my 30-char SSH password a little longer.

      --
      After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
    3. Re:Really people by JohnFen · · Score: 5, Insightful

      People often forget that the NSA has a public function.

      Oh, I don't think anyone is forgetting that at all. It's just that the NSA cannot be trusted, and Microsoft cannot be trusted, and so when the two work together the result is something untrustworthy.

  2. Not really necessary by Misanthrope · · Score: 5, Insightful

    Odds are the NSA is privy to whatever the current exploits are for windows operating systems anyways. I wouldn't be surprised if they had staff working on breaking into Windows machines if for nothing else than attacks on targets outside the US.

    1. Re:Not really necessary by amicusNYCL · · Score: 5, Insightful

      I think it's much more likely that the NSA would partner with Microsoft to ensure that Windows is actually more secure, so that those same targets outside of the US cannot get into the US government systems.

      The NSA doesn't need to rely on Windows to gain access to other networks, but considering the fact that many government systems are running Windows, the National Security Agency definitely has an interest in making sure those systems are secure.

      --
      "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
  3. "We did NOT put in a backdoor for the NSA." by John+Hasler · · Score: 5, Insightful

    "It's for the RIAA."

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
  4. NSA helped on Linux as well by prestwich · · Score: 5, Insightful

    The NSA did SELinux (for Linux...) so I don't think it's unreasonable to think they might have helped MS on security issues without doing anything nasty.

  5. Idiocy of ComputerWorld and slashdot... by Anonymous Coward · · Score: 5, Insightful

    NSA: "We wrote a guide and a separate tool to help in enterprise security management"

    ComputerWorld: "OMG NSA TROJANED WINDOWS 7"

    NSA: "WTF? We made a document and stand-alone download..."

    ComputerWorld: "CONSPIRACY!"

    NSA: "Uh, we work with linux too you know... SELinux...?"

    ComputerWorld: "FRONTPAGE HEADLINE NEWS! WINDOWS 7 BACKDOOR EXISTS!"

    Slashdot: "ZOMG! NSA MADE A WINDOWS 7 BACKDOOR!"

  6. Re:I have no problem believing MS this time... by bug1 · · Score: 5, Insightful

    To say it more clearly, the allegation is that NSA put the back door in, microsoft didnt deny it. They are using political speak to make is sound like nobody put back doors in.

    An think about it, what self respecting intelligence agency wouldnt want a back door in windows. Their job is to collect intelligence, and windows is almost everywhere and handles lots of information.

    It might sound paranoid to say windows is bugged by the NSA, but it totally ignorance to suggest they wouldnt want to bug it.

  7. Never believe something until... by Helldesk+Hound · · Score: 5, Insightful

    Never believe something until it is officially denied. :o)

  8. Re:I have no problem believing MS this time... by PopeRatzo · · Score: 5, Insightful

    What the "we're able to shut down your computer if we suspect you may not have an authorized version of our software" backdoor isn't enough of a backdoor for them?

    --
    You are welcome on my lawn.
  9. Re:I have no problem believing MS this time... by Attila+Dimedici · · Score: 5, Insightful

    .

    An think about it, what self respecting intelligence agency wouldnt want a back door in windows. Their job is to collect intelligence, and windows is almost everywhere and handles lots of information.

    It might sound paranoid to say windows is bugged by the NSA, but it totally ignorance to suggest they wouldnt want to bug it.

    You are overlooking the fact that intelligence agencies are, also, usually tasked with preventing (as much as possible) foreign countries from collecting intelligence about the U.S. government. If Windows has a back door that the NSA can use, how would they prevent foreign intelligence agencies from using it? It is a well understood fact that any security vulnerability that is introduced will be discovered by those with nefarious goals (the NSA would not view their own goals as nefarious, but they would consider the goals of many foreign intelligence agents to be nefarious).

    --
    The truth is that all men having power ought to be mistrusted. James Madison
  10. The NSA has helped LInux in the same way, FFS by Chris+Burke · · Score: 5, Insightful

    Seriously, you're absolutely correct. The NSA has every incentive to improve the security of Windows, not compromise it. They did the same for Linux, where you can see the changes they made. In the past, they've made suggestions for improvements to encryption algorithms that academic researchers later realized had a sound mathematical basis. The NSA is as much about strengthening computer systems as they are compromising them. Hell, if in a particular situation they want to compromise the security of a system, all they usually have to do is ask (see: AT&T et. al.).

    The thing is, they know that important information they want to be kept secret is going to exist on Windows machines. On Linux machines. On [x] machine that isn't necessarily controlled directly by the NSA.

    And even outside such "National Security" secrets... The NSA may want to listen in on your phone calls, but it doesn't help them at all for every Tom, Dick, and Sally to have their credit card information stolen, their bank acccounts phished and plundered, and so on.

    --

    The enemies of Democracy are