Microsoft Denies It Built Backdoor Into Windows 7

CWmike writes "Microsoft has denied that it has built a backdoor into Windows 7, a concern that surfaced yesterday after a senior National Security Agency (NSA) official testified before Congress that the agency had worked on the operating system. 'Microsoft has not and will not put "backdoors" into Windows,' a company spokeswoman said, reacting to a Computerworld story Wednesday. On Monday, Richard Schaeffer, the NSA's information assurance director, told the Senate's Subcommittee on Terrorism and Homeland Security that the agency had partnered with the developer during the creation of Windows 7 'to enhance Microsoft's operating system security guide.' Thursday's categorical denial by Microsoft was accompanied by further explanation of exactly how the NSA participated in the making of Windows 7. 'The work being discussed here is purely in conjunction with our Security Compliance Management Toolkit,' said the spokeswoman. The company rolled out the Windows 7 version of the toolkit late last month, shortly after it officially launched the operating system."

Probably easier to back door Linux.

[tjstork]

You know, its funny, but if the NSA ever got its hooks into a repository, it could do all sorts of fun stuff that way in Linux. We only "trust" Linux because Linux is a huge trust circle. WE trust it because its open, and assume that someone else must have looked at it. But I have about as much idea of what's going on inside of my Ubuntu as I did my Windows, from a backdoor perspective.

Re:Not really necessary

[TheRaven64]

The NSA probably has people looking for security holes in Windows and any other widely deployed piece of software, just as they have people looking for weaknesses in widely deployed cryptographic algorithms (and ones they are thinking of deploying). I they need to get into a system, they probably have a few undisclosed vulnerabilities on hand to do so with. They also probably let the companies in question know, if the US government is using the systems in question. The only interesting thing about this is that the NSA has access to the Windows source code for exploit hunting. That's not very interesting though, because the British and Chinese governments do to, and so (I assume) do others.

Re:NSA helped on Linux as well

[CannonballHead]

where all eyes in the world are watching what they do

I have never looked at the SELinux code.... have you?

Re:denial = admission

[base3]

Finally, if there were a backdoor, if Microsoft used it for anything against the most gave of crimes, they would tip their hand, and people would realize there is a hidden way in the OS. Then either #2 or #1 would happen, which either would be REALLY bad for MS.

That's a comforting belief, but you underestimate the ability of law enforcement to gather evidence that's either illegal or would reveal sources and methods (or in this case, likely both), use that knowledge to "stumble" on some information, and use that information which can be held out as having been legally obtained to bootstrap a warrant.

For an analogy outside computer technology, consider the cop driving up and down the street illegally spying with a FLIR camera; when s/he gets a hit, he just "happens upon" some suspicious persons or "hears an anonymous tip." With that, Jane/Johnny Law obtains a warrant, busts down the door, and seizes the grow operation--that s/he wouldn't have known about but for illegal surveillance. Of course, this approach has backfired at least once.

Re:Not really necessary

[duffbeer703]

I'd say a more likely NSA "backdoor" would be some sort of subtle flaw in the implementation of an encryption, hash or some other algorithm critical to Windows. NSA spends alot of time and money on cryptanalysis.

Re:I have no problem believing MS this time...

[Xtifr]

"Microsoft has not and will not put "backdoors" into Windows"

No, no, that's "will not put 'backdoors' into Windows 7"!

The "7" is important, because chances are high that the backdoors added to WinNT3.5 are still working just fine; no need to add any new ones! :)

(A lot of people picked up on the "MS didn't add it" vs. "NSA worked on it", but I haven't seen any other comments about possible pre-existing backdoors.)

A test?

[Well-Fed+Troll]

The developers should designate one person for compromise testing. It's his job to try to get compromises to the kernel. He will submit a patch to a random developer every 6 months, the developer submits the patch, and if it is missed and gets included in the main tree it triggers a more widespread code audit. Offer a $1000 reward to anyone finding the offending or more dangerous backdoor.
This should keep the developers on their toes and give us some confidence that the code IS being audited properly.

There's more than one way

[AnalPerfume]

Microsoft don't need to have actively created a back door for one to exist, look at the code the call "secure" and how many exploits are found daily for it. This is them supposedly trying NOT to have exploits. They already have back doors for DRM control and instructions to please their real customers ie other companies, as well as their own WGA all for the common enrichment of rights holders. So just because Microsoft don't intentionally create back doors for the NSA means nothing.

Like any other intelligence agency, spying on people who use Windows would be a prime goal, but there's plenty of malware out there to do that, with Microsoft and the security industry formed to fix the holes left by Microsoft's technical incompetence can only fix so much. There's no reason why the NSA couldn't develop their own malware with VB and run it like any other criminals, without any collusion with Microsoft at all.

Given the fact that Windows is as secure as a paper tank at the best of times, and the governments of the world seem to want to insist that people use Windows, it's mot hard to imagine Microsoft suits using the "hey if you force your people to use our software, you can spy on what they do with them much easier" as a reason NOT to support calls for a FOSS / Linux switch.

Given how many crimes Microsoft get away with in more jurisdictions it's also not hard to imagine a meeting where Microsoft agree to turn a blind eye to malware from certain sources in return for cases being dropped, or friendly judges put on the case who will promptly find in favour of Microsoft, and dismiss any logical evidence that they've done anything wrong.

As far as "it's in our interests to make Windows secure as we use it", how much of the US defense network still use Windows? I've noticed some have switched to Linux, while Microsoft had to create a special "secure XP" for them because the regular one wasn't up to the task. How easy would it be for the entire network to switch to Linux to protect itself while endorsing Windows for everyone else as it gives them and easy target to hit if they need to? They could even get Linux to pretend it's Windows when queried so nobody outside would know.

Remember most govt departments are VERY partisan, they don't like to co-operate as much as they should. They don't like sharing stuff that would help everyone because if only they do it and look good, they look even better in comparison to other departments who didn't do it. The contrast is even wider.

NOBODY is mentioning FIPS?

[CFD339]

My limited understanding of FIPS compliance is such that I thing the likelihood is much higher that the involvement of the NSA is to work with Microsoft (as they have others) to make sure the right libraries are used and so on for FIPS compliance. If you want to sell software to the US Government, it must be FIPS compliant.

The following is my understanding (which is likely flawed in some ways, but I think is fairly close to accurate) of how FIPS works (Taken from a response I wrote to someone else about this).

In all likelihood, this is all about their encryption being FIPS compliant and has nothing to do with backdoors.

The way I understand FIPS (because I got a mini-lesson on it during an SDR as they were doing it for [another software product I work with alot]) you have to use very specific encryption protocols that not only meet the standard for the encryption routine (e.g. RSA, or whatever) and the bit-size, but you have to use one of a specific set of approved implementation libraries.

That means you can use the exact same encrypting schema and key size as FIPS specifies, but if you don't do the encryption with an approved library, you're not compliant.

The rules get weirder from there. If you are required to be FIPS compliant at work, and must send something encrypted, you have to send it to someone who is also FIPS compliant. -- follow this logic now -- if you have to send it to someone who is NOT compliant, even though they use compatible encryption/decryption code and have exchanged keys with you, you CANNOT send them the encrypted file because their libraries are not FIPS compliant. You can, however, send them the file IN THE CLEAR if you decide it's safe to do so.

In other words, FIPS says it is better to send something in the clear if you cannot be sure the other end is FIPS compliant, even if they can decrypt what you're sending.

That's your government at work.

BTW: The routines which ARE certified have been fully vetted by many government and non-government people, and do not contain any special code in them that would lead to making decryption by the NSA any easier than it would otherwise be. Since the routines are by nature just implementation of well know encryption standards, the only way to do that would be to interrupt the key pair creation process and use "less random" seeds. I don't believe FIPS specifies the random number generation routine used.

Hope this helps.