Microsoft Denies It Built Backdoor Into Windows 7

← Back to Stories (view on slashdot.org)

Microsoft Denies It Built Backdoor Into Windows 7

Posted by timothy on Thursday November 19, 2009 @10:16AM from the how-are-your-wife's-bruises? dept.

CWmike writes "Microsoft has denied that it has built a backdoor into Windows 7, a concern that surfaced yesterday after a senior National Security Agency (NSA) official testified before Congress that the agency had worked on the operating system. 'Microsoft has not and will not put "backdoors" into Windows,' a company spokeswoman said, reacting to a Computerworld story Wednesday. On Monday, Richard Schaeffer, the NSA's information assurance director, told the Senate's Subcommittee on Terrorism and Homeland Security that the agency had partnered with the developer during the creation of Windows 7 'to enhance Microsoft's operating system security guide.' Thursday's categorical denial by Microsoft was accompanied by further explanation of exactly how the NSA participated in the making of Windows 7. 'The work being discussed here is purely in conjunction with our Security Compliance Management Toolkit,' said the spokeswoman. The company rolled out the Windows 7 version of the toolkit late last month, shortly after it officially launched the operating system."

71 of 450 comments (clear)

I have no problem believing MS this time... by beh · 2009-11-19 10:16 · Score: 4, Funny

I believe Microsoft anytime that they would not build back doors into the system... If they tried, the backdoor would probably have enough bugs to be unusable.
Besides - doesn't it already state it in the story:
"Microsoft has not and will not put "backdoors" into Windows"
"the agency had worked on the operating system."
Seems pretty clear, MS did NOT put a backdoor into it... ;-)
1. Re:I have no problem believing MS this time... by Wowsers · 2009-11-19 11:14 · Score: 5, Funny
  
  Why would Microsoft build a back door into Win7, when the front door is so wide open?
  
  --
  Take Nobody's Word For It.
2. Re:I have no problem believing MS this time... by rkulla · 2009-11-19 11:19 · Score: 5, Funny
  
  and it wouldn't work with the "Home" version of Windows, since nothing special ever does.
3. Re:I have no problem believing MS this time... by bug1 · 2009-11-19 11:42 · Score: 5, Insightful
  
  To say it more clearly, the allegation is that NSA put the back door in, microsoft didnt deny it. They are using political speak to make is sound like nobody put back doors in.
  An think about it, what self respecting intelligence agency wouldnt want a back door in windows. Their job is to collect intelligence, and windows is almost everywhere and handles lots of information.
  It might sound paranoid to say windows is bugged by the NSA, but it totally ignorance to suggest they wouldnt want to bug it.
4. Re:I have no problem believing MS this time... by Anonymous Coward · 2009-11-19 11:48 · Score: 3, Insightful
  
  Glenn Beck is an idiot, and one of the biggest reasons this country is falling apart. Anyone who likes him automatically relinquishes any credibility in any conversation. The man does nothing but stir up fear with lies.
5. Re:I have no problem believing MS this time... by Anonymous Coward · 2009-11-19 11:49 · Score: 3, Funny
  
  Why would Microsoft build a back door when there are windows ?
6. Re:I have no problem believing MS this time... by RazzleDazzle · 2009-11-19 12:10 · Score: 3, Funny
  
  oblig
  
  --
  ZERO ZERO ONE ZERO ONE ZERO ONE ONE! Just brushing up for my next big invention: Ethernet over Voice (EoV)
7. Re:I have no problem believing MS this time... by PopeRatzo · 2009-11-19 12:12 · Score: 3, Funny
  
  I like Beck but he does act goofy sometimes.
  His album "Sea Change" is really great.
  Or do you mean the other Beck, the one who's got the TV show and the crying and the blackboard and who is the spiritual leader of all US conservatives?
  
  --
  You are welcome on my lawn.
8. Re:I have no problem believing MS this time... by PopeRatzo · 2009-11-19 12:25 · Score: 5, Insightful
  
  What the "we're able to shut down your computer if we suspect you may not have an authorized version of our software" backdoor isn't enough of a backdoor for them?
  
  --
  You are welcome on my lawn.
9. Re:I have no problem believing MS this time... by Tanktalus · 2009-11-19 12:52 · Score: 4, Insightful
  
  Or another reasonable conclusion: the spokesperson did not, in fact, talk to every single developer who may have worked with the NSA to confirm that no back door was put in, and managed to get independent "third-party" developers to code-review everything to confirm this, thereby saying the truth as s/he knows it, which does not need to line up with objective truth as it really is.
  I've failed to keep count of the number of times I see a press release from $work claiming that we do or do not do something that I know damned well falls short of the truth. They don't usually ask me.
10. Re:I have no problem believing MS this time... by HermMunster · 2009-11-19 12:59 · Score: 4, Insightful
  
  Any admittance by Microsoft that they had would probably be deemed by the US government as a national security threat. Thus they are probably prohibited from saying anything other than a denial.
  This is a company that was convicted of predatory criminal monopolistic practices. They were nearly torn in two. Suddenly it all ended for them as if it never happened and they came through with a sweet deal that gave them even greater market share for products (via their voucher system).
  This same company holds the keys to 90% of the world's computers. The NSA has the dubious role of the most massive electronic communication surveillance entity in the world, of the world. Those two joined mean something other than what that denial professes.
  You can rightfully imagine the dismay about their disclosure for any foreign government.
  If you think there is going to be a serious threat of cyber-attack in the next 20 years, then you are more paranoid than all the tin hat wearing conspiracy theorists in all existence (past and present). At least, give the world those 20 years to undo that monopoly instead of using American tax payer dollars propping up that criminally convicted predatory monopolist.
  
  --
  You can lead a man with reason but you can't make him think.
11. Re:I have no problem believing MS this time... by Xtifr · 2009-11-19 13:02 · Score: 4, Interesting
  
  "Microsoft has not and will not put "backdoors" into Windows"
  No, no, that's "will not put 'backdoors' into Windows 7"!
  The "7" is important, because chances are high that the backdoors added to WinNT3.5 are still working just fine; no need to add any new ones! :)
  (A lot of people picked up on the "MS didn't add it" vs. "NSA worked on it", but I haven't seen any other comments about possible pre-existing backdoors.)
12. Re:I have no problem believing MS this time... by Opportunist · 2009-11-19 13:10 · Score: 3, Funny
  
  Because that's the procedure, dammit! This is the government, we follow a procedure! That's why we have three-coat toilet paper, we need 2 copies of every crap!
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
13. Re:I have no problem believing MS this time... by Attila+Dimedici · 2009-11-19 13:31 · Score: 5, Insightful
  
  .
  An think about it, what self respecting intelligence agency wouldnt want a back door in windows. Their job is to collect intelligence, and windows is almost everywhere and handles lots of information.
  It might sound paranoid to say windows is bugged by the NSA, but it totally ignorance to suggest they wouldnt want to bug it.
  You are overlooking the fact that intelligence agencies are, also, usually tasked with preventing (as much as possible) foreign countries from collecting intelligence about the U.S. government. If Windows has a back door that the NSA can use, how would they prevent foreign intelligence agencies from using it? It is a well understood fact that any security vulnerability that is introduced will be discovered by those with nefarious goals (the NSA would not view their own goals as nefarious, but they would consider the goals of many foreign intelligence agents to be nefarious).
  
  --
  The truth is that all men having power ought to be mistrusted. James Madison
14. Re:I have no problem believing MS this time... by truthsearch · 2009-11-19 14:59 · Score: 4, Insightful
  
  One of the biggest reasons this country is falling apart? On his best night less than 1% of the country is watching his show. You give him way too much credit.
  
  --
  Developers: We can use your help.
15. Re:I have no problem believing MS this time... by rtb61 · 2009-11-19 15:38 · Score: 4, Insightful
  
  Whether they did or did not put a back door in windows is arbitrary. What is of concern is a government department doing free work to improve the profitability of a single corporation against the corporate interests of every other competing corporation. Remember the screams coming out of Redmond when the NSA produce SE Linux, taht would be made available for free to all taxpayers.
  Now you have the NSA and the department of defence attempting to prop up the security incompetence of a corporation at tax payer expense so that corporation can now turn around and charge their customers for work their customers already paid for.
  If M$ is to security incompetent to produce reliable software, no government departments should be steeping ion to to their work for them they should simply stop using their software rather the propping up the company at taxpayer expense.
  Besides everybody knows backdoors belong in hardware not software, any tech person with more than half a brain dual boots and uses the Linux side of things for anything they want to keep safe and secure, the windows side is built to power a game console and that's all it should be used for.
  
  --
  Chaos - everything, everywhere, everywhen
16. Re:I have no problem believing MS this time... by moosesocks · 2009-11-19 16:27 · Score: 3, Insightful
  
  Glenn Beck is not the problem; he merely is a symptom of it.
  That said, Beck and his Fox News colleagues are indeed pouring gas on the fire. Other networks are helping by providing coverage to their non-stories. (The vaccine "controversy" being one such non-story that is touted by all networks, believed by liberals and conservatives alike, and has absolutely zero scientific evidence to back it up)
  
  --
  -- If you try to fail and succeed, which have you done? - Uli's moose
17. Re:I have no problem believing MS this time... by fluffy99 · 2009-11-19 17:54 · Score: 3, Insightful
  
  Why would Microsoft build a back door into Win7, when the front door is so wide open?
  Which is exactly why the NSA is contributing. Previously, the NSA would develop their own guide for locking down Windows. With WindowsXP they decided that effort was redundant and instead collaborated with Microsoft on their security guidelines and tools. The NSA also provides penetration and cryptographic expertise.
  The NSA has an obvious interest in helping Microsoft produce a secure product as the govt uses it quite heavily. As for backdoors, you don't really need to insert backdoors in the form of undisclosed vulnerabilities. It would not surprise me if the NSA had access to the Microsoft signing keys which would be of great value for compromising a system.
Well.. by Anonymous Coward · 2009-11-19 10:19 · Score: 5, Funny

At least, not intentionally.
Really people by jgtg32a · 2009-11-19 10:20 · Score: 5, Insightful

Why do people think that the back door is in Win7?

The NSA put the backdoor in the Intel compiler, that's a much better place to put a backdoor or more accurately spread a backdoor
1. Re:Really people by Tubal-Cain · 2009-11-19 10:23 · Score: 3, Insightful
  
  Who needs a back door when the front door is wide open? ;-)
2. Re:Really people by Anonymous Coward · 2009-11-19 10:32 · Score: 4, Funny
  
  The back door is usually considered "taboo" and therefore makes people feel like they're "bad-ass" (no pun intended). Plus, it's usually more pleasuring.
3. Re:Really people by ajs · 2009-11-19 10:54 · Score: 5, Insightful
  
  Or the network adapter firmware or the encryption libraries or the BIOS or the processor itself. Yeah, there's no reason to poke a hole in the OS itself when so much of what it depends on is at your finger tips.
  What's more, the NSA does have a legitimate reason to be involved. It's the same reason they wrote the SE/Linux extensions. They are required (in their public role) to provide the federal government with analysis and review of software for security purposes. To avoid having the NSA say, "Win 7 is too insecure, don't use it," Microsoft would go to them for review and comments prior to release, and respond to whatever concerns they have.
  People often forget that the NSA has a public function.
4. Re:Really people by commodore64_love · 2009-11-19 11:03 · Score: 4, Funny
  
  >>>Who needs a back door when the front door is wide open?
  "That's what she said!"
  
  --
  "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
5. Re:Really people by peragrin · 2009-11-19 11:15 · Score: 3, Funny
  
  along with the proper medical staff and defensive systems.
  
  --
  i thought once I was found, but it was only a dream.
6. Re:Really people by w0mprat · 2009-11-19 11:36 · Score: 5, Insightful
  
  Seriously take of your tin foil hats. What makes anyone thing NSA needs any cooperation from any vendor? If any lone black hat can pwn thousands and millions of machines from his bedroom, it stands to reason a well resourced organisation with even half-assed methodological inclination can do things that boggle our script kiddie minds. They have very few barriers to whatever they want to do, they don't need Microsofts help.
  
  I'll leave you with that while I go to make my 30-char SSH password a little longer.
  
  --
  After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
7. Re:Really people by JohnFen · 2009-11-19 11:38 · Score: 5, Insightful
  
  People often forget that the NSA has a public function.
  Oh, I don't think anyone is forgetting that at all. It's just that the NSA cannot be trusted, and Microsoft cannot be trusted, and so when the two work together the result is something untrustworthy.
8. Re:Really people by BlackSnake112 · 2009-11-19 12:05 · Score: 4, Funny
  
  They cancel each other out. So it is a positive.
  Right?
9. Re:Really people by sqlrob · 2009-11-19 13:01 · Score: 3, Informative
  
  I don't think it is. I think there's an internal compiler they use, not Visual Studio.
On the other hand... by FlyingSquidStudios · 2009-11-19 10:20 · Score: 4, Insightful

It's not like they need to put a back door on it. There will be about 500 exploits found within the next year as it is.

--
http://twitter.com/OLDTELEGRAM
Not really necessary by Misanthrope · 2009-11-19 10:20 · Score: 5, Insightful

Odds are the NSA is privy to whatever the current exploits are for windows operating systems anyways. I wouldn't be surprised if they had staff working on breaking into Windows machines if for nothing else than attacks on targets outside the US.
1. Re:Not really necessary by BobMcD · 2009-11-19 10:29 · Score: 4, Insightful
  
  Yes, this.
  And if they had smuggled something into it, the testimony before Congress would have been sealed. The fact we know about it without some kind of secret leak means that we can be confident the NSA did not think the disclosure was valuable intel.
2. Re:Not really necessary by amicusNYCL · 2009-11-19 10:34 · Score: 5, Insightful
  
  I think it's much more likely that the NSA would partner with Microsoft to ensure that Windows is actually more secure, so that those same targets outside of the US cannot get into the US government systems.
  The NSA doesn't need to rely on Windows to gain access to other networks, but considering the fact that many government systems are running Windows, the National Security Agency definitely has an interest in making sure those systems are secure.
  
  --
  "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
3. Re:Not really necessary by ajs · 2009-11-19 10:59 · Score: 5, Informative
  
  I think it's much more likely that the NSA would partner with Microsoft to ensure that Windows is actually more secure
  It's not "likely." It's their job.
4. Re:Not really necessary by TheRaven64 · 2009-11-19 11:02 · Score: 3, Interesting
  
  The NSA probably has people looking for security holes in Windows and any other widely deployed piece of software, just as they have people looking for weaknesses in widely deployed cryptographic algorithms (and ones they are thinking of deploying). I they need to get into a system, they probably have a few undisclosed vulnerabilities on hand to do so with. They also probably let the companies in question know, if the US government is using the systems in question. The only interesting thing about this is that the NSA has access to the Windows source code for exploit hunting. That's not very interesting though, because the British and Chinese governments do to, and so (I assume) do others.
  
  --
  I am TheRaven on Soylent News
5. Re:Not really necessary by sexybomber · 2009-11-19 11:34 · Score: 4, Insightful
  
  This too. I've got a really good sense of smell, so I can smell a rat from a mile away. This story's not hiding one. For all the lies the NSA does tell, they're not going to freakin' lie to Congress at every opportunity. Just because the Boy King did it for eight years straight didn't magically render it OK. I dunno if this guy was under oath or not, but still, that's not something you do lightly. Plus, this isn't the Director making the statement, it's one of the lesser Director bureaucritters (I think the dude's title was "Information Assurance Officer" or something); if he's caught lying to Congress, he's gone. He's one of the guys the Director would pin blame on if he ever got caught.
  
  Wait a second ...
  
  <paranoia intensity="100%"> But maybe that's what they want me to think ... oh no.
6. Re:Not really necessary by duffbeer703 · 2009-11-19 11:42 · Score: 4, Interesting
  
  I'd say a more likely NSA "backdoor" would be some sort of subtle flaw in the implementation of an encryption, hash or some other algorithm critical to Windows. NSA spends alot of time and money on cryptanalysis.
  
  --
  Conformity is the jailer of freedom and enemy of growth. -JFK
7. Re:Not really necessary by cbhacking · 2009-11-19 12:39 · Score: 4, Insightful
  
  Considering that historically the NSA has improved cryptographic implementations against attacks that were (at the time) unknown to the public, I'd say that's almost certainly BS. For example, DES. Even when their modifications appeared to be weakening the encryption algorithm, once the algorithm was a standard and other parties got around to hunting weaknesses for it, it was found that the modified version (which had become the standard) was far more resistant to attack. Turns out the attack had been known but kept secret, yet the algorithm had been modified to make the attack weaker.
  TL;DR: No, the NSA uses their extensive cryptanalysis knowledge to take backdoors *out* of encryption, rather than to put them in. Remember: we (the US, including the government) use it too, and enemy forces might stumble upon any backdoor they leave/put in place.
  
  --
  There's no place I could be, since I've found Serenity...
8. Re:Not really necessary by ShadowRangerRIT · 2009-11-19 12:59 · Score: 4, Insightful
  
  Sigh. Roughly half (and that's very rough, but it's not laughably off) the staff at NSA are IA types. I knew several co-op program participants who worked on both sides of the aisle. Information Assurance (defined as protecting the integrity of the U.S. government's computers and networks) is a huge part of what the NSA does.
  
  --
  $_ = "wftedskaebjgdpjgidbsmnjgcdwatb"; tr/a-z/oh, turtleneck Phrase Jar!/; print
"We did NOT put in a backdoor for the NSA." by John+Hasler · 2009-11-19 10:20 · Score: 5, Insightful

"It's for the RIAA."

--
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
With props to Bill Cosby by Fishbulb · 2009-11-19 10:23 · Score: 4, Funny

God: "NOAH!"
Noah: "What!"
God: "Noah, I did not put a backdoor in Windows 7."
Noah: "[...] RIGHT."
NSA helped on Linux as well by prestwich · 2009-11-19 10:24 · Score: 5, Insightful

The NSA did SELinux (for Linux...) so I don't think it's unreasonable to think they might have helped MS on security issues without doing anything nasty.
1. Re:NSA helped on Linux as well by Jeng · 2009-11-19 10:44 · Score: 3, Informative
  
  There was quite abit of concern that Microsoft put in a backdoor for the NSA on Windows 95 though Windows 2000.
  http://news.bbc.co.uk/2/hi/sci/tech/437967.stm
  It was never confirmed that a backdoor was installed.
  
  --
  Don't know something? Look it up. Still don't know? Then ask.
2. Re:NSA helped on Linux as well by G-Man · 2009-11-19 10:52 · Score: 5, Informative
  
  And they also recommended a couple of changes to DES when it was being developed:
  http://www.schneier.com/blog/archives/2004/10/the_legacy_of_d.html
  Folks at the time thought it was some nefarious backdoor, but a couple of decades later came to realize it actually improved the security of DES.
3. Re:NSA helped on Linux as well by CannonballHead · 2009-11-19 11:13 · Score: 4, Interesting
  
  where all eyes in the world are watching what they do
  I have never looked at the SELinux code.... have you?
4. Re:NSA helped on Linux as well by bill_mcgonigle · 2009-11-19 12:09 · Score: 3, Insightful
  
  Which is why I trust SELinux less than most other flavors. Sure, I can look at the code, but what are the odds I'm looking at the right part of the code, and even if I am, what are the odds that I'll actually spot a weak point?
  
  You and thirty thousand other security researchers from every industrialized nation on Earth. That's the thing, 'Open Source Community' contains three important words.
  
  --
  My God, it's Full of Source!
  OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
5. Re:NSA helped on Linux as well by Anpheus · 2009-11-19 14:43 · Score: 4, Informative
  
  DES with twice the key length wasn't proportionally stronger, and the speed of computation was important enough that halving the key length with a negligible impact on strength was well advised.
  3DES at 168 bits isn't nearly as strong, cryptographically, as AES or many other modern algorithms. Yet many of these algorithms can use 128-bit keys and 128-bit block sizes. So key size does not make the algorithm.
  In hindsight, the NSA is fully validated on DES.
Re:Well by Anonymous Coward · 2009-11-19 10:25 · Score: 5, Funny

This is true. However, I plan to register microsoftrapedandkilledandembeddedinwindows7ayounggirlin2009.com because they haven't denied that they have not.
I Tried to Interview Microsoft About This by eldavojohn · 2009-11-19 10:28 · Score: 5, Funny

I asked them if they had put any backdoors in Windows 7 and the representative said loudly and nervously that that was preposterous and 'patently false' while scribbling something on a piece of paper. He slid it across his desk to me. It read:

Please, they have microphones in my clothes, on the desk, in the walls, the fly buzzing by your mouth is their robot!!! Meet me by the dumpster out back around 5pm, come alone.
Unfortunately I have a bad habit of reading things aloud when I read them and by the time I was finished the fly was gone and the man sitting across from me was dead. The government doctor that rushed in the room and gave him pentobarbital in an attempt to revive him said it was due to an aneurysm caused by a robotic fly which he says he sees a lot of so it's nothing for me to look into.

I guess there's no story here after all.

--
My work here is dung.
1. Re:I Tried to Interview Microsoft About This by Red+Flayer · 2009-11-19 10:40 · Score: 4, Funny
  
  That story is patently absurd.
  
  I asked them if they had put any backdoors in Windows 7 and the representative said loudly and nervously that that was preposterous and 'patently false' while scribbling something on a piece of paper.
  MS marketing reps can't write.
  
  --
  "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
2. Re:I Tried to Interview Microsoft About This by CannonballHead · 2009-11-19 11:15 · Score: 3, Funny
  
  That story is patently absurd.
  Whatever. You're just a patent troll.
3. Re:I Tried to Interview Microsoft About This by fermion · 2009-11-19 12:02 · Score: 3, Funny
  
  no rumor is officially true until it is officially denied.
  
  --
  "She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
Idiocy of ComputerWorld and slashdot... by Anonymous Coward · 2009-11-19 10:34 · Score: 5, Insightful

NSA: "We wrote a guide and a separate tool to help in enterprise security management"

ComputerWorld: "OMG NSA TROJANED WINDOWS 7"

NSA: "WTF? We made a document and stand-alone download..."

ComputerWorld: "CONSPIRACY!"

NSA: "Uh, we work with linux too you know... SELinux...?"

ComputerWorld: "FRONTPAGE HEADLINE NEWS! WINDOWS 7 BACKDOOR EXISTS!"

Slashdot: "ZOMG! NSA MADE A WINDOWS 7 BACKDOOR!"
I'm the NSA... by Anonymous Coward · 2009-11-19 10:36 · Score: 5, Funny

and Windows 7 was my idea.
1. Re:I'm the NSA... by eldavojohn · 2009-11-19 10:56 · Score: 5, Funny
  
  and Windows 7 was my idea.
  John Hodgman: "Hi, I'm a PC."
  *silence*
  John Hodgman: "Oh, and Mac couldn't be here today because Windows 7 fiddled with his brakes. So ... I guess you know who to choose."
  
  --
  My work here is dung.
Strategic Defense Initiative by Corson · 2009-11-19 10:41 · Score: 4, Insightful

An OS that runs on 90% of computers in the world is a de facto strategic weapon.
Who needs a back door? by David+Gerard · 2009-11-19 10:48 · Score: 5, Funny

Despite many years’ warnings that Microsoft regards security as a marketing problem and has only ever done the absolute minimum it can get away with, millions of users who click on any rubbish they see in the hope of pictures of female tennis stars having wardrobe malfunctions still fail to believe that taking Windows out on the Internet is like standing bent over in the street in downtown Gomorrah, naked, arse greased up and carrying a flashing neon sign saying “COME AND GET IT.”
Microsoft cannot believe people have not applied the patch for the problems, just because they keep trying to use Windows Genuine Advantage to break legally-bought systems. “Don’t they trust us?” asked marketing marketer Steve Ballmer.
Millions of smug Mac users and the four hundred smug Linux users pointed and laughed, having long given up trying to convince their Windows-using friends to see sense. “There’s a reason the Unix system on Mac OS X is called Darwin,” said appallingly smug Mac user Arty Phagge.
“It can’t be stupid if everyone else runs it,” said Windows user Joe Beleaguered, who had lost all his email, business files, MP3s and porn again. “Macs cost more than Windows PCs.”
“Yes,” said Phagge. “Yes, they do.”
Ubuntu Linux developer Hiram Nerdboy frantically tried to get our attention about something or other, but we can’t say we care.

--
http://rocknerd.co.uk
1. Re:Who needs a back door? by notarockstar1979 · 2009-11-19 11:56 · Score: 4, Funny
  
  What about all three of the BSD users?
This is silly by Dunbal · 2009-11-19 10:53 · Score: 3, Funny

Of course you can trust the government. I mean, this is the NSA we're talking about. They're on YOUR side.
And as for Microsoft, or any other multinational company for that matter, they have grown to the size that they are because they are 100% honest to goodness hard working souls that, when faced with a decision, will always take the ethically correct side. I mean that's how you get fantastically rich, isn't it? Ask our hard working friends at Goldman Sachs, for example!
I'm shocked that you could even consider that Microsoft could be lying. I mean, what happens if they get caught lying? Surely the "back door" would be right there in the source code for all to see, and they'd be found out right away. Oh, wait... sorry, you don't get to see the source code. But Microsoft apologized for violating the GPL, that makes them GOOD guys. You're not suggesting that if anyone ever DID find out some sort of way to control a Windows machine, all they'd have to do is call it a "security vulnerability" and issue a patch (with a different back door) for it, are you?

--
Seven puppies were harmed during the making of this post.
Probably easier to back door Linux. by tjstork · 2009-11-19 10:56 · Score: 4, Interesting

You know, its funny, but if the NSA ever got its hooks into a repository, it could do all sorts of fun stuff that way in Linux. We only "trust" Linux because Linux is a huge trust circle. WE trust it because its open, and assume that someone else must have looked at it. But I have about as much idea of what's going on inside of my Ubuntu as I did my Windows, from a backdoor perspective.

--
This is my sig.
The lady doth protest too much, methinks by Mansing · 2009-11-19 11:04 · Score: 3, Insightful

MSFT would sell their children's souls to keep Windows on the government's desktop PCs.
Oh sure, there's a back door in Windows 7 by twoears · 2009-11-19 11:10 · Score: 3, Funny

But it's only in the goatse edition.
Under the PATRIOT act... by jcr · 2009-11-19 11:22 · Score: 4, Insightful

If Microsoft had assisted the NSA and deliberately buggered their security model for the government's purposes, it would be a federal crime for them to admit it.
-jcr

--
The only title of honor that a tyrant can grant is "Enemy of the State."
Re:denial = admission by base3 · 2009-11-19 11:32 · Score: 3, Interesting

Finally, if there were a backdoor, if Microsoft used it for anything against the most gave of crimes, they would tip their hand, and people would realize there is a hidden way in the OS. Then either #2 or #1 would happen, which either would be REALLY bad for MS.

That's a comforting belief, but you underestimate the ability of law enforcement to gather evidence that's either illegal or would reveal sources and methods (or in this case, likely both), use that knowledge to "stumble" on some information, and use that information which can be held out as having been legally obtained to bootstrap a warrant.
For an analogy outside computer technology, consider the cop driving up and down the street illegally spying with a FLIR camera; when s/he gets a hit, he just "happens upon" some suspicious persons or "hears an anonymous tip." With that, Jane/Johnny Law obtains a warrant, busts down the door, and seizes the grow operation--that s/he wouldn't have known about but for illegal surveillance. Of course, this approach has backfired at least once.

--
One CPU cycle wasted on digital restrictions management is ONE TOO MANY.
Joshua by slagheap · 2009-11-19 11:32 · Score: 3, Funny

Mr. Potato Head! Mr. Potato Head! Back doors are not secrets!

--
First against the wall when the revolution comes
A better "I'm a Mac" ad... by nokiator · 2009-11-19 11:39 · Score: 4, Funny

"Hi, I'm a Mac"
"Hi, I'm a PC"
and then the NSA guy with the latex glove enters the scene...
Never believe something until... by Helldesk+Hound · 2009-11-19 12:04 · Score: 5, Insightful

Never believe something until it is officially denied. :o)
A test? by Well-Fed+Troll · 2009-11-19 13:17 · Score: 5, Interesting

The developers should designate one person for compromise testing. It's his job to try to get compromises to the kernel. He will submit a patch to a random developer every 6 months, the developer submits the patch, and if it is missed and gets included in the main tree it triggers a more widespread code audit. Offer a $1000 reward to anyone finding the offending or more dangerous backdoor.
This should keep the developers on their toes and give us some confidence that the code IS being audited properly.
There's more than one way by AnalPerfume · 2009-11-19 15:27 · Score: 4, Interesting

Microsoft don't need to have actively created a back door for one to exist, look at the code the call "secure" and how many exploits are found daily for it. This is them supposedly trying NOT to have exploits. They already have back doors for DRM control and instructions to please their real customers ie other companies, as well as their own WGA all for the common enrichment of rights holders. So just because Microsoft don't intentionally create back doors for the NSA means nothing.

Like any other intelligence agency, spying on people who use Windows would be a prime goal, but there's plenty of malware out there to do that, with Microsoft and the security industry formed to fix the holes left by Microsoft's technical incompetence can only fix so much. There's no reason why the NSA couldn't develop their own malware with VB and run it like any other criminals, without any collusion with Microsoft at all.

Given the fact that Windows is as secure as a paper tank at the best of times, and the governments of the world seem to want to insist that people use Windows, it's mot hard to imagine Microsoft suits using the "hey if you force your people to use our software, you can spy on what they do with them much easier" as a reason NOT to support calls for a FOSS / Linux switch.

Given how many crimes Microsoft get away with in more jurisdictions it's also not hard to imagine a meeting where Microsoft agree to turn a blind eye to malware from certain sources in return for cases being dropped, or friendly judges put on the case who will promptly find in favour of Microsoft, and dismiss any logical evidence that they've done anything wrong.

As far as "it's in our interests to make Windows secure as we use it", how much of the US defense network still use Windows? I've noticed some have switched to Linux, while Microsoft had to create a special "secure XP" for them because the regular one wasn't up to the task. How easy would it be for the entire network to switch to Linux to protect itself while endorsing Windows for everyone else as it gives them and easy target to hit if they need to? They could even get Linux to pretend it's Windows when queried so nobody outside would know.

Remember most govt departments are VERY partisan, they don't like to co-operate as much as they should. They don't like sharing stuff that would help everyone because if only they do it and look good, they look even better in comparison to other departments who didn't do it. The contrast is even wider.
NOBODY is mentioning FIPS? by CFD339 · 2009-11-19 16:22 · Score: 4, Interesting

My limited understanding of FIPS compliance is such that I thing the likelihood is much higher that the involvement of the NSA is to work with Microsoft (as they have others) to make sure the right libraries are used and so on for FIPS compliance. If you want to sell software to the US Government, it must be FIPS compliant.
The following is my understanding (which is likely flawed in some ways, but I think is fairly close to accurate) of how FIPS works (Taken from a response I wrote to someone else about this).
In all likelihood, this is all about their encryption being FIPS compliant and has nothing to do with backdoors.
The way I understand FIPS (because I got a mini-lesson on it during an SDR as they were doing it for [another software product I work with alot]) you have to use very specific encryption protocols that not only meet the standard for the encryption routine (e.g. RSA, or whatever) and the bit-size, but you have to use one of a specific set of approved implementation libraries.
That means you can use the exact same encrypting schema and key size as FIPS specifies, but if you don't do the encryption with an approved library, you're not compliant.
The rules get weirder from there. If you are required to be FIPS compliant at work, and must send something encrypted, you have to send it to someone who is also FIPS compliant. -- follow this logic now -- if you have to send it to someone who is NOT compliant, even though they use compatible encryption/decryption code and have exchanged keys with you, you CANNOT send them the encrypted file because their libraries are not FIPS compliant. You can, however, send them the file IN THE CLEAR if you decide it's safe to do so.
In other words, FIPS says it is better to send something in the clear if you cannot be sure the other end is FIPS compliant, even if they can decrypt what you're sending.
That's your government at work.
BTW: The routines which ARE certified have been fully vetted by many government and non-government people, and do not contain any special code in them that would lead to making decryption by the NSA any easier than it would otherwise be. Since the routines are by nature just implementation of well know encryption standards, the only way to do that would be to interrupt the key pair creation process and use "less random" seeds. I don't believe FIPS specifies the random number generation routine used.
Hope this helps.

--
The problem with quotes on the internet, is that nobody bothers to check their veracity. -- Abraham Lincoln
The NSA has helped LInux in the same way, FFS by Chris+Burke · 2009-11-19 16:25 · Score: 5, Insightful

Seriously, you're absolutely correct. The NSA has every incentive to improve the security of Windows, not compromise it. They did the same for Linux, where you can see the changes they made. In the past, they've made suggestions for improvements to encryption algorithms that academic researchers later realized had a sound mathematical basis. The NSA is as much about strengthening computer systems as they are compromising them. Hell, if in a particular situation they want to compromise the security of a system, all they usually have to do is ask (see: AT&T et. al.).
The thing is, they know that important information they want to be kept secret is going to exist on Windows machines. On Linux machines. On [x] machine that isn't necessarily controlled directly by the NSA.
And even outside such "National Security" secrets... The NSA may want to listen in on your phone calls, but it doesn't help them at all for every Tom, Dick, and Sally to have their credit card information stolen, their bank acccounts phished and plundered, and so on.

--

The enemies of Democracy are