Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Opens Source Code To KGB's Successor Agency

Posted by timothy on from the we'll-trade-for-american-spyware dept.

Jack Spine writes "Microsoft has struck a deal with the Russian government which will give the FSB, successor to the KGB, access to the source code for Windows 7, among other products. The agreement is an extension of Microsoft's Government Security Program, according to a source with links to the UK government."

16 of 187 comments (clear)

  1. security holes of releasing source code by Anonymous Coward · · Score: 5, Insightful

    yay, so now the Russians will know all the holes in Windows 7 and how to exploit them, no?

    1. Re:security holes of releasing source code by Vectormatic · · Score: 1, Insightful

      Last I heard (which, admittedly, was around 2002), the source code that they provide is not enough to build a complete Windows system, and the license does not permit building it, only reviewing it, so this only lets you find (but not fix) accidental flaws, not malicious ones.

      What use is it anyway then? I gather the russians (and brits, americans, chinese) want to be able to fully review the software in order to clear it for national security, what would be the point of only getting 90% of the code, and being allowed to build from it?

      i'd say a specific linux build for national security sensitive applications is in order, in every country which might want to stop the US or MS from spying in their stuff (which is everyone, including the US themselves)

      --
      People, what a bunch of bastards
    2. Re:security holes of releasing source code by elrous0 · · Score: 2, Insightful

      so now the Russians will know all the holes in Windows 7 and how to exploit them, no?

      Them and every other hacker on the planet.

      --
      SJW: Someone who has run out of real oppression, and has to fake it.
    3. Re:security holes of releasing source code by datapharmer · · Score: 3, Insightful

      i'd say a specific linux build for national security sensitive applications is in order

      Try setting SE Linux to "enabled".

      --
      Get a web developer
    4. Re:security holes of releasing source code by morgan_greywolf · · Score: 5, Insightful

      Do you really think most countries have any interest in reviewing all the code in windows?

      If you can't compile the code into a working binary using the same compiler that was used to produce the production binary because you're missing parts, then you can't be sure that the source code you have represents the binary you're using. You have take Microsoft's word for it, and it's not like the rep you're talking to is the actual guy who manages the build, so even he doesn't actually know for sure.

      An incomplete set of source is absolutely useless for a true security audit.

      --
      My blog
    5. Re:security holes of releasing source code by suso · · Score: 2, Insightful

      and the license does not permit building it, only reviewing it, so this only lets you find (but not fix) accidental flaws, not malicious ones.

      Oh noes, a license. That will stop em.

  2. Available as a Torrent in 3... 2... 1... by Xtense · · Score: 4, Insightful

    Available as a Torrent in 3... 2... 1...

    --
    "We are the music makers, and we are the dreamers of dreams [...]."
  3. Brilliant Idea by Anonymous Coward · · Score: 1, Insightful

    Giving the OS source code to the Russians... what could go wrong?

  4. Re:Successor agency by glwtta · · Score: 2, Insightful

    Holy shit, that just completely blew my mind!

    --
    sic transit gloria mundi
  5. As Stalin said by gillbates · · Score: 5, Insightful

    Wasn't it Stalin who said, "The capitalists will sell us the rope we use to hang them."

    Nice to know that Microsoft, after complaining for years that open source was insecure because anyone could see the code, is now providing same to Russia. Nothing quite like putting quarterly profits above national security.

    --
    The society for a thought-free internet welcomes you.
  6. Re:we need open source by law by Bing+Tsher+E · · Score: 2, Insightful

    Why? The copyright protects a specific binary implementation. Are you implying that Microsoft's copyright protection should be extended to the method they use? That's what it sounds like.

  7. Re:Buildable? by tibman · · Score: 4, Insightful

    How can the russians trust the source code to a binary if they can't compile and compare the binaries?

    --
    http://soylentnews.org/~tibman
  8. Re:I'm sure this will turn out well by dargaud · · Score: 3, Insightful

    When you ask a russian his opinion on some leader (either russian or otherwise), whenever he wants to praise that leader, he'll always add 'he's a strong leader'. It seems that russians only recognize leadership when it is associated with strength, so do not be surprised that they go from dictatorship to dictatorship. It's mostly self-inflicted.

    --
    Non-Linux Penguins ?
  9. How the worm turns.... by zkiwi34 · · Score: 3, Insightful

    It wasn't all that long ago when dear old Bil Gates et al were claiming in front of the DoJ that giving anyone (their competitors) access to Windows code would be a threat to national security. Fast forward to now and it appears that either the truth changed a whole lot or for some reason national security interests are served by giving China and Russia and who knows, maybe even the French access to Windows source.

    The new Windows, our most secure OS ever!! Well...

    1. Re:How the worm turns.... by thoth · · Score: 2, Insightful

      They changed even faster than that. IIRC, it was Jim Allchin that said releasing the source code for a portion of Windows (the message queue), would have serious US national security implications. This was in 2002, during the post-DOJ lawsuit cleanup where some states filed a separate lawsuit.

      Less that a year later in early 2003, Microsoft entered into a broad source code sharing arrangement, with Russia, China, and many NATO members.
      http://www.microsoft.com/presspass/press/2003/feb03/02-28GSPChinaPR.mspx

      From "serious US national security issues" to "here you go Russia and China" in less than a year.

  10. All the code? by Anonymous Coward · · Score: 1, Insightful

    So microsoft is giving them all the code? So they can compile it on site and have it run? Or are they giving them pieces of paper that they can read in their spare time; pieces of paper with pseudocode that give a rough general idea of approximately something? Its one thing to be given pieces of paper, another to compile it and see it run with full functionality. Using microsoft anything is a bad choice because you cannot audit it. The Russian government can now audit their stuff, but upon inspection, will give it back to them, since they can see for themselves exactly how bad it is.