Microsoft Delivers Secure China-Only Cut of Windows 10

Earlier this week, CEO of Microsoft Greater China, Alain Crozier, told China Daily that the company is ready to roll out a version of Windows 10 with extra security features demanded by China's government. "We have already developed the first version of the Windows 10 government secure system. It has been tested by three large enterprise customers," Crozier said. The Register reports: China used Edward Snowden's revelations to question whether western technology products could compromise its security. Policy responses included source code reviews for foreign vendors and requiring Chinese buyers to shop from an approved list of products. Microsoft, IBM and Intel all refused to submit source code for inspection, but Redmond and Big Blue have found other ways to get their code into China. IBM's route is a partnership with Dalian Wanda to bring its cloud behind the Great Firewall. Microsoft last year revealed its intention to build a version of Windows 10 for Chinese government users in partnership with state-owned company China Electronics Technology Group Corp. There's no reason to believe Crozier's remarks are incorrect, because Microsoft has a massive incentive to deliver a version of Windows 10 that China's government will accept. To understand why, consider that China's military has over two million active service personnel, the nation's railways employ similar numbers and Microsoft's partner China Electronics Technology Group Corp has more than 140,000 people on its books. Not all of those are going to need Windows, but plenty will.

Re:No need for Microsoft to spy on the Chinese

[Zontar+The+Mindless]

There aren't any Muslims in China, so they don't face the same terrorism issues that western national do.

Wrong, and wrong.

Re:No need for Microsoft to spy on the Chinese

[cavreader]

There are Muslims in China. The largest concentration are the Uighurs who have clashed by the Chinese government for years.

The Chinese government also has an official policy that calls on people to report their neighbors, friends and relatives for âoeluring minors into religious activitiesâ in the province where the countryâ(TM)s largest Muslim population lives.

Secure by name

[manu0601]

They call it secure, but provide no information about security features. From TFA:

The Register has asked Microsoft to explain the security features of Windows Red, but had not received a reply at the time of writing. You know the drill: we'll update this story if Microsoft sends any information.

Re:Secure by name

[Fire_Wraith]

China does have source code review rights, and are probably pretty concerned about anything that phones home to the USA.

What I'll find really ironic, though, is if they just end up with the China version of Windows 10 stripping out all the privacy invasion and ad related crap. If that's the case, I might just have to see if I can get my hands on a Chinese copy of Win 10 instead.

Re:Secure by name

[_merlin]

Role-based administration and privilege separation. Linux still sucks in this area. With windows you get a security token that gives you permission to do just what you need, on Linux you need to suid yourself to root to do just about anything, which allows you to do absolutely everything. The massive whitelist that is selinux is a backwards way of implementing security.

Re:Secure by name

[_merlin]

I know what sudo does. I know about filesystem capabilities. I know about NFSv4 ACLs.

But look at e.g. passwd - it needs to be suid so it can update your password hash. It doesn't just get a token that gives it permission to update your password hash, it gets permission to do whatever the fuck it wants on your system. Then you have a whitelist of what it's supposed to be able to do in SELinux that should hopefully stop it from doing anything besides updating a password hash, but there's nothing to stop it updating the password hash for a user other than the one who ran it, or blowing away the password hashes entirely or something. Without SELinux, a bug in passwd has the potential to totally pwn your system, and with SELinux it a bug could still wreak havoc with the password hash database.

By comparison, on Windows when you want to change your password, the program can get a security token that just gives it permission to change your password. It doesn't need to escalate all the way to root privileges, you don't need a separately maintained whitelist for what this program can do. A bug in a password change utility on Windows can at worst change your password to something stupid.

That's not to say that Windows is perfect, or that applications will always only request the rights they need (plenty of "enterprise" tools grab all the rights they can all the time because it's easier for developers), but fundamentally security tokens are a better model than the *NIX approach of suid and hope it doesn't have an exploitable bug.

Re:Secure by name

[Megol]

Windows NT was developed with better security than Unix from scratch. The permission mechanism is very powerful (too powerful according to some) compared to the basic Unix mechanism (root all powerful, users are members of groups, RWX rights, wheel to patch that up some). So no, not _always_ a late adopter. Compared to Unix that is - which I assume is what you like to compare to? Multics did a lot of security work back in the days but was mostly derided by the Unixians. Keykos with its capability system was also pretty damn secure if correctly configured etc.

Re:Secure by name

[jez9999]

What I'll find really ironic, though, is if they just end up with the China version of Windows 10 stripping out all the privacy invasion and ad related crap.

Hardly. They'll just redirect all the telemetry to the Chinese government.

Whoa!

[Ol+Olsoc]

Full stop! We've had the Microsoft shills in here telling us that Microsoft isn't collecting data, that it's not an invasion of privacy, and that we aren't handing them the keys to the kingdom.

So quickly shills, exapand on this. Tell us why there is no spying by Microsoft, yet despite no spying, they produced a version that doesn't spy less on us than the version that already doesn't spy on us. Inquiring minds want to know.

Large numbers law

[hcs_$reboot]

China could ask Nadella whatever feature they want. 1+ billion potential users have their way..

How about the rest of us?

[wvmarle]

So let's take MS's claims of a more secure Windows at face value.

This means two things. First of all, the Windows they released to the market is unnecessarily insecure, and MS knows that.

Secondly, why would they only offer this enhanced security to the Chinese, and not to the rest of the world?

All software ought to be as secure as possible. If there are security enhancements available, a vendor ought to roll them out to all their users. Here MS is failing in both: Windows can be (much) more secure than it is, and they're not releasing this improvement to the rest of their users.

That, or MS is lying through their teeth to get into China. That may be possible, but while you can say a lot of bad things about the Chinese government, their people by and large are definitely not stupid so there has to be at least some weight to the claims of MS.

Re:How about the rest of us?

Secondly, why would they only offer this enhanced security to the Chinese, and not to the rest of the world?

They bothered to ask. They demanded not to be spied on and voted with their wallets. We on the other hand are all convinced Big Brother only has our best interests at heart, so we accept his surveillance like sheep.

Jesus, I remember when we'd mock the great firewall... Post snowden it just seems like genius: block American spyware like Facebook and Google while stimulating the Chinese economy as your people create competing alternatives. Why make Americans rich and let them spy at the same time?

Re:No need for Microsoft to spy on the Chinese

[srmalloy]

The real stumbling block is setting up an orderly approval process by the Chinese government for the 'recommended products' pop-ups on the Windows start pane so that Microsoft can push ads-in-all-but-name to Chinese users with the same frequency as users of thte regular versions do, and to arrange to fork all their telemetry transmissions to ensure that the Chinese government gets an automatic feed of every individual's use of Windows 10 without having to have pesky monitoring software installed.

*facepalm*

[Gravis+Zero]

You know, if anyone was going to ditch Windows because of secret backdoors, I figured it would have been the Chinese government. Besides, isn't Linux the ideal model for communism? I know they are communists in name only but you would figure they would at least try to keep up the appearance of objecting to capitalism.

The report from ArsTechnica

[williamyf]

... here:

https://arstechnica.com/inform...

Especulates that:

  ***The custom version developed under the joint venture is essentially a custom image of Windows 10 at its core, with a set of policy settings hard-coded for government users. It's not clear if additional code is being added to the image.***

So, they changed some Registry Keys and Group Policies, and you do not have to play wack-a-mole every time an update comes...

Also, please remember that:

*** The Chinese government, like the US government, has been permitted source code review for security purposes in a secured lab at Microsoft's China Information Technology Security Certification Center in Beijing since 2003.***

So, most likely, the chinese already reviewed the telemerty and deemed it non threathening (or negotiated with microsoft to get a copy of it ;-) ).

But5 at this point, all is especulation, only time will tell...

Re:No need for Microsoft to spy on the Chinese

[donaldm]

Slashdot completely mangled your URL. I had to search for "1997 Ürümqi bus bombings" on wikipedia to find it.

Maybe you mean this URL. I am only using standard HTML coding which has been arround for years, afterall this is supposed to be a tech site.

Different level

[DrYak]

I suggest you read up on what sudo is capable off. You can easily setup sudo via its configuration file (/etc/sudoers) that will allow users that require elevated privileges (eg. Database and Web Administrators) to do their work without needing root access.

The parent poster was referring to a different approach to security.

with sudo, you set up a list of commands that a database or web admin can run.
you limit user access by restricting which commands the user can run. But said commands will be run with root privileges.
In case of a bug in the command, you could use it for privileges escalations (*you* were only restricted to run this command. but *this command* runs as root and could do anything).

what the parent refers to is more closely related to the various "CAP_*" capabilities used in the linux kernel.
i.e.: even if you run a command as root, that command would never, even in the case of a bug, reconfigure the network interface, because the corresponding CAP_{blah} capability isn't enabled.
By carefully crafting a very precise set of capabilities that you hand out to administrative programs, you make sure that they only do what they are supposed to do, even if an attacker manage to find a way to force a program running as root to do arbitrary actions.

(It's a bit similar like how some smartphone apps come with a whitelist of API calls that you need to validate before installing : "can access your contacts list", "can access your webcam", etc. Even if the weather app get hacked, it can never be used to spy on you, because it's not whitelisted to access your mic and your cam... Well except that nowadays every single last app seems to be obliged to ask access for nearly anything (Hey, now your Weather app can automatically recognise the city you're travelling into simply by flashing the QR code of your travel ticket ! Needs cam privileges !).
Under Linux the same granularity exists, except that this done at the kernel API level, instead of the Java user libraries like on Android)

In the past few years Windows has been implementing similar restrictions. That's what the poster was referring to.

On Linux, the facility to apply this king of control exist in the kernel too (the various capabilities). But there aren't many software using them. I only know of SELinux and AppArmor. And they are not used system-wide, but only to put specific software into cages (those software for which they have rulesets).

I think this is dues to the fact that the basic user/group access rights of Unix can provide already quite some security if you take the time to organise enough granularity in your groups and memberships, instead of making everything restricted to root-only and needing thus to be root for nearly any action.

(Because of the Unix philosophy, lots of things are represented in unix as files. Therefore, lots of the actions controlled by capability can be mapped to file accesses (e.g.: to device files in /dev/ ). Putting correct group access on files can acheive the same results.
e.g.: a virtual machine might need USB passthrough. One way would be to grant the corresponding capability to it.
The way VirtualBox does it, is that it runs as "vbox" goup, and there's a script that hands out USB devices nodes with that as group access)

In practice, distributions such as Debian have been using tons of specific groups to control access to specific resources precisely, years before SELinux was a thing.