I just did a GSEC bootcamp where the instructor used the argument that China has access to the Windows source code to stir people's security concerns up. No-one seemed bothered by China's access to Linux, BSD, or other FOSS kernels. It was kind of comical.
Like most security issues it can be framed as a question of trust. You trust a bunch of people you probably don't know personally to audit the Linux kernel, trust your government to audit the Windows kernel, or trust Microsoft to do the right thing. Seems like you need to trust strangers.
Or I guess you could go paranoid and build your own secure operating system...do you trust your compiler and hardware maker? Maybe I better start my own chip fab and compiler project?
Slashdot Mirror
The Windows kernel source code is also available for audit and research purposes. Your organization just needs to sign up through Microsoft's Shared Source Initiative http://www.microsoft.com/resources/sharedsource/default.mspx. Many governments already have access to the source code for various Windows versions http://www.microsoft.com/presspass/press/2005/feb05/02-10NISTPR.mspx. Academic access to the source code was also used to port Windows so it would function under early versions of Xen (w/o hardware virtualization support) http://www.cl.cam.ac.uk/netos/papers/2003-xensosp.pdf & http://en.wikipedia.org/wiki/Xen. Access is probably not "free" in the sense that anyone can download it. But source is available.
I just did a GSEC bootcamp where the instructor used the argument that China has access to the Windows source code to stir people's security concerns up. No-one seemed bothered by China's access to Linux, BSD, or other FOSS kernels. It was kind of comical.
Like most security issues it can be framed as a question of trust. You trust a bunch of people you probably don't know personally to audit the Linux kernel, trust your government to audit the Windows kernel, or trust Microsoft to do the right thing. Seems like you need to trust strangers.
Or I guess you could go paranoid and build your own secure operating system...do you trust your compiler and hardware maker? Maybe I better start my own chip fab and compiler project?