NSA Helps Microsoft with Windows Vista

Is this a good idea or not?

For the first time, the giant software maker is acknowledging the help of the secretive agency, better known for eavesdropping on foreign officials and, more recently, U.S. citizens as part of the Bush administration's effort to combat terrorism. The agency said it has helped in the development of the security of Microsoft's new operating system -- the brains of a computer -- to protect it from worms, Trojan horses and other insidious computer attackers.

[...]

The NSA declined to comment on its security work with other software firms, but Sager said Microsoft is the only one "with this kind of relationship at this point where there's an acknowledgment publicly."

The NSA, which provided its service free, said it was Microsoft's idea to acknowledge the spy agency's role.

It's called the "equities issue." Basically, the NSA has two roles: eavesdrop on their stuff, and protect our stuff. When both sides use the same stuff -- Windows Vista, for example -- the agency has to decide whether to exploit vulnerabilities to eavesdrop on their stuff or close the same vulnerabilities to protect our stuff. In its partnership with Microsoft, it could have decided to go either way: to deliberately introduce vulnerabilities that it could exploit, or deliberately harden the OS to protect its own interests.

A few years ago I was ready to believe the NSA recognized we're all safer with more secure general-purpose computers and networks, but in the post-9/11 take-the-gloves-off eavesdrop-on-everybody environment, I simply don't trust the NSA to do the right thing.

"I kind of call it a Good Housekeeping seal" of approval, said Michael Cherry, a former Windows program manager who now analyzes the product for Directions on Microsoft, a firm that tracks the software maker.

Cherry says the NSA's involvement can help counter the perception that Windows is not entirely secure and help create a perception that Microsoft has solved the security problems that have plagued it in the past. "Microsoft also wants to make the case that [the new Windows] more secure than its earlier versions," he said.

For some of us, the result is the exact opposite.

EDITED TO ADD (1/11): Another opinion.

Posted on January 9, 2007 at 12:43 PM • 81 Comments

Comments

Stained WindowsJanuary 9, 2007 1:02 PM

> the NSA's involvement can help
> counter the perception that Windows
> is not entirely secure

The best thing MSFT could do there is sell a secure OS.

> For some people, the result is the
> exact opposite.

Exactly. Somehow collaboration between Microsoft and the NSA doesn't reassure me one bit.

So now, do I spring for a Mac, or buckle down and learn Linux?

Chase VentersJanuary 9, 2007 1:05 PM

I kind of prefer the NSA collaboration with Linux... the production of SELinux, which was then released under the GPL and integrated into the mainline 2.6 kernel. The kernel gets a great new security framework and the source code is completely transparent for the industry to use and the people to inspect.

TinFoilHatWearerJanuary 9, 2007 1:10 PM

Never using Vista now. Never supporting any company that uses Vista. Working to get Vista banned from my company, country, and geopolitical conglomerate.

Carlo GrazianiJanuary 9, 2007 1:43 PM

Any reading of the _NSAKEY episode, whether by loony conspiracy theorists or by cooler heads, necessarily implies that the NSA has had a consultative role in Windows design for a long time now.

The evidence from that case (Wikipedia has a summary at http://en.wikipedia.org/wiki/NSAKEY) is too ambiguous to determine which side the NSA was playing in that case.

In the SELinux case, the NSA played an entirely positive role with respect to Linux kernel development, so on that basis I might be willing to give them the benefit of the doubt. It would be easier to trust the NSA/MS collaboration if the source code were available, though.

JamesJanuary 9, 2007 1:52 PM

It will "help counter the perception that Windows is not entirely secure".

Nothing connected to the Internet can be entirely secure. Too many people trying to break it and parts of it will break. Perhaps the NSA role will attract more people trying to break it.

BunnyJanuary 9, 2007 1:53 PM

"Cherry says the NSA's involvement can [...] help create a perception that Microsoft has solved the security problems that have plagued it in the past."

The funny thing is not that he's saying the the can (or, for that matter, will) help *solve* those problems - just that they can help *create a perception* that the problems have been solved.

On a side note, would it be feasible for MS to (secretly) produce two versions of windows, one for the domestic market in the USA and one for the foreign market, without anybody knowing or realising? If yes, one might be tempted to ask whether the NSA would help fix holes in the former and introduce new backdoors in the latter...

(Although, given that they have no qualms about spying on ordinary US-Americans, it'd probably be one version for the US government and large companies and one for everyone else (no matter from where) instead.)

It's probably a rather tinfoilish theory, but who knows. :)

Checks payable to: NSAT&TJanuary 9, 2007 1:57 PM

I don't mind if NSA helps Microsoft test Vista, or otherwise donates security expertise.

But if MS were to help NSA (by providing backdoors or weakening Vista's encryption for NSA's benefit) that would indeed be ugly.

Who's to say that the same folks who knocked on AT&T's door didn't show up in Redmond with a copy of the same National Security letter?

jayJanuary 9, 2007 1:59 PM

Oh my god. This is not a good sign, but it has some advantages. But in my mind this is a perfect involvement to get some backdoors in vista i guess. You can't be certain, the main goal of secretive agency's is to spy on you. They will do whatever and go to exteremes to get its job done. This may also be a good chance to see the internal mechanics behind microsoft security.

David (Toronto)January 9, 2007 2:12 PM

Similar suspicions were leveled at the NSA when DES was introduced. For years the question hanging over DES was, did the NSA introduce a back door?

In retrospect the evidence suggests they played both adgendas.
a. making the s-boxes as strong as they could made it stronger
b. shortening the key length made it much weaker

What is interesting is the choices they made. The weakness of a shorter key was transparent, obvious, and more significant. The s-box tampering was subtle but suspect.

The problem with an OS versus an algorithm is that their involvement, by its very nature, is less transparent.

A key difference may be that at the time of DES, they may not have expected the public scruitany that followed. In the case of Vista, they must have expected it.

The similarity may be that only history will judge it.

Matt from CTJanuary 9, 2007 2:13 PM

On an audit this would be marked as a "Segregation of Duties" issue.

The same group that supposed to break into computer systems is hardening the systems.

Certainly NSA has provided very good research and advice. SELinux is mitigated from the segregation issue since the code is open to be freely reviewed.

Ask Arthur Anderson about the problems that happen when the same firm that does external audits (to confirm you're doing what you should) is the same firm that is setting up internal processes.

It's not that I don't trust NSA, it's just you shouldn't trust them due to segregation of duties concerns.

I hope that made sense!

Matt

Mene TekelJanuary 9, 2007 2:27 PM

From S-boxes to operating systems, why shouldn't we trust them? And we shouldn't be concerned if we aren't doing anything wrong, isn't that correct? :-/

robertJanuary 9, 2007 2:29 PM

I'm a bit astonished at the astonishment here! I'd thought it to be common knowledge that the Microsoft Security updates were just that . . . as in Homeland . . . and have been, for some time now.

MarcinJanuary 9, 2007 2:31 PM

Where in the article does it state the NSA modified any source code? For all we know, their "contribution" was their red team/blue team penetration test. The NSA very likely gave Microsoft developers information they gathered and their advice for mitigation, but we don't know for sure, yet (maybe never), what code was changed by them.

I would just like to give both sides a fair chance and not start or contribute to any conspiracy theories regarding the NSA and Windows Vista. One thing is for sure, we should all be wary of security...

JamesJanuary 9, 2007 2:31 PM

"It's not that I don't trust NSA, it's just you shouldn't trust them due to segregation of duties concerns."

I guess you are saying you shouldn't need to trust them. A lot like you shouldn't need to run Vista just to get along in the world. It's a free country. If or when Vista becomes Swiss cheese, Microsoft can blame it on the NSA.

JamesJanuary 9, 2007 2:37 PM

NSA JOKE
MS Tech: "The suggestion is that we are working with governments to create a back door so that they can always access BitLocker-encrypted data.
Over my dead body."

NSA: Where do you want the bodies piled up?

derfJanuary 9, 2007 2:40 PM

Sound bites are easy to throw into a bad light.

("Our intention is to help everyone with security," Tony W. Sager, the NSA's chief of vulnerability analysis and operations group, said yesterday.)

Does the NSA really want to help EVERYONE with security? I'm inclined to disagree, especially since they've made it quite clear that EVERYONE needs to have their email and phone communications given the once over.

JohnJanuary 9, 2007 2:54 PM

Microsoft allowed the RIAA to mandate DRM throughout the sytem.

With RC1, we've seen that the comprehensive DRM model allows the vendor to literally hold your computer hostage. When the license expired, the driver simply shut down. And MS and the consumer couldn't do a thing about it.

So knowing this, I fully expect that all hard drive (and perhaps video) drivers will move to an encrypted OEM licensing model after a few years. If you don't pay your HD license, your data transfer speeds and quantities could be restricted. If you try to break the encryption, you are liable under DCMA.


Now I learn that MS ceded whatever security there might have been to the NSA.

And given how the Feds are so eager to share information with other governmentals, implement secret rules, and refuse to accept accountabilty (cf. HSA), NSA-approved computing opens a huge window of liability.

I easily foresee a scenario in which someone runs afoul of a secret HSA rule, based on information secretly gathered via the NSA backdoor.


No, my computer won't be held hostage by an unknown number of media and hardware producers.

I'll be switching to Linux with my next computer.


Now this is just my personal reaction. I really wonder how foreign governments will react to this news. I think MS is going to have a devil of a time persuading them to accept "NSA-approved" security in their OS...

X the UnknownJanuary 9, 2007 3:11 PM

For a truly fiendish approach, maybe the NSA contributed "good" work in general, but also contributed a bunch of backdoor code that only works when Windows is not WGA certified. The (soon to be) ubiquitous pirate copies all become "listening posts" for the NSA (or even just 0wned by the government). The actually licensed copies stay relatively secure.

It would probably be relatively easy to convince MS to go along with such a scheme...

georgJanuary 9, 2007 3:18 PM

NSA is helping itself with a way to be installed in every computer that goes with Micro$oft.

Rainer OtsJanuary 9, 2007 3:57 PM

If NSA really contributed something "nasty" to Vista, then why even disclose the fact that they were involved ?
If NSA had demanded to stay an "anonymous contributor", would it really have raised suspicions at MS ?
I doubt it.
And I'm quite sure that lots of people around the world are soon going to start looking for the letter combination "NSA" in any Vista system files :P

SkippernJanuary 9, 2007 4:14 PM

Wow, Windows Vista now sounds like a spy tool from an old Ian Flemming Novel. In the next James Bond movie he logs in to check what the enemy have done on his Vista :D

AnonymousJanuary 9, 2007 5:37 PM

Bruce,
Do you really believe that NSA is that much smarter ane everyone that much dumber?
The comments about trust is a pony tail issue, those with pony tails don't trust people without pony tails (and vice versa) ..
It doesn't add to either party's credibility.

MichalJanuary 9, 2007 5:52 PM


Great, now every government agency (except those in US) should really think about using Vista due to national security concerns -- NSA may have added more than what you want to the codes.

P-AirJanuary 9, 2007 6:09 PM

Does this mean that if a vulnerability appears we can blame the NSA? More importantly, will I keep getting those security updates that hound me to install them? Actually, probably now more than ever ;)

JohnJanuary 9, 2007 6:17 PM

@P-Air: If things keep going the way they're headed, most likely, you'll just see a debit for the updates that installed themselves.

David ThomasJanuary 9, 2007 7:11 PM

Honestly, this is the role I would like to see the NSA take up. I'd also like to see them educating the populace about what they can do to deal with security threats.

I do think, however, that anything produced by their cooperation should be in the public domain, both so that we can inspect it - all the more necessary in light of recent illegal activities by the agency - and because my tax dollars are paying for it!

Anonymous CowardJanuary 9, 2007 7:23 PM

Even if they overall improved vista's security, they could have inserted a vulnerability. Not something obvious(à la NSAKEY), but something like an exploitable buffer overflow in little-noticed code.
Just another reason to use OpenBSD!

AnonymousJanuary 9, 2007 7:28 PM

If this isn't a big 30 feet high warning sign for all other governments in the world that didn't pursue into their own Linux version to go do that. So it's official now though many think the cooperation between MS and the NSA isn't exactly new.

MikeAJanuary 9, 2007 7:36 PM

Does the PRC get Vista source, along with the other Windows source they have been given?
Another possible question:
"Have the PRC filed any security-related bugs".
Either way, the answer would be interesting.

AnonymousJanuary 9, 2007 9:22 PM

Let's be clear: they're probably running Vista (or will be once it rolls out en masse) so they're more likely to be securing themselves than screwing others. This is what's different from their DES involvement: they didn't have to use DES.

WylieJanuary 9, 2007 10:51 PM

@From the article
The NSA, which provided its service free, said it was Microsoft's idea to acknowledge the spy agency's role.

I too am concerned about the "equities issue". Where is the balance? Where is the payoff? whats in it for the NSA to do this work for FREE? Nothing in this world is free. The NSA must have realised some benefit from doing whatever work was involved. The question is, what was that benefit?

@Carlo Graziani
In the SELinux case, the NSA played an entirely positive role with respect to Linux kernel development,

Yes, because the source code was transparent. They had no other choice but to provide improved security. Can we say the same, with certainty, about whatever they did to Vista?

@Bunny
On a side note, would it be feasible for MS to (secretly) produce two versions of windows, one for the domestic market in the USA and one for the foreign market.

Not nescessary. Its been done before (By the Codered worm for one) without requiring seperate versions. A quick check of the regional or language settings (or even timezone) will give you a good idea where the machine is located. In the case of Codered for example, one of its variants targeted systems whos language was set to Chinese, according to the analysis posted at the time.

SeanJanuary 9, 2007 11:30 PM

I probably wouldn't worry. One of the downsides of corporate profit seeking is they don't care about the environment or (sometimes) their own employees. One of the upsides is that they (in this case MS) aren't stupid enough to risk their entire company on something stupid like this (And its a pretty bad risk when you think about it... whisteblowers at the NSA etc). So unless the NSA wrote them a 50 billion dollar check, which I think someone would notice, there's no way in hell MS agreed to this.

AnonymousJanuary 10, 2007 12:11 AM

@Sean:
So when AT&T agreed to allow NSA to tap an entire fiber trunk at several of their facilities they were risking their entire company? I guess it's time for their shareholders to bring a lawsuit.

AnonymousJanuary 10, 2007 12:23 AM

First, does anyone really need to "deliberately introduce vulnerabilities" into a Microsoft OS to make it exploitable? No.

Second, does anyone with the resources of the NSA need to "deliberately introduce vulnerabilities" into ANY OS to find an exploit for it? No.

Third, would Microsoft seriously take on the [political, economic, reputational] risk of giving the NSA commit access to their source code? Even if NSA were paying them, which MS said they weren't, I can't see how any amount of money would be worth the fallout from such an "introduced vulnerability" or backdoor becoming public.

Then you might say, "well Vista is 11d gajillion lines of code, they have plenty to hide even a full backdoor in." If you want a backdoor, it better be a remote backdoor or it's practically useless. Knowing that, why don't you ask someone like Greg Hoglung or Halvar Flake just how hard it would be to find such a piece of code through binary reverse engineering. Now think that, it's not just those two guys looking for stuff, MS OS's are used by everyone on the face of the planet. If you could limit the distribution of your pre-pwned software, maybe this might be a feasible plan but unfortunately it's going to reach a few billion people all whom could potentially spill the beans on your 'obscure' (not 'secure') backdoor.

Now fourth and lastly, to mostly everyone else out there who has been asking, "What is NSA's interest in securing Windows?" Well maybe if you'd stop your conspiracy theory belly-aching and read NSA's own website, you'd realize that an entire HALF of the agency is devoted to securing the US Government networks through their Information Assurance Directorate: http://www.nsa.gov/ia/index.cfm . What, you thought the US Government used Macs? Or maybe you thought the US Government gets their own "vulnerability free" version of Windows that you and I can't purchase? Fat chance. Every exploit found is dollars lost and for a public company like MS, there's no way something like that makes financial sense.

So I'm sorry Bruce, but your article was really disappointing tonight. You didn't weigh the risks before writing out an outrageous conspiracy theory.

Oh, and One More Thing (TM), it looks like NSA "studies" Mac OSX too: http://www.nsa.gov/snac/downloads_macX.cfm?...

jbJanuary 10, 2007 12:23 AM

"I too am concerned about the "equities issue". Where is the balance? Where is the payoff? whats in it for the NSA to do this work for FREE? Nothing in this world is free. The NSA must have realised some benefit from doing whatever work was involved. The question is, what was that benefit?"
-- Wylie

What if the benifit the NSA gets is a more secure OS that doesn't require as much administrative time and overhead? Improved security and reduced administrative headaches for the NSA. More secure OS for Microsoft.

I'm finding the concern over NSA "additions" to the OS a little overblown. Sure, they COULD have added something to the OS, but I think the motivation for doing so is lacking. From what I understand, this is something the NSA wants to do, and uses as a training excersize anyway.

I'm more curious about why MS thought they should announce it.

DudeJanuary 10, 2007 12:41 AM

Some of you need some homework. The NSA has been pushing security templates for uncle Bill and "Others" for several years. I.E. The 'Gold Standard". Also I'll take this time to point out that the NSA created the algorithm that PGP is based on. (Which has yet to be cracked). Every day is a school day Bo. Bring you're puncil next time.

RalphJanuary 10, 2007 2:15 AM

Intent is not the issue.

Past actions are not the point.

The problem is a simple lack of transparency.

PaeniteoJanuary 10, 2007 3:23 AM

Acer notebooks have a preinstalled backdoor, apparently for several years now:
http://www.heise-security.co.uk/news/83426
I will assume that it was accidentally installed, though.

I guess with a little help from MS and Vista's advanced DRM functions, the NSA could place something like this hidden even better. (The Acer ActiveX control was not really hidden at all but still went unnoticed for a very long time.)
If it was ever discovered, it would just go as one of the usual Windows security holes and a subsequent patch would (seem to) eliminate it.

HookedByATroll?January 10, 2007 3:23 AM

@ Dude

"the" algorithm that PGP is based on? AFAIK, there were at least three crypto algorithms in the original PGP: RSA, MD5, and IDEA, and none of them were invented by the NSA.

Perhaps "you're pencil" needs sharpening?

PaeniteoJanuary 10, 2007 4:06 AM

@HookedByATroll?:
Maybe he thinks of SHA-1, which was indeed developed at the NSA, IIRC.

SteveJanuary 10, 2007 5:00 AM

If I submitted a proposed patch to Microsoft for them to fold into Vista, you probably wouldn't think to yourself "I'm not sure about this - why should I trust Steve?" Your trust (or lack thereof) of Microsoft would determine whether you accepted Vista including my patch, because you'd assume that Microsoft will audit my work before incorporating it into their product. How carefully they audit it is another question, of course: I could probably sneak in a subtle buffer overflow, given that MS misses some such bugs introduced by its own programmers. But security researchers gradually find and report those bugs, and MS fix them - I don't think the NSA can gain a major advantage just by making Vista more buggy. The PR hit when MS announce "critical security fix for a bug in the NSA's code" might even outweigh the value of exploiting the hole.

So I think the major risk is, are Microsoft letting NSA write code for inclusion in Vista, without oversight from Microsoft's own techs? Personally, I doubt it. I think that MS probably won't just put source that they cannot ever understand into their product. The NSA probably won't be available to support it when there's suspicion that it's going wrong, so MS would end up shipping a product that they cannot fully support. That could cost them a lot of money.

This is just my guess though, based on my impression of Microsoft as an at-least-vaguely competent developer of software.

If you are concerned about back doors introduced into Vista by third parties, I think you should be more worried about signed kernel-mode drivers than source submitted to Vista itself. If the NSA wanted to hack Vista in this way, I think they'd be better off approaching (for instance) network card manufacturers with a compiled "security module" to link into their driver, than approaching Microsoft with proposed modifications to Vista itself. It shouldn't be hard to find hardware vendors who are much less committed to support than Microsoft.

Of course it's possible that the NSA have actually given MS a compiled component to add to Vista, so that MS are including code in Vista which cannot be audited. Those MS partners who get to see the Windows source will be able to tell us whether this is the case, when they realise that they can't find the source for "nsaspy.dll"...

a_LexJanuary 10, 2007 7:11 AM

Assuming there WAS a backdoor introduced, assuming the "offending" group is small, smart and tight (i.e. has no whistleblowers, and I am sure a group of not-so-nice consiprators whithin the NSA has a good idea about how to "manage" whistleblowers), nobody will prove in court that the malicious exploit was introduced intentionaly.
And...
Assuming this shit will one day hit the fan (note all that "assuming" :) ), it won't be
"Breaking news! A crackpot NSA group introduced a backdoor in Vista", it will be merely "Boring News! Another critical exploit found in Vista"

bobJanuary 10, 2007 7:16 AM

Great! MS makes their usual bug-filled lockup-prone product; then the NSA helps them make it so the owner cant do any workarounds in order to get some of the utility that he paid for! You've outdone yourself, Niccolo!

evaJanuary 10, 2007 9:36 AM

Having the NSA is going to improve our perception of security features in Windows Vista. Yeah, right. For those of us from abroad it may well be the opposite. If the US Government cancelled some contract with Lenovo because they feared those laptops could have features that would send sensitive data to the Chinese government, what are we to think of an operating system that was designed in cooperation with the US National Security Agency?????? Have Microsoft thought about us non-US citizens, or is our market share so tiny that they don't really care???

meetersJanuary 10, 2007 9:58 AM

"Cherry says the NSA's involvement can [...] help create a perception that Microsoft has solved the security problems that have plagued it in the past."

If MS wants to create the perception that they have solved their security problems all they need to do is stop publishing security bulletins every month for Windows. Then I will feel secure.

Linux LarryJanuary 10, 2007 10:00 AM

Until Micro$oft does away with obfuscating tactics such as "rundll32.exe" or "svchost.exe" to hide data streams from the "everyday" user, I will never consider that Micro$oft is taking security seriously.

Inviting the NSA to "test" the product is, as others have suggested" just a way to ensure that their backdoor and keylogging systems will work with todays firewalls and av products. And maybe they tried a few buffer overflow tactics just to call it "testing".

Micro$oft releasing this information to the public is known as "marketing". They are just trying to set the everyday "home user" at ease with all the media hype about security they may be seeing on the news.

Security theatre, and your tax dollars at work.

My 0.02

LL

Hardware MonkeyJanuary 10, 2007 12:22 PM

As a processor designer working on security features on an upcoming chip, my initial concerns are a bit different.

As the engineer working on this functionality, the responsibility lies with me. When the system needs to be tested, documented, expanded, fixed, refactored, or promoted to customers, the information comes directly or indirectly from me. And that is a heavy responsibility.

When new features or improvements have been suggested to us from an outside source (which has occurred, though not by any government entity), we may fold in those ideas, but responsibility still remains in-house. Before investing millions of the company's dollars in releasing the new product, we have to fully understand every aspect of what we changed, as every change is a risk of wasting the entire investment (our hardware doesn't patch as easily as software code...).

When getting ideas from outside, that often involves extended sessions of back-and-forth conversation with the other engineers who presented the idea. I've personally seen brilliant ideas that I'd have never come up with in a million years, but that's very different from understanding it after the fact. I have to understand it fully to be able to integrate it into the rest of our system, otherwise I may as well just be gambling with the company's money.

Regardless of the NSA's motives, _if_ there are any eavesdropping vulnerabilities in the code, I feel the concern and responsibility lies with Microsoft. Either their designers are not qualified to evalute NSA suggestions or the product line directors do not give the designers enough time to properly evaluate them.

Either of those cases, in my opinion, are the worrying sources of concern.

markmJanuary 10, 2007 12:43 PM

"Does the NSA really want to help EVERYONE with security? I'm inclined to disagree, especially since they've made it quite clear that EVERYONE needs to have their email and phone communications given the once over." Was that the NSA or the President? NSA doesn't have the people (by several orders of magnitude) needed to listen to all the phone calls, and I'm sure they realize that, but big bosses tend to miss little details like that.

kashmarekJanuary 10, 2007 2:08 PM

Its all about statistics versus media hype. The NSA stuff is media hype, while the number of instrusions, time/money lost, and instances of failures complete the statistics. As Bruce pointed out in another post, they forget the tons of statistics but remember the one example of media hype.

XellosJanuary 10, 2007 3:44 PM

--"Third, would Microsoft seriously take on the [political, economic, reputational] risk of giving the NSA commit access to their source code?"

Dunno. Would AT&T take the [political, economic, reputation] risk of giving the NSA a full tap of their backbone?

And would they even have been given a choice?

Much as I'd like to dismiss these kinds of concerns, given the actions of the US government of the past decade or so, it's really hard to give them the benefit of the doubt.

AnonymousJanuary 10, 2007 5:43 PM

Xellos, AT&T had much less to lose in their situation. The building plans and equipment lists for whatever rooms they set up weren't published in the paper. But if you want to add something to Vista, the code is given to everyone who gets their hands on it. The risk is too high.

NSA is a non-political organization. Yes, if the Whitehouse demands something they might look into doing it, but do you really think they could justify negatively affecting the security of hundreds of millions of devices that US Citizens and Government employees use daily? NSA isn't legally allowed to do that. NSA also isn't legally allowed to force a US company to do whatever it wants. Sorry to burst your bubble. If MS wants to take on massive additional risk by volunteering a backdoor, it's not the USG or the NSA you should be worried about. And given that MS themselves are the ones announcing this relationship, I really doubt they would do such a thing.

chub flounderJanuary 11, 2007 4:37 AM

three li'l points:

the phrase in your first paragraph, "Microsoft's new operating system -- the brains of a computer," which came from the original story, should tell you exactly where the average american is as far as being able to comprehend the implications of this issue...glad we're past the point of constantly hearing phrases like "television -- the fancy magic box that makes the moving pictures." precious.

microsoft may have had this cooperation foisted upon them, not wanting to revisit their flogging in court [which i think was a shot across the bow at bill gates, for choosing to amass his power in Washington state rather than Washington, DC]. on the other hand, it also seems consistent with the behavior of a company founded by a thief, a company whose best ideas are consistently the ones bought or stolen from outside developers. gates may be a genius at marketing, but his own lack of creativity fosters a stale atmosphere of obsolete thinking in his organization. as the twig is bent, so grows the tree. [uh, steve ballmer? nerd alert!]

but here's the bottom line: the NSA's "stamp of approval" should be a huge red flag, when you consider how they reacted to the distribution of PGP. "what's good for General Motors is good for America," right? let's hope that what's bad for Microsoft is good for Apple.

PatrickJanuary 11, 2007 8:09 AM

I don't see what the paranoia is all about. The NSA only needs to do is identify more holes in Windows than they tell Microsoft.

Let's say the NSA found 150 exploitable bugs in Vista. All they would need to do is help Microsoft fix around 75 - 100 of them. They would still have plenty of ways into the operating system and they would really be helping to secure it as well.

I'll start worrying about secret back-doors when Microsoft's OS is secure enough to not need patching every few days.

Steven MockingJanuary 11, 2007 6:24 PM

The NSA also wrote the original Security Enhanced Linux, which is actually pretty sensible.

One problem here is that, Windows being closed source software containing trade secrets, publication of the exact code is made rather difficult. Even if the NSA contributed code is published, it's not possible to verify that it's what you're running without the rest of the sourcecode. Unlike Linux, you can't compile Vista yourself.

This being said, the NSA has a lot of experience where Microsoft has been notorious. IT infrastructure has been indicated as a prime target for "terrorism". It would make a lot of sense for the NSA to tighten up Windows to prevent attacks, while Microsoft has a bad reputation they'd like to get rid of.

StevenJanuary 11, 2007 6:25 PM

The NSA also wrote the original Security Enhanced Linux, which is actually pretty sensible.

One problem here is that, Windows being closed source software containing trade secrets, publication of the exact code is made rather difficult. Even if the NSA contributed code is published, it's not possible to verify that it's what you're running without the rest of the sourcecode. Unlike Linux, you can't compile Vista yourself.

This being said, the NSA has a lot of experience where Microsoft has been notorious. IT infrastructure has been indicated as a prime target for "terrorism". It would make a lot of sense for the NSA to tighten up Windows to prevent attacks, while Microsoft has a bad reputation they'd like to get rid of.

AnonymousJanuary 15, 2007 12:44 AM

@Stained Windows:

"So now, do I spring for a Mac, or buckle down and learn Linux?"

You should learn Linux. But with Linux becoming ever easier to use (think Ubuntu Linux) and being shipped to your door for free without charges (or downloaded for free), there's less and less to learn.

IMO using a Mac isn't a solution. Mac OSX is not open source last time I checked, neither are many (or all? I don't know) of the applications shipped with it. Is iTunes open source? How can I audit Mac OSX and the (closed source) programs it comes with to see if there are any backdoors? I can't!

People who push Mac as a be all end all solution to Windows issues sicken me. Sure, it may be easier (at the moment) to use a Windows or Mac box, but in the long run, is it worth it? Do you value your freedom and security? Do you enjoy paying someone else for software and upgrades?

Had Linux enjoyed being on the desktop like Mac/Win for so many years with and enjoyed the luxury of being preloaded at the OEM level on computers I'm sure Linux would be better supported by hardware makers today with software and hardware on the shelves everywhere.

Times are changing, and with innovations like fab@home, eventually we will all be making hardware in our own homes and comparing/sharing. The days of big companies dictating what we should run in our own homes is coming to an end. The people are discovering Linux and open source and see the maze of monopoly they have been placed in.

JamesJanuary 16, 2007 12:44 PM

"Does the NSA really want to help EVERYONE with security?"

Good question. I'm sure they don't want to help terrorists or criminals, so I guess they can't help EVERYONE. If helping Microsoft out helps everyone, God help us all.

ElliottJanuary 17, 2007 5:44 AM

@markm: "NSA doesn't have the people (by several orders of magnitude) needed to listen to all the phone calls"

They have large supercomputer farms and advanced filter algorithms for that. Only the most interesting conversations are actually listened to by humans.

Look for "echelon" with your favourite internet search engine.

ElliottJanuary 17, 2007 6:13 AM

@Anonymous:
"NSA also isn't legally allowed to force a US company to do whatever it wants."

It doesn't need to, because it can ask it's clients (other government agencies or even the white house) to make life better or worse for any company. Those depend on the nsa's espionage capabilities, after all.

"If MS wants to take on massive additional risk by volunteering a backdoor, it's not the USG or the NSA you should be worried about."

First, they can be motivated to "volunteer" a backdoor. Second, I am not convinced that this would be a "massive additional risk".

They could hide such a backdoor much better than normal vulnerabilities
a) by protecting it from being exploited by outsiders with strong cryptographic authentication or sophisticated mathematic tricks, and
b) by making it look like a regular remote administration feature instead of a stupid programming error.

Even if that failed, e.g. because the supersecret private backdoor key leaked to the public, what were the odds that such a thing gets more media attention than all the other serious vulnerabilities popping up in the same week?

"And given that MS themselves are the ones announcing this relationship, I really doubt they would do such a thing."

Announcing it is just a clever marketing strategy. Most americans believe the NSA are the good guys, would not eavesdrop on them (well, like the NSA won't listen in on their phone calls, right?), or would at least protect them from criminals and terrorism. Hence M$ expects the announcement to help improve the extraordinarily bad reputation of windows security.

Also, announcing the "cooperation" as a feature from the start prevents the bad smell that it would have when it were kept secret and became public one day.

exspookJanuary 18, 2007 2:41 AM

Having worked in law enforcement and retired, some of you people are naive for trusting the government.

If you use a telephone and think it is secure, I have some land for sale in swamp country.

The phone companies routinely flip the switch for law enforcement an the central office and paper work is rarely done unless it is a high profile case that is going to court.

What I mean by flipping the switch is that the technician programs a board to tap your phone. It is done all the time, talk to any former detectives or high level technicians that work for the phone companies.

The phone companies sold your privacy out for the monopolies they were given a long time ago.

Oh and clicks and pops went out with computerized taps along time ago.You cannot tell if they have a 3 or 4 way going without some special numbers.

If you think your OS is secure, you must believe in the snow bunny.

Ever heard of carnivore,magistrand or echelon? They are public. They have plenty of stuff that is black and you will never know when they are listening or examining your computer if you are on the Internet.

The Government can listen to your calls snoop on your computer at any time, any day at their convenience and you will never know about it.

Just assume that everything you do is monitored because it is. If your dumb enough to leave confidential stuff on your hardrive that is your fault for trusting big brother.

If you want to keep it a secret I suggest investing in flash and secure it some where safe.

If you think MS and Apple have not given the security agencies a back-door into their OS, again, you must still believe Santa Claus.

Read the Vista Eula. MS is telling you in black and white they are going to "from time to time" validate your computer.

What do you think that means?

Oh and why do you think it is just the NSA. There plenty of alphabet agencies that have been ignored in this discussion.
do a google on NRO

JamesJanuary 19, 2007 1:32 PM

"If you want to keep it a secret I suggest investing in flash and secure it some where safe."
Or just unplug from the Internet.

djackJanuary 23, 2007 3:37 PM

This ensures interoperability within the DOD. Most users will not even use the NSA endoresed crypto - known as Eliptical curve cryptography - because the civilian infrastructure does not support it, and probably won't for 5-10 years.

spewmiesterFebruary 17, 2007 9:56 PM

Wouldn't it be easier for the NSA to pay-off MS employee(s) to put 'back door' code into Vista?

Using the 'We'll help you out because we are nice people' seems very convoluted. And, the NSA surely could 'ask' the government to lean on MS until MS does what the NSA wants. (Maybe MS can lean on the government too?!)

The NSA helping MS doesn't re-assure me that Vista is better at all, but the NSA 'helping MS for their own benefit' theory sounds reasonable.

Also, would the NSA need any new exploits in Vista? (Apart from their own self assurance that the exploit would not be 'fixed' by MS)

That said, I'm learning, and installing linux! I won't be paying for a half assed MS product when I can get something better at almost no cost.

Tarkan (It's meaning is Manager of the War)November 13, 2007 3:33 AM

A simple rock can use for killing to a humanbeing or a most sophisticated weapon (like Russia Republic's resonance gun or et cetra)... Result is same for everytime, for everyone, for every true or false reason.
Spying, snooping, watching is likewise that. Just details changes. If you were a swordmaker master, did you sell your best sword before you buy or make the best shield money can buy or can make?
In Quran there are two clauses like that "Allah was bestowed iron to you as a great oblige. Undoubtly, there is a quite hardness on it." I mean, this is a choosing problem for goodness or badness from the beginning of the time to end of the time as like as in other "religions" or cultures or et cetra... We can do a nail or knife by iron. We can use nail for constructing or killing someone! We can use knife for cut
bread or killing a person! This killing is could be a murdering or because of war. As a result; if we want to live in Heaven and not want to live in Hell in our future life; we have to tranform this world a kind of heaven, not a kind of hell!

jnoonanDecember 9, 2007 1:39 AM

This is a fight for the future and for freedom. This is a fight for a global consciousness. I work for the government, trust me...the fact that they worked on Vista means that it is probably the crappiest version of Windows ever. The U.S. government is very inefficient, unorganized, and wasteful.

WillyDecember 22, 2007 6:35 AM

"The comments about trust is a pony tail issue, those with pony tails don't trust people without pony tails (and vice versa) .. "

First time I hear this. Is this "pony tail" issue a matter of "business suits" vs the "scrappy hackers" ? Or does the general public "not trust" people with ponytails? :)

mojojojo198172January 31, 2008 12:47 AM

My own Opinion

I believe the NSA among other agencies have been eavesdropping for decades. Linux, Mac all Windows so forth and I believe that the NSA code so forth has been cracked and this is one of many means to beef up security, changing code.

In all rights nobody can be forced to adhere to say Microsoft's terms and policies due to the violation of our Constitutional Rights unless it's intentions were purely destructive to say Microsoft and/or National Security. Nearly Everyone in the US and other Countries would be arrested and put into a Dark Room BlindFolded. We buy the food, we eat the food, it is ours.

The Piracy which has gone on for Years has helped Microsoft, not hindered and one of the benefits is that it allows Microsoft the means to violate Copyright infringement laws so forth. As they may say, "Business"

Most of this Microsoft publicity is Bloated, hot air... like their latest Operating System. Scare tactics work very well with the general public especially when most of the public has become dependent on electronic devices for communicating... and are afraid of getting sued and/or incarcerated for products in which they paid for. No Fear

National Databases have been hacked, hell even the Chinese were able to appear in a Naval Training exercise undetected, of course which is News only to spread Paranoia of a possibility of invasion. I don't blame them for spreading Paranoia due to the fact that a Majority of Americans have become Lazy, and spreading rumors of The Sleeping Giant just to Declare War due to the inefficiencies of our own Security. I blame the People due to it is the People's duty to not only secure their Country but to also ensure their elected officials do the job in which they are paid to do.

One other note I feel is important; These Big Corporations are using the People's rights against them such as, The Rights of Your Children. They are being force fed much of the Eye Candy BS which comes over the Air whether on TV, Radio, Newspaper just like Joe Camel... Propaganda and Parents don't have much to say about it due to the Fear of being sued by their Children with the indirect backing of many Corporations, businesses...

Jean ValjeanAugust 6, 2008 4:11 PM

thank you, schneier

i hope you are wrong, but i'm afraid that you are right

jvj

Internetagentur MünchenDecember 24, 2008 11:59 AM

Well I think that it is necessary to support microsoft in any way to increase their chances being competitive to Linux-Distributions in future. In the long run I think that Open-Source OS will be dominating the market.

dasyMay 30, 2009 12:51 PM

I think my pc has been compromise by the govertment but I dont no how to prove it. I need some one who can help me sort things out.

Natanael LJune 2, 2009 2:36 AM

Good to know about things like these.

Considering the comments, I believe that NSA just has been checking out the code and created two sets of patches for security holes - one that MS gets, one that they keep for their own computers only.

@dasy: Contact the Free Software Foundation in person if you can. Otherwise you could contact some other kind of organisation nearby that promotes free software.
They might not be software security experts, but they can indeed find one for you that can check your computer.

Computer SupportSeptember 9, 2009 4:12 AM

But Microsoft takes a lot more management and monitoring. This means that it takes more people and resources than doing the same thing in the Linux world. Since managers get raises and promotions based on how many people they have working for them and how many resources they control it is to their benefit to select the option that gets them the biggest department, since Linux once it is in place pretty much requires nothing it loses out to being the cheaper solution.

J.GoldmakerFebruary 2, 2010 2:32 PM

I doubt if any of this will change the fact that people dream in their sleep that they are using their computers. The question should be "Just who's computer are you using when you are sleeping, dreaming of operating a computer?" And, just how many people are dreaming of operating a computer in their sleep, not even knowing that they did so when they woke up. The Windows desktop is a generic thing, anyone who dreams and sees the Windows desktop in their sleep, may think that they are operating their own computer and not someone else's. No security software will plug this hole until we know more about the human brain, and the only way to learn more about the human brain is to emulate it with computers.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..