OSNews

In a restaurant somewhere in the State of Washington:

NSA agent: So, Steve, what's user U357-E2H3-456T-UI4G doing?

Balmer: (Fiddling with netbook) Hmmm. Gonna have to log into my Google account for this... Oh... he's still watching porn.

NSA agent: Well, how about X357-UD42-JK56-03T5?

Balmer: Damn this mobile broadband! Sometimes I think that space aliens must be... oh, here he is. It's porn.

NSA agent: Well, for folks who are major threats to national security, these guys of yours certainly lead boring lives.

Balmer: Yeah. I've kinda noticed that. Sometimes I wonder if we aren't a little to blame... That's off the record, you understand.

NSA agent: Understood. QUAW-56WE-42W7-H81V?

Balmer: (Tap, tap, tap) Oooo! That's gay shit!

NSA agent: *sigh* OK. How about 0000-0000-0000-0001?

Balmer: Wha?

NSA agent: 0000-0000-0000-0001.

Balmer: But... that's...

NSA agent: Yes, I know.

Balmer: Well, OK. (Tap, Tap, Tap) Oh my f--king god! This is just disgusting. It's Bill getting it on with his wife in front of the webcam! At least, I think that's her. It's hard to tell.

(Bleep! Bleep! Bleep!)

NSA agent: What was that?

Balmer: Looks like he just got a text message on his phone on the night stand. It's from a couple of guys named Medvedev and Putin inviting him to an encrypted virtual teleconference.

(Bzzzzt!)

NSA Agent: What was that?

Balmer: Just the vibrator, I think.

NSA Agent: Which one? The Phone?

Balmer: Uhhhh....

NSA Agent: Never mind!

Balmer: I have 15 Google "accept on behalf" minutes left . Should I repsond? I get 5 Bill-voice minutes free.

NSA agent: No. Pan back to the bed.

Balmer: Actually, I think it's the kitchen.

NSA Agent: Whatever!

Edited 2009-11-20 00:20 UTC

Complete bullshit, you know Ballmer would never use anything from Google.

Everything else... well, don't know.

Yeah. If Microsoft technology can't do it, he just does without.

You know, if I were the AntiRockwell here on OSNews, I'd call him a "Microtard" or something. Maybe a "Soft-tard"?

Take *that*, Balmer! You Google-hating Soft-Tard!

Edited 2009-11-23 20:34 UTC

It's news that Microsoft consulted with the NSA on Win7. The denial is not the news; the consulting is. I might live under a rock, but I didn't know there was any such government involvement.

I'm happy with Windows, and I welcome this kind of transparency, whether or not there is any such "backdoor."

AKA, the side entrance...

And what about the unfinished huge Picture Window?

"Hey Frank, do you recognize this source checkin from last week by "YourSecretSanta" claiming he's fixing up a buffer overflow in the Backdoor service? I don't remember the code review for that..."

Any sane project is going to use source control.

Unless the NSA is paying people to cover it up - I'm guessing the people regularly working with and reviewing the code regularly might detect something amiss when it gets committed - unless it's added by a malicious individual in a very sneaky way.

It's a bad idea for an untrusted developer to be given commit access to a source-controlled codebase and allow them to checkin large amounts of code without peer review - of course many corporations do this all the time, but I have to assume Microsoft has at least put *some* safeguards in place to prevent this as much as possible given their continual public scrutiny.

but... without public source code review...

Does it matter?

I mean, come on... how would we/you ever know?

I was only answering the question that was asked

Whether we can ever know is of course a different question.

That makes me feel so much better. I'll sleep well tonight, knowing that.

True, but we can 100% review what it is that is in the code they've developed.

With Windows its a "Trust Me" kind of thing.

A backdoor that is easily thwarted by disabling the automatic update service?

To be clear, the updates aren't "pushed" in the sense that your machine is contacted by Microsoft and the updates are installed forcefully - they are pulled - by the automatic update service that can be disabled by the user manually if desired.

Edit: corrected service name

Edited 2009-11-20 02:23 UTC

A backdoor that is easily thwarted by disabling the automatic update service? To be clear, the updates aren't "pushed" in the sense that your machine is contacted by Microsoft and the updates are installed forcefully - they are pulled - by the automatic update service that can be disabled by the user manually if desired. Edit: corrected service name "

Not that I use Windows, but anyway that is apparently not quite the whole story.

http://blogs.zdnet.com/hardware/?p=779



I might also add that when I first read about this, that last quoted paragraph was not present, so the rider about but not on systems set to "Never check for updates" is new to me.

Anyway, it seems that you choices are: (a) enable a backdoor to your Windows system, or (b) manually check for updates all the time yourself (in which case stealth updates would probably happen anyway once you had manually checked), or (c) don't update.

There's a *huge* difference between setting the automatic updates setting, and disabling the service entirely.

If you're worried about someone slipping an update in that might open a door - then any system you use to install updates that you "trust" is just as fragile...

The only relatively sure way to prevent unwanted backdoors is to review the code and compile your OS yourself.

There's a *huge* difference between setting the automatic updates setting, and disabling the service entirely. "

Not a lot of difference, if you then subsequently run a check for updates manually anyway. The only real difference is that you are not using an automatic scheduled timer to check for updates.

The backdoor mechanism is via the stealth updates. The only thing that you can disable is the automatic updates scheduler.

If you don't periodically manually run a check for updates, your system will not get updated at all. Security risk.

If you do periodically manually run a check for updates, that effectively allows the same stealth backdoor as the automatically scheduled updates. Backdoor.

You can either get owned, or you can get owned.



There is another way.

You could restrict yourself to installing only software which was auditable by people who:

(1) did not write that software, and
(2) are able to read and understand and audit source code, and who
(3) use the same code themselves for their own systems.

Since their interest is your interest, you get the benefit of their audit.

Edited 2009-11-20 03:34 UTC

No, we remember - It's just the people who understand it never took issue out of "oh noes, there's a 128 byte key in one DLL used for export licensing".

Only the tin-foil hat wearing fringe whacko conspiracy nutjob paranoids take this type of sensationalist reporting seriously. File this alongside your "911 truthers", Who really killed JFK, or how 911 and it's primary architect were predicted on our currency.

Wow, I had no idea that the Girl Scouts are responsible for the crop circle phenomenon.
Few people do, few even think to ask the question.

Edited 2009-11-20 06:02 UTC

No need to worry, he's probably going to ring up Alex Jones over at Prisoner Planet claiming there to be a world wide conspiracy involving fluoride, vaccinations, NSA code in Windows and dumbing down of television as to enslave the nation! America unfortunately is filled with conspiracy nuts - the conspiracy theorist suck as individuals so they grasp at straws to explain why they suck.

Edited 2009-11-20 15:37 UTC

While I don't necessarily personally believe it, it also does not sound implausable that the NSA would want a security back-door in Windows bad enough to at least approach Microsoft about it. Bear in mind, the US Fed'ral Gov'ment hasn't always been thrilled with its citizens' ability to keep secrets from it: various bills have arisen in Congress to try to make various types and strengths of encryption illegal, and even to enforce the inclusion of government-held master decryption keys in cryptography schemes. For that matter, bear in mind that large telcoms now are requried to have hardware making it possible for the government to intercept arbitrary calls, based on the same fundamental logic: "the Federal Government should have unrestricted access to information that it deems is of overriding importance" -- or, more precisely, "when the federal government decides that access to private information is of vital importance, it should not be technologically possible to prevent access to that information". (To the best of my knowledge, all those bills have been defeated -- but, at least, there is an interest, held by some in the federal government, in having these kinds of back-door keys put in).

I think the idea is at least more plausable than the other kinds of high-octane tinfoil hat that you list.

"Only the tin-foil hat wearing fringe whacko conspiracy nutjob paranoids take this type of sensationalist reporting seriously."

Ah yes, spoken like a true ameriKan. How did you manage to string together such a long line of impressive words? I see you have been watching a fair amount of Fox News and CNN. Your ignorant comment comes as no surprise. Everyone knows the U.S. has one of the most ignorant, dumb, brain-washed and gullible populations in the world. They will believe anything as long as they hear it on their national news.

Some food for thought for brainwashed narrow-minded half-brained quasi-educated ameriKans like yourself: in mainstream political circles anyone who talks about conspiracies is ridiculed. This ugly habit is dishonest since even a little open-minded study reveals that there have been many conspiracies throughout human history, and that many of them had a great effect. Let's consider: the burning of Rome by emperor Nero - blamed on the Christians. The Reichstag fire in Nazi Germany by Hitler's people - blamed on the communists. Moscow apartment bombings in 1999 by the FSB (KGB) - blamed on Chechen rebels and used to justify Russia's invasion of Chechnya. And then 9/11...? You tell me. When stuff happens abroad everyone immediately suspects a conspiracy, but the U.S. is of course immune to conspiracies. The U.S. government always works in your best interest and would never harm or spy on its own citizens, right? And surely they would not sacrifice 3000 of their own people for oil, war and Middle East domination, right?

Idiot.

Edited 2009-11-21 15:47 UTC

By the way, "deathshadow", how did you come up with such a fascinating and impressive original username? Maybe you should change it to "moronshadow"?

You were not even able to properly articulate your opinion with clear arguments, but instead resorted to lame, pathetic and juvenile insults against a group of people just because they do not accept the official version of events. You are no better than they are. Can't refute the message so you try to discredit and ridicule the messenger. This is the ultimate cowardice.

Don't forget that it is in Linux as well..after all the NSA wrote SELinux...

I think it was when they found _NSAKEY in regedit that touched the whole thing off.

I didn't know this was about Swedenl?

It's not really that simple. If we assume that someone wanted to put a backdoor in there:
1. The code you read doesn't necessarily have to be the same as the code you're executing if you don't have the possibility to compile it yourself.
2. Even then, you're not completely safe. See this old thing for explanation:
http://cm.bell-labs.com/who/ken/trust.html
(it's about introducing a back door in the unix login program that won't show in the source code and also not show in the compiler source code (although the compiler does the introducing of the back door)

This might seem like a lot of hassle, but if a big company like Microsoft or an organization like the NSA decided that this is what they want, I'm sure they would be able to do what Ken Thompson figured out on his own in 1984.