Microsoft Opens Source Code To KGB's Successor Agency

Jack Spine writes "Microsoft has struck a deal with the Russian government which will give the FSB, successor to the KGB, access to the source code for Windows 7, among other products. The agreement is an extension of Microsoft's Government Security Program, according to a source with links to the UK government."

security holes of releasing source code

[Anonymous Coward]

yay, so now the Russians will know all the holes in Windows 7 and how to exploit them, no?

Available as a Torrent in 3... 2... 1...

[Xtense]

Available as a Torrent in 3... 2... 1...

Brilliant Idea

[Anonymous Coward]

Giving the OS source code to the Russians... what could go wrong?

Re:security holes of releasing source code

[Vectormatic]

Last I heard (which, admittedly, was around 2002), the source code that they provide is not enough to build a complete Windows system, and the license does not permit building it, only reviewing it, so this only lets you find (but not fix) accidental flaws, not malicious ones.

What use is it anyway then? I gather the russians (and brits, americans, chinese) want to be able to fully review the software in order to clear it for national security, what would be the point of only getting 90% of the code, and being allowed to build from it?

i'd say a specific linux build for national security sensitive applications is in order, in every country which might want to stop the US or MS from spying in their stuff (which is everyone, including the US themselves)

Re:Successor agency

[glwtta]

Holy shit, that just completely blew my mind!

Re:security holes of releasing source code

[elrous0]

so now the Russians will know all the holes in Windows 7 and how to exploit them, no?

Them and every other hacker on the planet.

Re:security holes of releasing source code

[datapharmer]

i'd say a specific linux build for national security sensitive applications is in order

Try setting SE Linux to "enabled".

As Stalin said

[gillbates]

Wasn't it Stalin who said, "The capitalists will sell us the rope we use to hang them."

Nice to know that Microsoft, after complaining for years that open source was insecure because anyone could see the code, is now providing same to Russia. Nothing quite like putting quarterly profits above national security.

Re:we need open source by law

[Bing Tsher E]

Why? The copyright protects a specific binary implementation. Are you implying that Microsoft's copyright protection should be extended to the method they use? That's what it sounds like.

Re:security holes of releasing source code

[morgan_greywolf]

Do you really think most countries have any interest in reviewing all the code in windows?

If you can't compile the code into a working binary using the same compiler that was used to produce the production binary because you're missing parts, then you can't be sure that the source code you have represents the binary you're using. You have take Microsoft's word for it, and it's not like the rep you're talking to is the actual guy who manages the build, so even he doesn't actually know for sure.

An incomplete set of source is absolutely useless for a true security audit.

Re:Buildable?

[tibman]

How can the russians trust the source code to a binary if they can't compile and compare the binaries?

Re:I'm sure this will turn out well

[dargaud]

When you ask a russian his opinion on some leader (either russian or otherwise), whenever he wants to praise that leader, he'll always add 'he's a strong leader'. It seems that russians only recognize leadership when it is associated with strength, so do not be surprised that they go from dictatorship to dictatorship. It's mostly self-inflicted.

How the worm turns....

[zkiwi34]

It wasn't all that long ago when dear old Bil Gates et al were claiming in front of the DoJ that giving anyone (their competitors) access to Windows code would be a threat to national security. Fast forward to now and it appears that either the truth changed a whole lot or for some reason national security interests are served by giving China and Russia and who knows, maybe even the French access to Windows source.

The new Windows, our most secure OS ever!! Well...

Re:security holes of releasing source code

[suso]

and the license does not permit building it, only reviewing it, so this only lets you find (but not fix) accidental flaws, not malicious ones.

Oh noes, a license. That will stop em.

All the code?

[Anonymous Coward]

So microsoft is giving them all the code? So they can compile it on site and have it run? Or are they giving them pieces of paper that they can read in their spare time; pieces of paper with pseudocode that give a rough general idea of approximately something? Its one thing to be given pieces of paper, another to compile it and see it run with full functionality. Using microsoft anything is a bad choice because you cannot audit it. The Russian government can now audit their stuff, but upon inspection, will give it back to them, since they can see for themselves exactly how bad it is.

Re:How the worm turns....

[thoth]

They changed even faster than that. IIRC, it was Jim Allchin that said releasing the source code for a portion of Windows (the message queue), would have serious US national security implications. This was in 2002, during the post-DOJ lawsuit cleanup where some states filed a separate lawsuit.

Less that a year later in early 2003, Microsoft entered into a broad source code sharing arrangement, with Russia, China, and many NATO members.
http://www.microsoft.com/presspass/press/2003/feb03/02-28GSPChinaPR.mspx [microsoft.com]

From "serious US national security issues" to "here you go Russia and China" in less than a year.