Microsoft Opens Source Code To KGB's Successor Agency 187
Jack Spine writes "Microsoft has struck a deal with the Russian government which will give the FSB, successor to the KGB, access to the source code for Windows 7, among other products. The agreement is an extension of Microsoft's Government Security Program, according to a source with links to the UK government."
I'm sure this will turn out well (Score:5, Interesting)
FSB is not "the" successor to the KGB (Score:5, Interesting)
Re:security holes of releasing source code (Score:5, Interesting)
They've already provided it to the Chinese (and the British, not sure who else). That means that the Russians and Chinese can look for and exploit holes in Windows. Last I heard (which, admittedly, was around 2002), the source code that they provide is not enough to build a complete Windows system, and the license does not permit building it, only reviewing it, so this only lets you find (but not fix) accidental flaws, not malicious ones.
Basically, they get all of the disadvantages of open source security, but none of the advantages.
This is actually good (Score:4, Interesting)
Re:security holes of releasing source code (Score:2, Interesting)
Trust, Interesting World (Score:5, Interesting)
It is an interesting world in which a United States company trusts Russian spies more than it trusts United States citizens.
Re:Trust, Interesting World (Score:3, Interesting)
Re:security holes of releasing source code (Score:4, Interesting)
Isn't it coincidental that the Chinese intelligence who received the source code suddenly had a lot of new Windows based 0-days and used them against US companies, Google mainly?
The blackhats have the source and can look for bugs and errors that they can exploit at will. The whitehats have to guess or blindly firewall, hope that there are no remote exploits, and put a lot of resources into perimeter security.
Maybe this is just another impetus for people and companies to move to UNIX based operating systems. Even a closed source offering like HP-UX or OS X (the pieces that are not open-sourced in Darwin or elsewhere) has been around such a long time that glaring show-stopper bugs are rare, and are usually limited to local exploits. This isn't to say things are perfect, but an exploit from remote like ssh is extremely rare on the UNIX side. To boot, UNIX variants have been getting a lot better at security, having ASLR, DEP, SELinux/AppArmor security policies, and other items to limit damage and spread of compromised code.
Re:I'm sure this will turn out well (Score:2, Interesting)
I tend to agree with your take on Putin.
And, wtf. Those poor Russians just can't seem to get a break. They've gone from totalitarian monarchy to communism. Yay, workers paradise, except when the revolutionary dust settled they were still under totalitarian rule.
And now that the confetti from the democratization celebration has blown away we are still looking at something remarkably similar to a dictatorship.
Re:security holes of releasing source code (Score:3, Interesting)
Re:Available as a Torrent in 3... 2... 1... (Score:4, Interesting)
And in which jurisdiction are you going to sue?
Re:As Stalin said (Score:3, Interesting)
I've always found that quote to be amusing. It like admitting that communism can't produce enough rope, only capitalism can, but they need rope so they deal with capitalists. Reminds me of all those stories about the price of car wipers and toilet paper in the USSR because their command economy 'geniuses' couldn't figure it out or couldn't turn capital into production.
>Nothing quite like putting quarterly profits above national security.
Lets not be too dramatic. The source code of Windows isn't some big trade secret. Several governments have it. Afterall, they want to see the source just like you do with linux and they have the buying power to demand it.
Re:security holes of releasing source code (Score:4, Interesting)
If I were in charge of an internal security agency, I would be more concerned about running an OS containing back doors or exploits than to try and exploit them myself. To that effect, I would insist on being able to build the OS from sources using a compiler that is known to be uncompromised (built it from source too). No other arrangement will guarantee that the copies I am running behave exactly like the source code says.
If the FSB agreed to the terms that you mentioned, they are not doing their work.
Re:security holes of releasing source code (Score:3, Interesting)
Last I heard (which, admittedly, was around 2002), the source code that they provide is not enough to build a complete Windows system, and the license does not permit building it, only reviewing it, so this only lets you find (but not fix) accidental flaws, not malicious ones.
From what I heard, this transfer is for complete buildable code, and, indeed, the whole point is that FSB guys will strip out everything they don't need to minimize attack surface, and use the resulting build for their own systems.
Re:Available as a Torrent in 3... 2... 1... (Score:4, Interesting)