Microsoft Gets Help From NSA for Vista Security 233
An anonymous reader writes "The Washington Post is reporting that Microsoft received help from the National Security Agency in protecting the Vista operating system from worms and viruses. The Agency aimed to help as many people as they could, and chose to assist Vista with good reason: the OS still has a 90 percent lock on the PC market, with some 600 million Vista users expected by 2010. From the article: 'The Redmond, Wash., software maker declined to be specific about the contributions the NSA made to secure the Windows operating system ... Microsoft said this is not the first time it has sought help from the NSA. For about four years, Microsoft has tapped the spy agency for security expertise in reviewing its operating systems, including the Windows XP consumer version and the Windows Server 2003 for corporate customers.'"
Nothing new to NSA... (Score:5, Informative)
NSA's Information Assurance Directorate also provides public security configuration guides [nsa.gov] for many popular applications, operating systems, database servers, routers, and other networking equipment.
Also, don't forget to check out NSA's Security-enhanced Linux (SELinux) [nsa.gov] (FAQ [nsa.gov]).
When US computing, communications, and networking implementations are more secure, we all benefit, and NSA contributes to this in its overall mission.
Re:wouldn't it be nice? (Score:4, Informative)
The article also states why the NSA thinks this is in their (and the countries) interest - the mandate has come down that procurement focus on COTS (commercial, off the shelf) for more and more things. If the security of the nation or the safety of a ship or soldier are going to be left to commercial software, the government should take a more active role in due dilligence and capability review of the products it is buying. The NSA is a logical choice for doing some of that work.
I am a little surprised that nobody has said "the NSA is hording vulnerability info on windows for their own evil purposes! Use Linux!" I'll leave it as an exercize to the reader as to why that is a non-issue. (Hint: does the NSA also get to review the linux code?)
NSA (Score:3, Informative)
Re:When does the NSA help Linux distros and Mac OS (Score:3, Informative)
http://www.nsa.gov/selinux/ [nsa.gov]
Its only fair that the NSA helps Microsoft.
Enjoy,
Re:Security Enhanced Linux (Score:4, Informative)
- Vegard
Re:NSA and DES (Score:2, Informative)
Re:NSA and DES (Score:1, Informative)
As for the 56 bits for the "exportable" version of the algo, it's probably because the NSA expected to be able to brute-force it if needed.
Re:Spook backdoor to Vista (Score:5, Informative)
First, there's the mysterious NSAKey API that was in IE 4.0 (don't know if it was in later versions).
Then, there's the regkey for tcpip maxhalfopenretries, or is it maxhalfopenretires? Nobody seems to know. Yet the "retires" version is in the Win2k template supplied by the NSA. And if you run that template, this setting shows up as a vulnerability on security scans. It's a hell of a bad back door, if it's a back door, (because the vulnerability is a DoS, not very useful for snooping) but I don't understand how this mistake could just sit there, in plain text, in a freely downloadable template, without anyone trying to address it for so many years.
Re:NSA and DES (Score:1, Informative)
http://en.wikipedia.org/wiki/Data_Encryption_Stan
Re:wouldn't it be nice? (Score:3, Informative)
Do you really think that what Microsoft does and sells is the same thing as storage density? They have people, producing and supporting an enormous range of products and services. Unless you're suggesting that what it costs to employ and retain people has gone down by 500-1000 times over the last 10 years, I don't really think you're rationally comparing two useful things. Are you in IT? Have you reduced what you charge for you services by that much in the last 10 years?
Re:NSA and DES (Score:1, Informative)
(Emphasis added)
The change from 64 to 56 bits was to include an 8-bit checksum. Whether or not that was a good idea is more debatable than the changes to the S-Boxes, but is far from a HUGE GOVERNMENT CONSPIRACY. Sorry for the diversion, go back to coating your walls with tinfoil.
Would you Prefer... (Score:2, Informative)
The Karma system, here, is doing its job. That some people "abuse" it by responding to incentives is, I have to say, a bizzare position.