Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Gets Help From NSA for Vista Security

Zonk posted more than 7 years ago | from the keeping-them-from-getting-into-mischief dept.

233

An anonymous reader writes "The Washington Post is reporting that Microsoft received help from the National Security Agency in protecting the Vista operating system from worms and viruses. The Agency aimed to help as many people as they could, and chose to assist Vista with good reason: the OS still has a 90 percent lock on the PC market, with some 600 million Vista users expected by 2010. From the article: 'The Redmond, Wash., software maker declined to be specific about the contributions the NSA made to secure the Windows operating system ... Microsoft said this is not the first time it has sought help from the NSA. For about four years, Microsoft has tapped the spy agency for security expertise in reviewing its operating systems, including the Windows XP consumer version and the Windows Server 2003 for corporate customers.'"

cancel ×

233 comments

Nothing new to NSA... (5, Informative)

daveschroeder (516195) | more than 7 years ago | (#17522272)

Information Assurance [nsa.gov] has long been one of NSA's primary missions. NSA ran the Trusted Product Evaluation Program (TPEP) [faqs.org] since 1983, which evaluated off-the-shelf commercial products against standardized security criteria, and employed various experts from government, military, academia, and industry. Contributions or recommendations from TPEP often were incorporated into future iterations of vendor products. The expanded Common Criteria programs, which grew in part out of the US Trusted Computer System Evaluation Criteria [wikipedia.org] (TCSEC, the famous Rainbow Series [wikipedia.org] of security publications), picked up where TPEP left off, now administered by the National Information Assurance Partnership (NAIP) [nsa.gov] of NSA and NIST.

NSA's Information Assurance Directorate also provides public security configuration guides [nsa.gov] for many popular applications, operating systems, database servers, routers, and other networking equipment.

Also, don't forget to check out NSA's Security-enhanced Linux (SELinux) [nsa.gov] (FAQ [nsa.gov] ).

When US computing, communications, and networking implementations are more secure, we all benefit, and NSA contributes to this in its overall mission.

Re:Nothing new to NSA... (-1, Troll)

Anonymous Coward | more than 7 years ago | (#17522390)

/\ And that, ladies and gentlemen, is a karma-whoring subscriber /\

Re:Nothing new to NSA... (1, Insightful)

daveschroeder (516195) | more than 7 years ago | (#17522440)

Nope. Just someone who happens to be a subscriber (which one would think is a good thing if one enjoys slashdot (???)), happened to see an article about to be posted, and wrote the same reply I'd have written regardless.

What's especially humorous is that, as of the time you posted your childish reply, my post hadn't been modded up, down, or changed in any way.

Feel better now? Thanks for the troll, though!

Re:Nothing new to NSA... (-1, Troll)

Anonymous Coward | more than 7 years ago | (#17522888)

Regardless of how long your incomprehensible, ranting reply is, it does not change the fact that you are a karma-whoring subscriber. Feel free to dispute it, however. That's your right. You'd just be wrong.

Re:Nothing new to NSA... (2, Interesting)

temojen (678985) | more than 7 years ago | (#17522442)

Also, there' no mention of how much of the NSA's advice MS has used and how much they've ignored.

Re:Nothing new to NSA... (4, Insightful)

bman08 (239376) | more than 7 years ago | (#17523272)

The problem is the question they asked. Not, "How can we make a secure product?" but "How can we make the product we have secure."

Re:Nothing new to NSA... (2, Insightful)

bbernard (930130) | more than 7 years ago | (#17522508)

It's interesting to me to notice that at least some of the things the NSA has suggested for XP and 2003 are settings and options that need to be configured and are not pre-configured for "out-of-the-box" operation. For instance, password length and complexity. Perhaps that's a bad example, but it shows that Microsoft is willingly supplying their OS software configured in a way that they know provides sub-standard security. While I don't specifically blame them for that--can you imagine the home users that would jump to Mac if they had to "put up with" highly secure systems--I'd love to see an install option for "high security" or the like. Even 2003 server doesn't install with an NSA recommended configuration.

password length and complexity (4, Insightful)

wiredog (43288) | more than 7 years ago | (#17522862)

The longer and more complex it is, the more likely it is to be written down on a post it stuck to the side of the monitor. Especially if you have multiple passwords on different change cycles. "Must have a capital letter, special character, number, be at least 8 characters long, and change every 3 months" is probably, in the long run, no more secure than "must be at least 8 characters long, contain one or more non-alphabetic characters, and change twice a year".

Re:password length and complexity (2, Interesting)

spun (1352) | more than 7 years ago | (#17523162)

There's an easy way to deal with complex password requirements. One place I worked required 8 characters with at least one capital letter, one lower case letter, one number, and one punctuation mark. Plus, they required a new one every month. To top it off, they kept track of the last three passwords and you couldn't reuse them. I just memorized a pattern on the keyboard (like e4r5t6y7) and hit the shift key a couple times. Then when I changed the password, I just shifted the pattern over one letter (r5t6y7u8) Never had to write it down and I didn't forget.

Re:password length and complexity (1)

bloobloo (957543) | more than 7 years ago | (#17523262)

Much easier than that. Think of a word. Add punctuation mark of choice. Then change the number at the end each month so it is 01 in January etc. This is how most people I know do it. Whether that is secure or not is a different matter.

Spook backdoor to Vista (2, Interesting)

dougwhitehead (573106) | more than 7 years ago | (#17522962)

The encryption cat is out of the bag, so if you can't own the communication channel, own the computers on either end.

Sure, I'm just delusional. But then again, there was that WMF exploit that according to Security guy Steve Gibson (grc.com and the SecurityNow podcast) inferred that was deliberately put in the code by someone (though he didn't point the finger at MS, some contractor for MS, at the Gov't direction, or anyone else). Before it was patched, it allowed the execution of arbitrary code on a client computer, caused by merely visiting a website that had a WMF icon/image in it.

Sure sound like a useful tool to fight terrorists who communicate on the internet (or anyone else).

wouldn't it be nice? (5, Insightful)

yagu (721525) | more than 7 years ago | (#17522282)

Wouldn't it be nice to be a company so large and dominant in it's industry yet so inept in delivering a code-complete product it gets help (I'm assuming for free) from government agencies to try and get it right? So, my tax dollars at work for Microsoft... (the article does mention Microsoft gets this help for free, I can only assume then "we" foot the bill).

I'm not saying Microsoft shouldn't collaborate with external organizations, but why am I paying for it? Even more reason to be upset about their usurious rates for their new OS. Consider that the drive I bought at Costco 10 years ago (500MB) costs on the order of 500 to 1000 times more (that's almost two magnitudes) than storage today, and that Microsoft continues to charge at the same rate -- they even seem to adjust for inflation.

</rant>

Re:wouldn't it be nice? (1)

PingSpike (947548) | more than 7 years ago | (#17522374)

You're paying for it because its for the good of the nation! Now lets see about increasing that H1B visa quota so Microsoft can increase the amount of indentured servants on its pay roll.

Re:wouldn't it be nice? (5, Funny)

DaveTuck (973684) | more than 7 years ago | (#17522578)

Now lets see about increasing that H1B visa quota
What the hell have pencils got to do with it??!!

Re:wouldn't it be nice? (0)

Anonymous Coward | more than 7 years ago | (#17522678)

What's love got to do with it?

Re:wouldn't it be nice? (1)

Red_Foreman (877991) | more than 7 years ago | (#17522392)

Especially since without the NSA's help, Windows would likely have even more holes and problems and might even frustrate the average user enough to either demand that MS fixes the problems, or worse: massive refund drives or even a class action lawsuit.

Still, even with the NSA's support, Vista seems to have a lot of problems, especially where the IP "receive window size" is concerned.

Re:wouldn't it be nice? (1)

somersault (912633) | more than 7 years ago | (#17522454)

Err.. when has software's value ever been judged from the amount that the user can store? Unless you don't have a lot of space of course, but just because hard drives and processors are better and cheaper (or at least hold more and go faster) than they used to be, doesn't mean that the value of any software running on them decreases proportionally.

Anyway, other than that, even though it sucks for you guys who are paying for your government to do this, I'm quite happy that the US Gov will be helping to cut down on the amount of spam and fraud that is going on, which they or at least their economy end up paying for in some way or another.

Re:wouldn't it be nice? (0)

Anonymous Coward | more than 7 years ago | (#17522462)

Your comment has been tagged by me as "Ignorant".


Exhibit A: Government provides services either free of charge or for some nominal fee. These services are generally considered public goods and are paid for with taxes collected. The idea that Microsoft gets help 'for free' while 'we' pay the bill is ignorany.

Exhibit B: Your hard drive analogy is just plain stupid. A house bought 10 years ago is now worth more than it was then, even after adjusting for inflation. So is an ounce of silver. And Google stock. And a barrel of oil. And all my mutual funds. And a loaf of bread. And wood. And steel.

Re:wouldn't it be nice? (3, Informative)

bmajik (96670) | more than 7 years ago | (#17522590)

A cursory glance at the article would reveal that the spooks also work with Apple and that Novel also works with "somebody" in the govt.

The article also states why the NSA thinks this is in their (and the countries) interest - the mandate has come down that procurement focus on COTS (commercial, off the shelf) for more and more things. If the security of the nation or the safety of a ship or soldier are going to be left to commercial software, the government should take a more active role in due dilligence and capability review of the products it is buying. The NSA is a logical choice for doing some of that work.

I am a little surprised that nobody has said "the NSA is hording vulnerability info on windows for their own evil purposes! Use Linux!" I'll leave it as an exercize to the reader as to why that is a non-issue. (Hint: does the NSA also get to review the linux code?)

Re:wouldn't it be nice? (0)

Anonymous Coward | more than 7 years ago | (#17523164)

Does anyone remember that Aegis cruiser's name that ran windows nt, then crashed and burned and had to be towed in 1997 or something?

I think Yorktown, but I can't find it so it's probably wrong.

Re:wouldn't it be nice? (0)

ibbo (241948) | more than 7 years ago | (#17523248)

More like the NSA has added its own (N) lines of code so it can monopolise the 90% in Desktop OS's and spy on the lot of you for free.

Beware uncle sam is recording every key stroke of every windows user!

Of course I'm making this up, BUT there is always a BUT.

Ibbo

Helping Microsoft or helping users? (4, Insightful)

mi (197448) | more than 7 years ago | (#17522604)

I certainly understand and share the frustration of tax-dollars helping a healthy and profitable corporation, but another way to look at this is NSA is helping the users. The proper long-term solution would, probably, be to make software vendors liable for flaws in their products — as is the case with most other industries. Short-term, however, National Security Agency making personal computers harder to hijack does, indeed, contribute to, uhmm, national security...

Microsoft is not the only entity to benefit either, BTW. For example, FreeBSD cvs-commit messages have plenty of acknowledgments of government's help (fgrep for TrustedBSD [trustedbsd.org] ). The NSA-funded [nsa.gov] SELinux [wikipedia.org] is another example...

NSA is, supposedly, full of very smart, technically adept people, who, no doubt, strongly prefer Unix-like OSes (on average) to Microsoft's offerings. However, with Microsoft's market-dominance, it gives a lot more bang for the NSA's buck to help them, rather than the OSS projects...

Granted, there is a danger of this solution perpetuating the problem, but that's a distant and lesser danger, than the present and grave one of millions of zombies arraigned into bot-nets and immediately usable (and up for hire) against businesses and government institutions alike.

Re:Helping Microsoft or helping users? (2, Insightful)

crush (19364) | more than 7 years ago | (#17523116)

I certainly understand and share the frustration of tax-dollars helping a healthy and profitable corporation, but another way to look at this is NSA is helping the users.

It would be nice if that were true, but given the secrecy and lack of information about exactly what the NSA did we have no idea how "helped" any of us are.

As it stands, this announcement is effectively the government giving free publicity to Microsoft and claiming without any evidence that Vista is secure in some way. (See all the "Good Housekeeping" seal-of-approval guff from the Microsoft spokesperson in the article.) In fact we have no idea from this whether they were helping to get Treacherous Computing [gnu.org] debugged, so that "the users" don't control the software on their machines properly, or if they just tested a firewall, or what.

In any event, if the government wanted to help "the users" it would make it very clear as to what security criteria were met and whether or not Vista reaches it. It would publish a table with GNU/Linux, Mac OSX, Microsoft Vista etc results from their testing labs and make recommendations as to which should/should-not be used if we want to stop our economy being crippled (through wasted time, ID theft etc) by crappy software.

The fact that none of the above is done lends credence to the theory that this is the government lending a helping hand to a private monopoly, because the roll out of their latest software abortion is looking like a flop.

This is the equivalent of Microsoft jumping up and down beside the NSA and yelling "look, I'm with the trustworthy guy!". Shame on the NSA for either being used, or voluntarily abusing its position like this.

Re:wouldn't it be nice? (1)

derrickh (157646) | more than 7 years ago | (#17522636)

What exactly are you complaining about? Are you actually blaming Microsoft for the low cost of data storage? Or are you blaming Microsoft for seeking outside help? Or are you blaming the US government for helping secure the computers of 600 million users?

Are you upset at helping to pay for the filling the pothole outside my door? What about the FDA spending money to improve drugs for women that you'll never take? Or are you just mad that Microsoft seems to actually be trying to make Vista a decent OS?

You seem to have so much blind hatred for MS that you're quick to blame them for anymove they make, for any reason.

D

NSA (2, Informative)

Savage-Rabbit (308260) | more than 7 years ago | (#17522668)

Wouldn't it be nice to be a company so large and dominant in it's industry yet so inept in delivering a code-complete product it gets help (I'm assuming for free) from government agencies to try and get it right?
To be fair to the NSA (and leaving aside for the moment any tin-foil-hat conspiracy theories about backdoors) they also gave Linux some security overhauls [wikipedia.org] . So it's not as if they are picking sides here. The NSA also publishes Operating Systems Guides [nsa.gov] that any administrator or user can download and use to harden his/her OS. These are also available for multiple OS'es. I'm no fan of the NSA but sometimes they actually do good work.

Re:NSA (1)

Martin Blank (154261) | more than 7 years ago | (#17523114)

Their Windows guides were influential enough that when Microsoft published its own guide for Windows 2003, NSA decided that it was good enough that they didn't have to write their own. It was at its core a rewrite of the NSA's Windows 2000 guide, but introduced more scenarios and was slightly less sleep-inducing.

Batting 500 (2, Insightful)

Gription (1006467) | more than 7 years ago | (#17522714)

"Wouldn't it be nice to be a company so large and dominant in it's industry yet so inept in delivering a code-complete product it gets help (I'm assuming for free) from government agencies to try and get it right? So, my tax dollars at work for Microsoft... (the article does mention Microsoft gets this help for free, I can only assume then "we" foot the bill)."

The NSA has many reasons to help MS. From the article it is obvious that they recognize that MS has a pervasive monopoly in desktop OSes and is expected to continue to. (Anyone hear the DOJ going EEK here?) If they secure this OS they make their lives easier and safer for the foreseeable future. Besides, they can get in on the development of the code and make sure that they will have the "behind the scenes" access that they want. (for your personal protection of course!)

"I'm not saying Microsoft shouldn't collaborate with external organizations, but why am I paying for it? Even more reason to be upset about their usurious rates for their new OS. Consider that the drive I bought at Costco 10 years ago (500MB) costs on the order of 500 to 1000 times more (that's almost two magnitudes) than storage today, and that Microsoft continues to charge at the same rate -- they even seem to adjust for inflation."

Huh?

Re:wouldn't it be nice? (2, Funny)

AndroidCat (229562) | more than 7 years ago | (#17522994)

I don't see the problem.

For the same money as you paid for your hard drive 10 years ago, you get a drive with 500 to 1000 times more storage.
For the same money as you paid for Windows 10 years ago, you get a product that uses up 500 to 1000 times more storage.

Re:wouldn't it be nice? (1)

KarmaMB84 (743001) | more than 7 years ago | (#17523034)

If you're a government agency that's supposed to be looking out for national security... the security of an operating system used by the vast majority of citizens, corporations and the government is probably of interest...

Let me guess.. (4, Funny)

scsirob (246572) | more than 7 years ago | (#17522302)

.. They contributed "WIRETAP.DLL" and "TERRORSCAN.EXE" which are required components to pass the new-and-improved Windows Genuine Advantage test, right?!?

Re:Let me guess.. (3, Funny)

Anonymous Coward | more than 7 years ago | (#17522396)

TERRORSCAN.EXE doesn't really conform to Microsoft naming conventions. You should probably be looking for terrscn.exe

Re:Let me guess.. (1)

Nasarius (593729) | more than 7 years ago | (#17523236)

Heh. In the past few years, MS has gotten a little less stupid about implementing backwards compatibility at all the wrong layers. I guess someone finally realized that Ye Olde FAT16 was put out of its misery ten years ago, and they were using an emulator [wikipedia.org] for DOS compatibility anyway. I'll bet that typing c:\progra~1 in Explorer on Vista still works, though. *shudder*

Re:Let me guess.. (2, Funny)

A_Non_Moose (413034) | more than 7 years ago | (#17523056)

.. They contributed "WIRETAP.DLL" and "TERRORSCAN.EXE" which are required components to pass the new-and-improved Windows Genuine Advantage test, right?!?

(tinfoil hat mode = on)

No need, the backdoors are already in place, they just needed to strenghten the password to:

M0z1LLA3nG1n33r$aR3w33N13$

According to their own standards.

HTH

(/TFH off)

Good Enough (1)

SRA8 (859587) | more than 7 years ago | (#17522304)

...For Corporate Work

90% market share? (4, Funny)

Bohnanza (523456) | more than 7 years ago | (#17522342)

"The Agency aimed to help as many people as they could, and chose to assist Vista with good reason: the OS still has a 90 percent lock on the PC market"

Wow! And it's not even out yet!

Re:90% market share? (1)

darkmeridian (119044) | more than 7 years ago | (#17522476)

The article probably made a typo, but all the OEM machines are already loaded with their operating systems. It seems certain that at least 90% of Dells, Gateways, HPs, and similar desktops are being preloaded with Windows Vista.

Re:90% market share? (1)

geeber (520231) | more than 7 years ago | (#17522760)

Fair enough, but 90% of the Dells, Gateways, and HPs currently preloaded with Vista still doesn't constitute 90% of the current machines out there in operation.

Re:90% market share? (1)

symbolic (11752) | more than 7 years ago | (#17523214)

I hope the words "90 percent lock" set off some alarms....that's the problem. Until Microsoft is forced to publish complete specifications for its "proprietary" document and file system formats, as well as other "proprietary" protocols so that other players are *able* to attain 100% compatibility, nothing will change. Switching an operating or an application should be painless and completely transparent to the user, but due to Microsoft's "lock," it's everything *but* painless and transparent.

Profit (0)

Anonymous Coward | more than 7 years ago | (#17522366)

1) Write crappy software
2) Get a tax-payer based agency to partly fix your crap
3) Apply your illegal monopoly power
4) Profit!

Tax Dollars (1, Interesting)

Underfunded (1039600) | more than 7 years ago | (#17522368)

So our Taxes (for us US residents) are going to the Government (NSA included) to help secure Vista so Microsoft can sell it to us Taxpayers and make more money. What do you say that Microsoft should mark down the price of each Vista copy sold by $1 until the monetary value of the NSA's help is repaid?

Re:Tax Dollars (2, Insightful)

Sancho (17056) | more than 7 years ago | (#17522680)

Look at it this way: the NSA is helping to prevent zombies from spamming us all to hell. Even if you're not a Windows user, you have to live with 90% of the people on the Internets being Windows users.

Re:Tax Dollars (1)

Underfunded (1039600) | more than 7 years ago | (#17522820)

I thought the way to beat Zombies was with baseball bats and axes? Seriously though, that is an excellent point.

Re:Tax Dollars (0, Offtopic)

Martin Blank (154261) | more than 7 years ago | (#17523180)

Actually, you want distance from the walking dead, so .22-caliber rifles are considered superb weapons as long as they're in good shape and you're not firing from too far away. They're lightweight, low recoil, you can carry hundreds of rounds without much effort, and the rounds bounce around in the head a couple of times (if they pierce). Baseball bats and axes are last resorts, because if you have to use them, you've let them get too close. It's all spelled out in the Zombie Survival Guide [amazon.com] .

Buy! (2, Funny)

jbeaupre (752124) | more than 7 years ago | (#17522380)

I'm buying more stock in Alcoa, that is. With the surge in Reynolds Wrap sales, I'll make a fortune! My just buy a roll myself.

Re:Buy! (1)

jbeaupre (752124) | more than 7 years ago | (#17522412)

Doh. Should be "Might just buy a roll myself." I love Firefox's spellcheck, but I'm still waiting on the dumb-ass-comment-check to minimize looking like a fool.

haha (0)

Anonymous Coward | more than 7 years ago | (#17522388)

Like the NSA knows about security

Good, the NSA does some useful things (4, Insightful)

crush (19364) | more than 7 years ago | (#17522398)

If the NSA can help Microsoft tighten up it's shitty systems then that's good. There are already positive benefits from NSA research into the Flask [nsa.gov] OS in the form of GNU/Linux's SElinux [redhat.com] .

The only problem I have with any of this is that this is another government subsidy (read our tax dollars) going to subsidise a private company which should (given the vast profits it makes) be able to pay for its own security research instead of dipping its snout into the public trough.

Re:Good, the NSA does some useful things (1)

parvenu74 (310712) | more than 7 years ago | (#17522736)

Considering how big of a job it is to make Windows secure, when the hell did the NSA find the time to tap the phone calls of Americans and "terrorists?" Something about this story sounds fishy....

Re:Good, the NSA does some useful things (1)

AndersOSU (873247) | more than 7 years ago | (#17522842)

I think they used some sort of distributed computing system on every windows machine.

Tip of the day (3, Interesting)

pubjames (468013) | more than 7 years ago | (#17522404)


Hey, here's a tip for all you foreign governments out there: Don't use Windows! I hope that helps!

Seriously, I can't believe that there isn't greater demand for other alternatives to Windows in foreign governments. I wonder if Mahmoud Ahmadinejad uses windows...

Re:Tip of the day (2, Interesting)

Cheesey (70139) | more than 7 years ago | (#17522666)

Not just foreign governments - entire nations as well. A modern economy could be totally disrupted if all the Windows machines stopped working. It might be a bad idea to allow a foreign power to execute arbitrary code on machines in your country, which is exactly what Windows Update does. Windows Update is a very powerful weapon, all the more so because few recognise it as such.

Countries might want to set up firewalls to intercept updates so that they can be screened for malicious code before anyone can access them. All major application update mechanisms will need to be checked.

Re:Tip of the day (0)

Anonymous Coward | more than 7 years ago | (#17523226)

Countries might want to set up firewalls to intercept updates so that they can be screened for malicious code before anyone can access them. All major application update mechanisms will need to be checked.


Riiiiight.. because we all know how easy it is to scope out an executable to find back doors. Hell, it's hard enough when you have the source in some cases.

The best solution is not to use MS software or even closed source software in general, but of course that's not going to happen.

He has a blog (1)

zogger (617870) | more than 7 years ago | (#17522742)

www.ahmadinejad.ir/

Ask him!

Re:Tip of the day (1)

alexhs (877055) | more than 7 years ago | (#17522996)

I wonder if Mahmoud Ahmadinejad uses windows...
I bet he does ! And doors too ! :)

beware the corepirate nazi/military complex (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#17522418)

who said that? they probably knew something about it?

from previous post: many demand corepirate nazi execrable stop abusing US

we the peepoles?

how is it allowed? just like corn passing through a bird's butt eye gas.

all they (the felonious nazi execrable) want is... everything. at what cost to US?

for many of US, the only way out is up.

don't forget, for each of the creators' innocents harmed (in any way) there is a debt that must/will be repaid by you/US as the perpetrators/minions of unprecedented evile will not be available after the big flash occurs.

'vote' with (what's left in) yOUR wallet. help bring an end to unprecedented evile's manifestation through yOUR owned felonious corepirate nazi life0cidal glowbull warmongering execrable.

some of US should consider ourselves very fortunate to be among those scheduled to survive after the big flash/implementation of the creators' wwwildly popular planet/population rescue initiative/mandate.

it's right in the manual, 'world without end', etc....

as we all ?know?, change is inevitable, & denying/ignoring gravity, logic, morality, etc..., is only possible, on a temporary basis.

concern about the course of events that will occur should the corepirate nazi life0cidal execrable fail to be intervened upon is in order.

'do not be dismayed' (also from the manual). however, it's ok/recommended, to not attempt to live under/accept, fauxking nazi felon greed/fear/ego based pr ?firm? scriptdead mindphuking hypenosys.

consult with/trust in yOUR creators. providing more than enough of everything for everyone (without any distracting/spiritdead personal gain motives), whilst badtolling unprecedented evile, using an unlimited supply of newclear power, since/until forever. see you there?

Re:beware the corepirate nazi/military complex (0)

Anonymous Coward | more than 7 years ago | (#17522580)

Jack Thompson? Is that you?

Right... (0)

Anonymous Coward | more than 7 years ago | (#17522424)

This is the agency that used to be so paranoid it manufactured it's own CPUs. They're not recommending a closed source OS, it's more an indictment that the best funded monopoly in history is incapable of securing it's own shoddy software.

I wonder what "feaures" the NSA... (0)

Anonymous Coward | more than 7 years ago | (#17522846)

will turn on when you select a region of:

"China"

"N. Korea"

anywhere in the Middle East

"Russia"

You get the idea....

Re:Right... (0)

Anonymous Coward | more than 7 years ago | (#17522950)

Hello, sir!

I couldn't help but notice you erroneously inserted an apostrophe in that possessive pronoun! Remember, Baron English says: if 'it' indicates possession, through that apostrophe away tickety-boo!

Regards
Grammar Boy

Re:Right... (0)

Anonymous Coward | more than 7 years ago | (#17523084)

Of course, I misspelled 'throw' just now on purpose, as a joke! Get it? ... No?

OK, it wasn't a joke. :(

BWHAHA (1)

jrwr00 (1035020) | more than 7 years ago | (#17522436)

I remember reading the "if they made toasters" a while back,
NSA: Your Toaster would have a hidden back door, just in case of national security
Microsoft: it would weigh 95 tons, and would do every thing apple has done but 5 years later

Re:BWHAHA (3, Funny)

jrwr00 (1035020) | more than 7 years ago | (#17522482)

here we go, i found what it really said

If Microsoft made toasters... Every time you bought a loaf of bread, you would have to buy a Microsoft toaster. You wouldn't have to take the toaster, but you'd still have to pay for it anyway. Its Toaster XP and its new Toaster Vista would take up so much counter space in your kitchen that you'd have to buy a larger kitchen, plus they would draw enough electricity to power a small city. Both models would claim to be the first toaster that let you control how light or dark you want your toast to be, and would secretly interrogate your other appliances to find out who made them. If the appliances were made by another company, the Microsoft toaster would send a signal through the electric wiring in your house to disable them. Everyone would hate Microsoft toasters, but would buy them anyway since most of the good bread only works with Microsoft toasters. Microsoft would claim that it doesn't have a monopoly on toasters, but stores that sold other toasters would have to pay a lot more for Microsoft's toasters.

If the NSA made toasters... Your toaster would have a secret trap door that only the NSA could access in case its agents needed to get at your toast for reasons of national security.

Re:BWHAHA (1)

erroneous (158367) | more than 7 years ago | (#17522738)

If Sony made toasters:
- It would overheat and your toast would catch fire.
- It would cost too much because they all have a Blu-Ray drive fitted.

If Apple made toasters:
- It wouldn't be the first toaster, the best toaster, or the cheapest toaster, but a brazillion fanboys would claim that toast from the Apple toaster tasted better
- It would look all white and plasticky like a kitchen appliance

If the FOSS community made toasters:
- Everytime a developer "forked" a toaster there'd be one less developer.

If Nintendo made toasters:
- It would eschew traditional toasting methods and the innovative "toastemote" would require the user to wave his toast about really fast to toast it.

Re:BWHAHA (1)

clickclickdrone (964164) | more than 7 years ago | (#17522872)

>If Sony made toasters:
You forgot: * And if it ever went wrong you'd not see your toaster for 6 months and have to pay $100 for someone to even look at it even though it only cost $80.
* It only works with Sony bread which is twice as expensive but has slightly smaller slices

Re:BWHAHA (0)

Anonymous Coward | more than 7 years ago | (#17523196)

If Sony made toasters:
- They would also sell Sony bread which would automatically install Rootkit(tm) Webcam technology in your toaster. Rootkit(tm) Webcam technology allows anyone on the Internet to watch you to make sure you don't attempt to make bread that tastes like Sony bread.

Who will they get to play Bill Gates? (1)

monkeyboythom (796957) | more than 7 years ago | (#17522438)

When they make, "The Good Virus Shepherd."

Help from the NSA? (2, Funny)

MindSlap (640263) | more than 7 years ago | (#17522452)

What??
Were they having problems getting the new NSAKEY http://en.wikipedia.org/wiki/NSAKEY [wikipedia.org] to work?

Wow (1)

SuperStretchy (1018064) | more than 7 years ago | (#17522496)

How convoluted is this- that the same government that fines MS for anti-trust issues grants them "advice" and tech.

Not to add fuel to the fire, but where's Apple in all of this, or is it because Vista will be running on all the government PC's? Naw, that couldn't be the case.

Tony Almeda used a Mac on 24.

Re:Wow (1)

Timesprout (579035) | more than 7 years ago | (#17522610)

Not to add fuel to the fire, but where's Apple in all of this
Well if you bothered to RTFA you would have seen that Apple (and others) are getting the same sort of assistance in securing their products from the NSA.

Re:Wow (1)

SuperStretchy (1018064) | more than 7 years ago | (#17522952)

Read what article?

Re:Wow (0)

Anonymous Coward | more than 7 years ago | (#17522700)

If you RTFA (I know, I know, this is Slashdot), you will see that the NSA is helping Apple, as well as Novell. Oh, right, the article is about Microsoft, we're supposed to whine and moan and complain--despite the NSA doing the very same thing for Linux! Or does SELinux exist only in people's imaginations?

All Your Entropy Are Belong To Us! (1, Funny)

Anonymous Coward | more than 7 years ago | (#17522510)

You have no chance to generate non-predictable keys. Make your time.

Ha-ha-ha.

Love,

NSA

Wait a minute.... (1)

MasterPoof (876056) | more than 7 years ago | (#17522576)

Now we have further proof of government incompetence ! I see a movie here... "They couldn't fix Windows, how the hell are they gonna save us?"

Interesting (or not) (2, Interesting)

theskipper (461997) | more than 7 years ago | (#17522596)

Unless I missed it, while reading the article I kept expecting there to be a mention about the possible inclusion of a backdoor. Maybe my tinfoil hat is too tight but it seems like a valid question these days when discussing the NSA and operating systems. Especially for an upcoming consumer OS given that the sixpack set is reading more and more about privacy and fourth ammendment concerns in the mainstream press.

Point being, it seems like something that the vendor would want to dispel pronto. (Yes, Apple and Novell also as they collaborate with the NSA per TFA).

Wow - everyone is bad at their job (1)

gelfling (6534) | more than 7 years ago | (#17522606)

"For YEARS"? the NSA has helped MS with security issues? The mind reels. A bunch of talented amateurs building Linux do a better effort than the combined efforts of MS and the NSA. The next time the NSA comes to help me with a problem I think I'll politely decline.

Re:Wow - everyone is bad at their job (1)

Kadin2048 (468275) | more than 7 years ago | (#17523016)

"For YEARS"? the NSA has helped MS with security issues? The mind reels. A bunch of talented amateurs building Linux do a better effort than the combined efforts of MS and the NSA. The next time the NSA comes to help me with a problem I think I'll politely decline.

Except that some of those "talented amateurs" were in fact NSA employees, working to make Linux more secure, as part of a project called Security-Enhanced Linux [nsa.gov] ...which has been incorporated into the mainline 2.6 kernel tree.

Security Enhanced Linux (2, Interesting)

DaoudaW (533025) | more than 7 years ago | (#17522612)

On one hand since the NSA has been helping with linux security for years with SELinux [nsa.gov] , it seems only fair that they would be willing to similarly assist M$. But my concern would be whether they are violating the GPL under which they released SELinux. If they are using concepts they developed for the open source SELinux in Vista, shouldn't M$ be required to open source at least those portions of Vista?

Re:Security Enhanced Linux (0)

Anonymous Coward | more than 7 years ago | (#17522766)

The government is above the law. Remember?

Re:Security Enhanced Linux (1)

gsnedders (928327) | more than 7 years ago | (#17522786)

The concepts aren't GPL'd. The code that implements the concepts are. Anyone is free to re-implement the concept without restriction (unless, of course, you're in a country with software patents).

Re:Security Enhanced Linux (3, Informative)

Vegard (11855) | more than 7 years ago | (#17523270)

In addition to the other comments: If it's their own code, and only theirs, they are free to license it under any license they will, even if it's already licensed under GPL. It's called dual-licensing, and is a well-known practise.

- Vegard

Nothing to see here... (1)

BeProf (597697) | more than 7 years ago | (#17522648)

This doesn't sound like a major code review. This sounds more like the NSA tested Vista (something they were going to have to do anyway) and just let microsoft see some of the test results and give them specific guidance as to what they could do to make things more secure. All of which is something they'd probably be willing to do for Apple or any other companies that make products that are either in use or will be in use within DoD.

They did the same thing for DES back in the day, remember?

At least (1)

El Lobo (994537) | more than 7 years ago | (#17522672)

At leat they are wasting their time and resources in something usefull to the majority of the user and not in a minority Linuzz obscure distro that only 4 cats can use. That is good use for tax money: invert it for the good of the majority of the society. And moderate down me, I don't fucking care.

Get some typing letters (1)

Stormx2 (1003260) | more than 7 years ago | (#17522692)

NSA? I know "S" and "R" are kinda near eachother... but really!

Yeah Right (1)

UPZ (947916) | more than 7 years ago | (#17522716)

Like only NSA could help secure an OS........I bet thats the official excuse for MS-NSA cooperation for inserting an NSA spy agent in the Vista. MS has already shown disregard for civil liberties by including DRM, so why would they object to this? I'm sure they couldve used a ton of other groups, as well as increasing in-house teams, to help them actually "secure" Vista. But they specifically are working with a domestic SPY agency.

Re:Yeah Right (0)

Anonymous Coward | more than 7 years ago | (#17522836)


Like only NSA could help secure an OS........I bet thats the official excuse for MS-NSA cooperation for inserting an NSA spy agent in the Vista. MS has already shown disregard for civil liberties by including DRM, so why would they object to this? I'm sure they couldve used a ton of other groups, as well as increasing in-house teams, to help them actually "secure" Vista. But they specifically are working with a domestic SPY agency.

Oh come on, be realistic with your paranoia! Any information about that would be a national secret. When government spyware is put into Windows, you won't hear anything about it. It may already have happened. If it has not, then it could be done with a few days notice via Windows Update. AT&T didn't object to the government tapping all the international phone lines, and Microsoft won't object to extra code being added to outgoing updates. It will be made legal at a later stage, after it is discovered.

The Vista Code (1)

jusDfaqs (997794) | more than 7 years ago | (#17522728)

Microsoft gets help from NSA on VISTA!
Is this better or worse? Now we have the power hungry NSA helping the money hungry Microshaft write the code for the latest and greatest Windows (TM) OS. Does this mean that we are going to be beta testing the bugs for the NSA now too?

NEWS FLASH
The US was down today while administrators patched the NSA Mainframe against some poor insignificant smucks xml buffer overflow that almost started a meltdown in the communities power plant.

In other news the FBI released the Windows Vista version guide....

Well THAT worked, eh? (1)

jpellino (202698) | more than 7 years ago | (#17522748)

"For about four years, Microsoft has tapped the spy agency for security expertise in reviewing its operating systems, including the Windows XP consumer version..."

Jeez. If I were either MS or NSA I wouldn't even admit that given the XP home security record.

When does the NSA help Linux distros and Mac OS? (2, Interesting)

joekampf (715059) | more than 7 years ago | (#17522752)

When is the NSA gonna help with Red Hat, Mandrake or Mac OS? I must say that this is totally off the board. MS should be paying the NSA to help with this. They should be footing the bill!

Re:When does the NSA help Linux distros and Mac OS (0)

Anonymous Coward | more than 7 years ago | (#17522960)

Ever heard of SELinux? Guess who built it? Yes, the NSA.

If you would RTFA, you would see that they do work with Apple and Novell, at least.

Grow up, fanboy.

Re:When does the NSA help Linux distros and Mac OS (2, Informative)

NullProg (70833) | more than 7 years ago | (#17523022)

When is the NSA gonna help with Red Hat, Mandrake or Mac OS? I must say that this is totally off the board. MS should be paying the NSA to help with this. They should be footing the bill!

http://www.nsa.gov/selinux/ [nsa.gov]

Its only fair that the NSA helps Microsoft.

Enjoy,

Now thats SPYWARE! (2, Funny)

netsfr (839855) | more than 7 years ago | (#17522780)

lol

Actually, its kinda creepy...

Re:Now thats SPYWARE! (0)

Anonymous Coward | more than 7 years ago | (#17522864)

you meant to say SPYware

You know, I could have been in the NSA... (0)

Anonymous Coward | more than 7 years ago | (#17522832)

...or worked for Microsoft. But they found out my parents were married.

Read TFA (4, Interesting)

Anonymous Codger (96717) | more than 7 years ago | (#17522868)

It doesn't sound like NSA helped write code - it sounds like their primary contribution was in testing:

"The NSA also declined to be specific but said it used two groups -- a "red team" and a "blue team" -- to test Vista's security. The red team, for instance, posed as "the determined, technically competent adversary" to disrupt, corrupt or steal information. "They pretend to be bad guys," Sager said. The blue team helped Defense Department system administrators with Vista's configuration ."

Also, Microsoft isn't the only company that NSA and other govt. agencies have helped with security. Besides SELinux, which others have mentioned, there's Apple:

"Other software makers have turned to government agencies for security advice, including Apple, which makes the Mac OS X operating system. "We work with a number of U.S. government agencies on Mac OS X security and collaborated with the NSA on the Mac OS X security configuration guide," said Apple spokesman Anuj Nayar in an e-mail."

So this isn't that big a deal, it's just that Microsoft is trying to capitalize on the relationship to counter the prevailing belief (or truth?) that Windows is insecure and that Vista is no big improvement.

So what that really means... (0)

Anonymous Coward | more than 7 years ago | (#17522870)

Microsoft does not employ the best and the smartest - splains a-lot.

Wrong helper (5, Funny)

gmuslera (3436) | more than 7 years ago | (#17522940)

They should ask for help to the Vatican, after all, is a miracle what they are looking for.

The NSA's next task for MS (0, Offtopic)

dweebzilla (871704) | more than 7 years ago | (#17522948)

Perhaps Microsoft will put the NSA to task on figuring out how to get IE compatible with industry standards.

What did NSA get in return ? (1)

jonfr (888673) | more than 7 years ago | (#17523042)

I want to know what NSA did get in return for the help. Far as I know, help from NSA doesn't come cheap, it also doesn't come with some type of a attachment that benefits NSA.

The Most Popular... (0, Flamebait)

Cstryon (793006) | more than 7 years ago | (#17523184)

...OS will always be the most Vulnerable (Spelling?) Maybe the NSA can slow down how fast Windows gets raped.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...