Microsoft Denies It Built Backdoor Into Windows 7 450
CWmike writes "Microsoft has denied that it has built a backdoor into Windows 7, a concern that surfaced yesterday after a senior National Security Agency (NSA) official testified before Congress that the agency had worked on the operating system. 'Microsoft has not and will not put "backdoors" into Windows,' a company spokeswoman said, reacting to a Computerworld story Wednesday. On Monday, Richard Schaeffer, the NSA's information assurance director, told the Senate's Subcommittee on Terrorism and Homeland Security that the agency had partnered with the developer during the creation of Windows 7 'to enhance Microsoft's operating system security guide.' Thursday's categorical denial by Microsoft was accompanied by further explanation of exactly how the NSA participated in the making of Windows 7. 'The work being discussed here is purely in conjunction with our Security Compliance Management Toolkit,' said the spokeswoman. The company rolled out the Windows 7 version of the toolkit late last month, shortly after it officially launched the operating system."
Re:NSA helped on Linux as well (Score:4, Informative)
There was quite abit of concern that Microsoft put in a backdoor for the NSA on Windows 95 though Windows 2000.
http://news.bbc.co.uk/2/hi/sci/tech/437967.stm [bbc.co.uk]
It was never confirmed that a backdoor was installed.
Re:NSA helped on Linux as well (Score:5, Informative)
And they also recommended a couple of changes to DES when it was being developed:
http://www.schneier.com/blog/archives/2004/10/the_legacy_of_d.html [schneier.com]
Folks at the time thought it was some nefarious backdoor, but a couple of decades later came to realize it actually improved the security of DES.
Re:Not really necessary (Score:5, Informative)
I think it's much more likely that the NSA would partner with Microsoft to ensure that Windows is actually more secure
It's not "likely." It's their job [nsa.gov].
Transcript of Internet Caucus Panel Discussion. (Score:3, Informative)
Re: Administration's new encryption policy.
Date: September 28, 1999.
Weldon statement. [techlawjournal.com]
Re:Not really necessary (Score:2, Informative)
"You are world delivered.... to the NSA."
Re:Really people (Score:4, Informative)
I don't think it is. I think there's an internal compiler they use, not Visual Studio.
Re:NSA helped on Linux as well (Score:5, Informative)
DES with twice the key length wasn't proportionally stronger, and the speed of computation was important enough that halving the key length with a negligible impact on strength was well advised.
3DES at 168 bits isn't nearly as strong, cryptographically, as AES or many other modern algorithms. Yet many of these algorithms can use 128-bit keys and 128-bit block sizes. So key size does not make the algorithm.
In hindsight, the NSA is fully validated on DES.
It's a GUIDE (Score:3, Informative)
DISA and the NSA produce guides.
http://iase.disa.mil/stigs/stig/index.html [disa.mil]
http://www.nsa.gov/ia/guidance/security_configuration_guides/index.shtml [nsa.gov]
They're patting one another on the back because they worked on the guide before Windows 7 was released.