ZDNet Government

David Gewirtz
Home / News & Blogs / ZDNet Government

Microsoft turns over all Win7 and server source code to Russia's new KGB

By | July 14, 2010, 9:27am PDT

Summary: What do you think? Do you think giving the Russian secret service access to Windows source puts America at a severe security disadvantage?

It seems absurd. Microsoft, America’s preeminent software maker, provides the operating system for more than 90% of the world’s computers — including those used by the U.S. Government.

Microsoft has always carefully protected the source code to its operating systems. In fact, a key distinction between the various Windows variants and open source OSs like Linux and BSD is that Linux and BSD are open source.

Microsoft protects its source code for a variety of reasons. One reason Microsoft doesn’t release its code is that its source code is the company’s crown jewels, it’s proprietary advantage.

Another is consistency. If the source code were made public, it might be possible for customers to “fork” the OS, leading to a wide variety of somewhat dissimilar “distros” of Windows.

But the prime reason is security. If its source code were made public, it might be easier for hackers to find vulnerabilities and exploit them — anything from breaking into systems to merely breaking to serial number validation process.

That’s why a little piece of news covered by ZDNet UK’s Tom Espiner is so astonishing.

According to Espiner, Microsoft has turned over all its source code for Windows 7, along with its source for Microsoft Windows Server 2008 R2, Microsoft Office 2010 and Microsoft SQL Server to Russia’s Federal’naya sluzhba bezopasnosti Rossiyskoy Federatsii. The FSB is present-day Russia’s successor to the infamous Soviet-era KGB.

As has become quite apparent over the last week, Russia is far from out of the espionage business.

As Espiner reports, this is all about business, rather than state security. Microsoft has a Government Security Program where it allows governments access to its source code, ostensibly as part of the company’s various bids to sell software to international governments.

From a security perspective, this is an astonishing act. The agency that took over from the KGB and which has been just recently proven to be conducting long-term spying operations against the United States now has access to Windows source code — while at the same time, most American IT operations don’t.

Not only does this give the Russians the opportunity to find gaps in Windows security — it gives them the opportunity to do so while most American companies and organizations don’t have the same opportunity to find the same gaps and plug them.

Look, I think it’s important for American companies to export their goods and services, but we’ve long had a policy of restricting certain products from export. Perhaps it would have been wise to add Windows source code to that list before giving up the crown jewels to a frenemy of uncertain intention.

Another approach: If Microsoft’s going to give source code to Russia, it should release it to the public. Open source certainly hasn’t harmed Linux’ success and doing so would at least put American IT operators on a level playing field with the Russian secret service.

Update: Dancho has an excellent related post

What do you think? Do you think giving the Russian secret service access to Windows source puts America at a severe security disadvantage?

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “ZDNet Government”

Topics

Source Code, Russia, Microsoft Corp., FSB, David Gewirtz

David Gewirtz, Distinguished Lecturer at CBS Interactive, is an author, U.S. policy advisor, and computer scientist. He is featured in The History Channel special The President's Book of Secrets.

Disclosure

David Gewirtz

At various times during his adult life, David has voted for both Democrats and Republicans, and has been disappointed by both. He is deeply disturbed by how partisanship has come before patriotism in America, which gives him the freedom to pick on both sides.

David is a frequent guest on TV and radio stations across America and can usually be heard or seen on-the-air at least once a week. He writes weekly commentary and analysis for CNN’s Anderson Cooper 360 and has been interviewed by Fox News, CNN, various ABC and NBC affiliates, and Canada’s Global TV. He has been a featured guest on National Public Radio and has also been featured on Voice of America, Radio Free Europe, and Radio Liberty where his commentaries on technology, industry, and emerging nations have been broadcast into 46 countries (all in their own unique translations).

David is the executive director of U.S. Strategic Perspective Institute, a nonprofit research and policy organization. He is the Cyberterrorism Advisor for the International Association for Counterterrorism & Security Professionals, a columnist for The Journal of Counterterrorism and Homeland Security and a special contributor to Frontline Security Magazine. He is a member of the FBI’s InfraGard program, the security partnership between the FBI and industry. David is also a member of the U.S. Naval Institute and the National Defense Industrial Association, the leading defense industry association promoting national security.

David is an advisory board member for the Technical Communications and Management Certificate program at the University of California, Berkeley extension. He is also a member of the instructional faculty at the University of California, Berkeley extension.

David’s “day job” is as publisher and editor-in-chief of ZATZ publishing, an online publisher of technical magazines. Other than than his ownership stake in Component Enterprises, Inc. (the parent company of ZATZ), David has no additional industry investments.

ZATZ has many advertisers who do, in part, provide for David’s lush income and extravagant lifestyle. Most of them are IBM and Lotus aftermarket suppliers, some of them make goodies for Microsoft Outlook, and a few make all sorts of strange mobile devices and add-on products. David has been a regular judge of the IBM Awards, but has no formal financial interest in or with IBM.

Because the ZATZ online magazines often review products, David and ZATZ are sent an overwhelming stream of unsolicited, silly, and often useless products to review. Because they’re such a pain to track and ship back, these products often wind up in a dumpster or fill up the corner of a large closet. Although David has no plans to review products in connection to his ZDNet blog, if he does do a product review, he will disclose any relationship completely in that posting.

Both through ZATZ and independently, David derives a small income through various advertising and sales relationships with Amazon.com and Google. These are minor relationships and they will not impede his willingness or ability to chastise either company should they deserve it.

David has many other business relationships, but none of them relate to anything he covers in his ZDNet blog. David does have a bit of the sales-guy bug and if he’s not doing a sales deal with someone at least once a month, he goes through withdrawal. He has a number of consulting clients, but none of them relate to anything he covers for ZDNet (and if they ever do, he will either disclose that fact, or decline to write about them).

Back in the 1980s, David held the unusual title of “Godfather” at Apple. He has written and published 40 incredibly simplistic applications for Apple’s iPhone.

Although David is forbidden to disclose the terms of his iPhone developer agreement, he isn’t drinking the Apple Kool Aid, will never be confused with a metrosexual, and feels free to mock Apple, and Apple users, any time the occasion permits, on alternate Tuesdays, or if he’s bored.

Biography

David Gewirtz

In addition to hosting the ZDNet Government and ZDNet DIY-IT blogs, CBS Interactive's Distinguished Lecturer David Gewirtz is an author, U.S. policy advisor, and computer scientist. He is featured in The History Channel special The President's Book of Secrets, is one of America's foremost cyber-security experts, and is a top expert on saving and creating jobs. He is also director of the U.S. Strategic Perspective Institute as well as the founder of ZATZ Publishing.

David is a member of FBI InfraGard, the Cyberwarfare Advisor for the International Association for Counterterrorism & Security Professionals, a columnist for The Journal of Counterterrorism and Homeland Security, and has been a regular CNN contributor, and a guest commentator for the Nieman Watchdog of the Nieman Foundation for Journalism at Harvard University. He is the author of Where Have All the Emails Gone?, the definitive study of email in the White House, as well as How To Save Jobs and The Flexible Enterprise, the classic book that served as a foundation for today's agile business movement.

Talkback Most Recent of 106 Talkback(s)

  • Please quote your sources
    But the prime reason is security. If its source code were made public, it might be easier for hackers to find vulnerabilities and exploit them

    Who says this is the prime reason? I highly, highly doubt this is anything close to the prime reason. Open source advocates go nuts talking about how security through obscurity isn't security at all and considering how many vulnerabilities are found by researchers who have 0 access to source code, one has to believe them.

    I'm sure the other reasons you listed are far more important a factor to MS.

    Open source certainly hasn?t harmed Linux? success

    Well that depends on your definition of "success". MS's definition is billions of dollars of profits from the sale of an OS. While Linux has seen success in other areas, no one has made billions of dollars selling Linux as an OS. They've made money selling services or selling hardware that has Linux on it but very little money has ever been made selling Linux itself.

    doing so would at least put American IT operators on a level playing field with the Russian secret service

    Why, so that American IT operators could scour source code and fix security vulnerabilities themselves? It would be very interesting to see stats on how many Linux using businesses ever change a single line of Linux code or even look at a single line of Linux code.

    Do you think giving the Russian secret service access to Windows source puts America at a severe security disadvantage?

    Only if you think that having source code is a requirement to breaking into a computer. The truth is that it isn't.
    ZDNet Gravatar
    NonZealot
    14th Jul 2010
  • Just proves what a bunch of true idiots they are.
    Just wait until the Russian mobs get a hold of this code!

    @NonZealot
    ZDNet Gravatar
    GoPower
    14th Jul 2010
  • RE: Microsoft turns over all Win7 and server source code to Russia's new KGB
    @GoPower - Frankly, I'd be more surprised if the Russian Mob (and most other serious crime organizations for that matter) DON'T ALREADY have a copy of the Windows source. It's not as if it's not been leaked before and it's not as if hundreds of other governments and businesses don't already have a copy of the Windows source too.

    If you can provide a valid justification as to why you need the source to Windows and you're willing to accept MS' requirements, then you too can get a copy of the Windows source:
    http://www.microsoft.com/resources/sharedsource/productsourceprogram.mspx

    This REALLY isn't a big deal.

    If the Russian government was going to bring-down western captialism through software subterfuge, they'd have already done so by infiltrating BSD, Linux, Apache, PHP, Perl, Python, etc., the source to all of which are freely available and which constitute, host or drive the vast majority of the internet and every router, switch, etc. on the internet.
    ZDNet Gravatar
    de-void-21165590650301806002836337787023
    14th Jul 2010
  • RE: Microsoft turns over all Win7 and server source code to Russia's new KGB
    @GoPower
    I think they already have. I doubt that there is much distinction between these organized crime and the new KGB successor.
    ZDNet Gravatar
    RedVeg
    15th Jul 2010
  • Well said! (NT)
    @NonZealot
    ZDNet Gravatar
    FiOS-Dave
    15th Jul 2010
  • RE: Microsoft turns over all Win7 and server source code to Russia's new KGB
    @NonZealot

    Hey, first post from you that 1) didn't bash apple and 2) actually proves that almost anyone can show a bit of intelligence over a sufficient period of time with a sufficient number of efforts.
    ZDNet Gravatar
    781lc
    15th Jul 2010
  • Careful, now
    @781lc
    You don't want to let that get to his obsessive head, now do you?
    ZDNet Gravatar
    ahh so
    15th Jul 2010
    • Flagged
  • RE: Microsoft turns over all Win7 and server source code to Russia's new KGB
    @781lc Coursework
    Research Paper
    Book Report
    ZDNet Gravatar
    rainnwilson94
    8th Sep
  • Stunned
    I wonder how high up in MS this decision went?
    ZDNet Gravatar
    gtvr
    14th Jul 2010
  • You may be onto something
    @gtvr
    I wonder how high up in MS this decision went?

    How "high up" did this fly? Hmmm? Past an unzipped "package" rather than any chain of command would be my guess. happy

    That's the "low down" on "high up" per my unreliable sources.
    ZDNet Gravatar
    klumper
    14th Jul 2010
  • Considering one of their employees was just pegged as a Russian Spy...
    this is pretty serious. (http://www.engadget.com/2010/07/14/immigration-deports-alexey-karetnikov-microsoft-engineer-alleg/)

    Has Microsoft given the entire code to the US government as well?
    ZDNet Gravatar
    Edesw88
    14th Jul 2010
  • It seems either one way or the other
    @Edesw88

    Russia has the source code. But eitherway, if you really wanted that code, you could get it.
    ZDNet Gravatar
    Cylon Centurion
    14th Jul 2010
  • The price =/= one hot babe apparently
    @NStalnecker

    Yeah but why should we allow them to verify it so easily? wink
    ZDNet Gravatar
    klumper
    14th Jul 2010
  • RE: Microsoft turns over all Win7 and server source code to Russia's new KGB
    @klumper: Believe me - the requirements that you must abide by before MS will release the source to you are substantially onerous to make anyone taking on the responsibility of having this source on-site think twice.

    The legal ramifications alone of being found to be the source of the leak of the Windows source are beyond imagining.

    Besides which, while you get access to the product source, you don't get access to the enormous number of tools and the extraordinary build system required to turn that source into bits.
    ZDNet Gravatar
    de-void-21165590650301806002836337787023
    14th Jul 2010
  • RE: Microsoft turns over all Win7 and server source code to Russia's new KGB
    I don't exactly see this as a problem since Linux is used throughout various western (and other) governments, often on mission-critical servers and workstations, and its source code has been available since day 1.
    ZDNet Gravatar
    Mike (not Cox)
    14th Jul 2010
View More Comments

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources