Microsoft turns over all Win7 and server source code to Russia's new KGB

Microsoft turns over all Win7 and server source code to Russia's new KGB

Summary: What do you think? Do you think giving the Russian secret service access to Windows source puts America at a severe security disadvantage?

SHARE:
TOPICS: Microsoft
106

It seems absurd. Microsoft, America's preeminent software maker, provides the operating system for more than 90% of the world's computers -- including those used by the U.S. Government.

Microsoft has always carefully protected the source code to its operating systems. In fact, a key distinction between the various Windows variants and open source OSs like Linux and BSD is that Linux and BSD are open source.

Microsoft protects its source code for a variety of reasons. One reason Microsoft doesn't release its code is that its source code is the company's crown jewels, it's proprietary advantage.

Another is consistency. If the source code were made public, it might be possible for customers to "fork" the OS, leading to a wide variety of somewhat dissimilar "distros" of Windows.

But the prime reason is security. If its source code were made public, it might be easier for hackers to find vulnerabilities and exploit them -- anything from breaking into systems to merely breaking to serial number validation process.

That's why a little piece of news covered by ZDNet UK's Tom Espiner is so astonishing.

According to Espiner, Microsoft has turned over all its source code for Windows 7, along with its source for Microsoft Windows Server 2008 R2, Microsoft Office 2010 and Microsoft SQL Server to Russia's Federal'naya sluzhba bezopasnosti Rossiyskoy Federatsii. The FSB is present-day Russia's successor to the infamous Soviet-era KGB.

As has become quite apparent over the last week, Russia is far from out of the espionage business.

As Espiner reports, this is all about business, rather than state security. Microsoft has a Government Security Program where it allows governments access to its source code, ostensibly as part of the company's various bids to sell software to international governments.

From a security perspective, this is an astonishing act. The agency that took over from the KGB and which has been just recently proven to be conducting long-term spying operations against the United States now has access to Windows source code -- while at the same time, most American IT operations don't.

Not only does this give the Russians the opportunity to find gaps in Windows security -- it gives them the opportunity to do so while most American companies and organizations don't have the same opportunity to find the same gaps and plug them.

Look, I think it's important for American companies to export their goods and services, but we've long had a policy of restricting certain products from export. Perhaps it would have been wise to add Windows source code to that list before giving up the crown jewels to a frenemy of uncertain intention.

Another approach: If Microsoft's going to give source code to Russia, it should release it to the public. Open source certainly hasn't harmed Linux' success and doing so would at least put American IT operators on a level playing field with the Russian secret service.

Update: Dancho has an excellent related post

What do you think? Do you think giving the Russian secret service access to Windows source puts America at a severe security disadvantage?

Topic: Microsoft

About

David Gewirtz, Distinguished Lecturer at CBS Interactive, is an author, U.S. policy advisor, and computer scientist. He is featured in the History Channel special The President's Book of Secrets and is a member of the National Press Club.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

106 comments
Log in or register to join the discussion
  • Please quote your sources

    [i]But the prime reason is security. If its source code were made public, it might be easier for hackers to find vulnerabilities and exploit them[/i]

    Who says this is the prime reason? I highly, highly doubt this is anything [b]close[/b] to the prime reason. Open source advocates go [b]nuts[/b] talking about how security through obscurity isn't security at all and considering how many vulnerabilities are found by researchers who have 0 access to source code, one [b]has[/b] to believe them.

    I'm sure the [b]other[/b] reasons you listed are far more important a factor to MS.

    [i]Open source certainly hasn?t harmed Linux? success[/i]

    Well that depends on your definition of "success". MS's definition is billions of dollars of profits from the sale of an OS. While Linux has seen success in other areas, no one has made billions of dollars selling Linux as an OS. They've made money selling services or selling hardware that has Linux on it but very little money has ever been made selling Linux itself.

    [i]doing so would at least put American IT operators on a level playing field with the Russian secret service[/i]

    Why, so that American IT operators could scour source code and fix security vulnerabilities themselves? It would be very interesting to see stats on how many Linux using businesses ever change a single line of Linux code or even look at a single line of Linux code.

    [i]Do you think giving the Russian secret service access to Windows source puts America at a severe security disadvantage?[/i]

    Only if you think that having source code is a requirement to breaking into a computer. The truth is that it isn't.
    NonZealot
    • Just proves what a bunch of true idiots they are.

      Just wait until the Russian mobs get a hold of this code!

      @NonZealot
      GoPower
      • RE: Microsoft turns over all Win7 and server source code to Russia's new KGB

        @GoPower - Frankly, I'd be more surprised if the Russian Mob (and most other serious crime organizations for that matter) DON'T ALREADY have a copy of the Windows source. It's not as if it's not been leaked before and it's not as if hundreds of other governments and businesses don't already have a copy of the Windows source too.

        If you can provide a valid justification as to why you need the source to Windows and you're willing to accept MS' requirements, then you too can get a copy of the Windows source:
        http://www.microsoft.com/resources/sharedsource/productsourceprogram.mspx

        This REALLY isn't a big deal.

        If the Russian government was going to bring-down western captialism through software subterfuge, they'd have already done so by infiltrating BSD, Linux, Apache, PHP, Perl, Python, etc., the source to all of which are freely available and which constitute, host or drive the vast majority of the internet and every router, switch, etc. on the internet.
        de-void-21165590650301806002836337787023
      • RE: Microsoft turns over all Win7 and server source code to Russia's new KGB

        @GoPower
        I think they already have. I doubt that there is much distinction between these organized crime and the new KGB successor.
        RedVeg
    • Well said! (NT)

      @NonZealot
      FiOS-Dave
    • RE: Microsoft turns over all Win7 and server source code to Russia's new KGB

      @NonZealot

      Hey, first post from you that 1) didn't bash apple and 2) actually proves that almost anyone can show a bit of intelligence over a sufficient period of time with a sufficient number of efforts.
      781lc
      • Careful, now

        @781lc
        You don't want to let that get to his obsessive head, now do you?
        ahh so
      • RE: Microsoft turns over all Win7 and server source code to Russia's new KGB

        @781lc <a href="http://www.writingpedia.com/writingproducts/courseworks/">Coursework</a>
        <a href="http://www.writingpedia.com/writingproducts/research-papers/">Research Paper</a>
        <a href="http://www.writingpedia.com/writingproducts/book-reports/">Book Report</a>
        rainnwilson94
  • Stunned

    I wonder how high up in MS this decision went?
    gtvr
    • You may be onto something

      @gtvr
      [i]I wonder how high up in MS this decision went?[/i]

      How "high up" did this fly? Hmmm? Past an unzipped "package" rather than any chain of command would be my guess. :)

      That's the "low down" on "high up" per my unreliable sources.
      klumper
  • Considering one of their employees was just pegged as a Russian Spy...

    this is pretty serious. (http://www.engadget.com/2010/07/14/immigration-deports-alexey-karetnikov-microsoft-engineer-alleg/)

    Has Microsoft given the entire code to the US government as well?
    Edesw88
    • It seems either one way or the other

      @Edesw88

      Russia has the source code. But eitherway, if you really wanted that code, you could get it.
      The one and only, Cylon Centurion
      • The price =/= one hot babe apparently

        @NStalnecker

        Yeah but why should we allow them to verify it so easily? ;)
        klumper
      • RE: Microsoft turns over all Win7 and server source code to Russia's new KGB

        @klumper: Believe me - the requirements that you must abide by before MS will release the source to you are substantially onerous to make anyone taking on the responsibility of having this source on-site think twice.

        The legal ramifications alone of being found to be the source of the leak of the Windows source are beyond imagining.

        Besides which, while you get access to the product source, you don't get access to the enormous number of tools and the extraordinary build system required to turn that source into bits.
        de-void-21165590650301806002836337787023
  • RE: Microsoft turns over all Win7 and server source code to Russia's new KGB

    I don't exactly see this as a problem since Linux is used throughout various western (and other) governments, often on mission-critical servers and workstations, and its source code has been available since day 1.
    MikeR666
    • RE: Microsoft turns over all Win7 and server source code to Russia's new KGB

      @Mike (not Cox)

      But, you forget something, with the source code, a government is able to `roll its own kernel` using only portions of the source code required. Are governments able to compile their own version of Windows? (Hint - I don't think so!!)
      fatman65535
      • RE: Microsoft turns over all Win7 and server source code to Russia's new KGB

        @fatman65535 - "... a government is able to `roll its own kernel` using only portions of the source code required" Good luck with that - even MS has not yet been able to build a min-kernel ... although they're working hard at enabling just this scenario (re: Mary Jo's various posts regarding MinWin) <img border="0" src="http://www.cnet.com/i/mb/emoticons/wink.gif" alt="wink"><br><br>And, no, as a Windows Source licensee, you don't get the tools you need to build the product from your modified copy of the source, so Russia won't be releasing "Rindows" anytime soon <img border="0" src="http://www.cnet.com/i/mb/emoticons/wink.gif" alt="wink">
        de-void-21165590650301806002836337787023
      • RE: Microsoft turns over all Win7 and server source code to Russia's new KGB

        @fatman65535
        I believe they could, if they wanted to. Russians (scientists, programmers, etc., even and especially their hacker elite) are known to be of very high IQ quotients and I believe they could produce a far better "windows" if they so desired.
        jedikitty@...
  • This is not news

    Microsoft has shared the source code to many of its products to those who can justify their need to access said source.

    MANY governments around the world regularly study the source code to Windows, for example, because their government relies heavily upon Windows and they have a responsibility to ensure that the OS does not contravene their national laws for data privacy, etc.

    The same is true for many businesses and partners who also have access to Windows source code in order to build better products and/or support customers more effectively. I know that HP has access to Windows' source and I am pretty damn sure so do Dell, Acer, etc.

    Further, it should be no surprise that Russia spies on the US. The UK spies on the US too. So does France, Germany, Italy, Spain, China, India, etc. And the US spies on EVERYONE. This is an orthogonal issue to that of Microsoft sharing the source code to its key products with governments around the world.

    MS cannot share is code that's under export restrictions (e.g. crypto routines), nor can they share code that they don't own the license for whose binaries are shipped as part of the OS. Other than that, if you can justify your need to access Windows or Office source, and are willing to comply with MS' requirements, then you too can get access to Windows' source if you want.

    Here's the link to MS' Product Source Sharing Program to get you started ;)
    http://www.microsoft.com/resources/sharedsource/productsourceprogram.mspx
    de-void-21165590650301806002836337787023
    • I'm sure Apple is behind this

      @de-void
      This is Apple's response to the iPhone 4 antenna crisis. I think we will start to see many blogs being written about things that are not news just to distract people from Apple's PR disaster. There is another story on the front page right now that states that Windows PCs connected to the Internet get attacked every day (though no information on how many actually get pwned).
      NonZealot