Microsoft turns over all Win7 and server source code to Russia's new KGB
It seems absurd. Microsoft, America's preeminent software maker, provides the operating system for more than 90% of the world's computers -- including those used by the U.S. Government.
Microsoft has always carefully protected the source code to its operating systems. In fact, a key distinction between the various Windows variants and open source OSs like Linux and BSD is that Linux and BSD are open source.
Microsoft protects its source code for a variety of reasons. One reason Microsoft doesn't release its code is that its source code is the company's crown jewels, it's proprietary advantage.
Another is consistency. If the source code were made public, it might be possible for customers to "fork" the OS, leading to a wide variety of somewhat dissimilar "distros" of Windows.
But the prime reason is security. If its source code were made public, it might be easier for hackers to find vulnerabilities and exploit them -- anything from breaking into systems to merely breaking to serial number validation process.
That's why a little piece of news covered by ZDNet UK's Tom Espiner is so astonishing.
According to Espiner, Microsoft has turned over all its source code for Windows 7, along with its source for Microsoft Windows Server 2008 R2, Microsoft Office 2010 and Microsoft SQL Server to Russia's Federal'naya sluzhba bezopasnosti Rossiyskoy Federatsii. The FSB is present-day Russia's successor to the infamous Soviet-era KGB.
As has become quite apparent over the last week, Russia is far from out of the espionage business.
As Espiner reports, this is all about business, rather than state security. Microsoft has a Government Security Program where it allows governments access to its source code, ostensibly as part of the company's various bids to sell software to international governments.
From a security perspective, this is an astonishing act. The agency that took over from the KGB and which has been just recently proven to be conducting long-term spying operations against the United States now has access to Windows source code -- while at the same time, most American IT operations don't.
Not only does this give the Russians the opportunity to find gaps in Windows security -- it gives them the opportunity to do so while most American companies and organizations don't have the same opportunity to find the same gaps and plug them.
Look, I think it's important for American companies to export their goods and services, but we've long had a policy of restricting certain products from export. Perhaps it would have been wise to add Windows source code to that list before giving up the crown jewels to a frenemy of uncertain intention.
Another approach: If Microsoft's going to give source code to Russia, it should release it to the public. Open source certainly hasn't harmed Linux' success and doing so would at least put American IT operators on a level playing field with the Russian secret service.
Update: Dancho has an excellent related post
What do you think? Do you think giving the Russian secret service access to Windows source puts America at a severe security disadvantage?