Alexander's Blog

Sharing knowledge with the global IT community since November 1, 2004

Microsoft turns over all Windows 7 and server source code to Russia’s new KGB

/
/
ad-mania

Here’s something in the news lately that is rather interesting. According to this blog on ZDNet, Microsoft is turning over all Windows 7 and server source code to Russia’s new KGB.

“Microsoft has always carefully protected the source code to its operating systems. In fact, a key distinction between the various Windows variants and open source OSs like Linux and BSD is that Linux and BSD are open source.”

“That’s why a little piece of news covered by ZDNet UK’s Tom Espiner is so astonishing.

According to Espiner, Microsoft has turned over all its source code for Windows 7, along with its source for Microsoft Windows Server 2008 R2, Microsoft Office 2010 and Microsoft SQL Server to Russia’s Federal’naya sluzhba bezopasnosti Rossiyskoy Federatsii. The FSB is present-day Russia’s successor to the infamous Soviet-era KGB.”

“From a security perspective, this is an astonishing act. The agency that took over from the KGB and which has been just recently proven to be conducting long-term spying operations against the United States now has access to Windows source code — while at the same time, most American IT operations don’t.

Not only does this give the Russians the opportunity to find gaps in Windows security — it gives them the opportunity to do so while most American companies and organizations don’t have the same opportunity to find the same gaps and plug them.”

“If Microsoft’s going to give source code to Russia, it should release it to the public. Open source certainly hasn’t harmed Linux’ success and doing so would at least put American IT operators on a level playing field with the Russian secret service.”

I haven’t seen Microsoft’s response to this so far and will let Microsoft explain what exactly is and isn’t shared but I do know that Microsoft has a Product Source Program for the benefit of governments, enterprises, OEMs, developers, faculty & students, system integrators, and Microsoft MVPs like me.

The MVP Source Licensing Program (MVPSLP) is a no-cost program that licenses Microsoft Windows source code to qualified Microsoft MVPs. The program gives MVPs the opportunity to differentiate themselves professionally as Windows platform experts through access to Windows source code. Similarly, there are free programs for enterprises and governments. The Government Security Program (GSP) provides national governments with information to help them evaluate the security of Microsoft products.

I don’t think we should panic over this because Microsoft is run by Americans who love this country. It’s hard for me to believe that they would pass on any information to the Russians, or to any other government for that matter, that could impact our security. Not to mention the fact that all export of such information is subject to the U.S. export approval and over 90% of Shared Source offerings are available for download by anyone. According to Microsoft:

“The Product Source Programs, licenses selected Microsoft product source code to qualifying customers, partners, and governments. Access to source is granted only to those who are eligible and who qualifying under the terms of each program.”

Again, I haven’t seen Microsoft’s response to this but I seriously doubt that Microsoft will release every single bit of Windows code to anyone outside Microsoft…..and definitely not to the new Russian KGB (called FSB). If Microsoft does, they would join the Open Source community and as far as I know Microsoft has no intention of doing that.

  • Facebook
  • Twitter
  • Linkedin

1 Comments

  1. Having seen the rapid rise in sophistication of present day malware and the recent Microsoft post on 64 bit Trojans and their ability to infect the master boot record of the most recent MS operating systems like Win 7 64 bit and Win 2008 Server (http://blogs.technet.com/b/mmpc/archive/2010/08/27/alureon-evolves-to-64-bit.aspx), I certainly am suspicious of the release of source code to the Russians. Under Putin, democracy and the rule of law seems to be a sham. Attacks by Russians on Estonia and Georgian Web sites during periods of unrest and the technological sophistication of the Cornficker worm leads me to believe that Russia is using it’s technical university trained talent to write malware, perhaps in preparation for cyber warfare. Also, we worry about Russian nukes being sold on the black market. How about Russian bureaucrats selling source code to the Russian mafia? Read Mark Bowden’s article (http://www.theatlantic.com/magazine/archive/2010/06/the-enemy-within/8098) about the astonishing ability of the Cornficker to keep current on the very latest cutting edge encryption standards and you have to think that university professors are behind it.

Leave a Comment

Your email address will not be published. Required fields are marked *

This div height required for enabling the sticky sidebar