NSA Helps Microsoft with Windows Vista

Is this a good idea or not?

For the first time, the giant software maker is acknowledging the help of the secretive agency, better known for eavesdropping on foreign officials and, more recently, U.S. citizens as part of the Bush administration’s effort to combat terrorism. The agency said it has helped in the development of the security of Microsoft’s new operating system — the brains of a computer — to protect it from worms, Trojan horses and other insidious computer attackers. […] The NSA declined to comment on its security work with other software firms, but Sager said Microsoft is the only one “with this kind of relationship at this point where there’s an acknowledgment publicly.” The NSA, which provided its service free, said it was Microsoft’s idea to acknowledge the spy agency’s role.

It’s called the “equities issue.” Basically, the NSA has two roles: eavesdrop on their stuff, and protect our stuff. When both sides use the same stuff — Windows Vista, for example — the agency has to decide whether to exploit vulnerabilities to eavesdrop on their stuff or close the same vulnerabilities to protect our stuff. In its partnership with Microsoft, it could have decided to go either way: to deliberately introduce vulnerabilities that it could exploit, or deliberately harden the OS to protect its own interests.

A few years ago I was ready to believe the NSA recognized we’re all safer with more secure general-purpose computers and networks, but in the post-9/11 take-the-gloves-off eavesdrop-on-everybody environment, I simply don’t trust the NSA to do the right thing.

“I kind of call it a Good Housekeeping seal” of approval, said Michael Cherry, a former Windows program manager who now analyzes the product for Directions on Microsoft, a firm that tracks the software maker. Cherry says the NSA’s involvement can help counter the perception that Windows is not entirely secure and help create a perception that Microsoft has solved the security problems that have plagued it in the past. “Microsoft also wants to make the case that [the new Windows] more secure than its earlier versions,” he said.

For some of us, the result is the exact opposite.

EDITED TO ADD (1/11): Another opinion.

Posted on January 9, 2007 at 12:43 PM • 81 Comments