The software maker plans to announce in Paris on Monday that Office 2003 will be added to its Government Security Program (GSP), launched in early 2003 to address growing security concerns. The program gives government agencies secure access to source code for key Microsoft programs–initially, the current versions of the Windows operating system.
Microsoft lets governments into Office Source Code
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
Does anyone know if government with Windows & Office source code access can build the softwares from available source code ? After all, nothing proves that provided binaries come from available source code and it could be a big security concern for government. At least, if I were a governement, I would wish to build the software by myself to be really sure that what I got in binary form is what I get from source code.
Building is most likely provided by a 3rd party escrow service who will take build machines, build source, and provide 3rd party verification of the source integrity.
People are so obsessed with MS giving everything including a way of building the code. This is never going to happen. The last thing anyone needs is getting code that people build then people start really screwing with windows for their apps and everything goes to hell. Also I don’t think to many want to wait for windows to build. I Belive it’s compiled on some super powerfull computer that takes a day for a build. I’m guessing it would take days on a normal system.
People need to step away from some of the conspiracy stuff here and just take it for what it is, use what info you get from MS and move on.
It’s look like Microsoft wants to win some govemments back. IMHO Microsoft can ignore piracy on level of personal users, because real cash is in Govemments and corporations.
I don’t consider it conspiracy stuff, or evil, or any of that. Microsoft said in the article that they are responding to some governments’ concerns that their data is locked in proprietary formats. If this allows them access to that data, then it’s a good thing.
My only observation is what recourse will Microsoft have if their IP turns up in open source products through this action? It’s one thing to threaten another company or an individual with a lawsuit. It’s something altogether different to try and sue a foreign government, since they are only going to respond to their own laws concerning copyright, fair-use, IP, etc.
Great news for governments
The government entities wanting to do a code review don’t have the time, budget, or people to do a full build on anything the size of windows. It is more than likely that they are reviewing only certain small parts of the OS. At least, this has been my experience in dealing with this kind of level of code review in the past. It is not uncommon if you are preaching to meet government FIPS standards for security that they will take you up on your claims and ask to see proof.
If your goint to throw Governments a bone for security, thats not enough. Apply ALL the code to this program.
People need to step away from some of the conspiracy stuff here and just take it for what it is, use what info you get from MS and move on.
If you go to the trouble of examining the code for security purposes, then there is no point in doing so, if you are then going to get a binary from MS, which they say is the same as the code you just looked at.
Either you trust them, in which case, you don’t need to look at the code in the first place, or you don’t, in which case, you need to compile the code yourself, and see the code to the tool chain used to compile it, and the tool chain used to compile that, and so on ad infinitum.
It makes no sense to look at the source code for security, if you don’t compile THAT source code for your own use – it’s a waste of time.
Matt
“It makes no sense to look at the source code for security, if you don’t compile THAT source code for your own use – it’s a waste of time. ”
I think you just made a case for people to not look at source code. Few people care about building apps and so forth on their machine. They just want the binary and move on with their life. So even if their is buildable source out there they don’t care. And then the binary they run could be differant from what source is out there since they didn’t build it. So once again seeing the source doesn’t matter. In which case having the source out there hasn’t really changed things for the better since people arn’t going to care. But if it’s buildable people who do care, mainly bad guys like virus writers have an upper hand now. What we don’t want to see is people getting buildable source code, making changes to it for the worse, and then finding nifty ways to swap critical files out on peoples systems and so forth. This may be possible without buildable source, or source at all, but sure makes things easier.
Security through obscurity does work, since security through making billboards pointing to holes only works if soon as a hole is found every system out there is patched, which will never happen. But you do need a large amount of people reviewing things. And I’m sure MS has a good deal of those. Putting code out for all to see and screaming ones head off pointing out a hole to everyone only helps the few who keap on top of patches, and or can do something about it. But it puts the rest of the users out there at great risk. So now a hole that no one may have every found is known, maybe a patch is made over night, but probably 5% of people will ever apply it. So now everyone else is screwed. It works for linux, because if you run linux you are the type that is on top of these things. But it doesn’t work in the windows/normal people world.
I really doubt MS would give the wrong code to people, cause as mentioned above, there is probably a small group of middle people, who verify it is it, and would be buildable. You just want to limit people from doing it. Everyone reviewing the code doesn’t need to be able to build it, they just need to know it builds. And for that a third party of a few people could verify.
@Brad : “Few people care about building apps and so forth on their machine. They just want the binary and move on with their life”
We are not talking about grandma that installs windows to play tetris nor about that little guy that install windows to kill part of his brain with Counter Strike. We are talking about government that want to use windows and want to be sure it could be used securely enough : that’s why Microsoft want to provide source code and keep them as customers.
Huh?
Yes, I did make a case for not looking at the source code – but only on the basis that you trust Microsoft. If you trust them when they say there are no back doors, or spyware in MS software, then there is no point at looking at the source. If however, you decide you want to look at the source to check for security issues, by definition, you do not trust them. If, you do not trust them to not put spyware/backdoors into windows, then you can’t trust them that the binary you are using is built from the source you’ve looked at, and you can’t trust the tool chain used to compile it. Furthermore, why would you trust a 3rd party? Surely if MS is prepared to allow a third party to compile it, and verify that the binary is based on the source that they’ve seen, why can’t the government that’s allowed to see the source compile it?
As for security by obscurity – huh? The classic answer to this is:
Apache vs IIS
you can work out the rest. Good luck.
Matt
Even if there were some secret backdoor or something within windows, they could still remove it easily enough and it would build fine.
dumbkiwi: As for security by obscurity – huh? The classic answer to this is:
Apache vs IIS
you can work out the rest. Good luck.
Many different things go into “security”. You can think of it like this…
If you have a front door… Which is better:
1) Leaving it unlocked (purely trusting security by obscurity and hoping that no one even attempts to open the door)
2) Having a poor lock (largely trusting to security by obscurity and hoping that if anyone attempts to pick the lock, that they have no real ability and give up long before they figure it out)
3) Having a nice lock with all information about the lock published on a set of flyers which anyone may take with them (purely trusting how good the lock is and hoping if anyone happens to notice a flaw, they’ll let you know rather than pick the lock and steal everything in your house)
or
4) Having a nice lock but you post little to no information about the lock on your front door.
In general a large part of the closed source community have been trying to use option #1 or #2. And the open source community has been following option #3.
In my opinion #4 is the best, however, it may be alot easier to develop an excellent “lock” using option #3. As a result, that may prove to be superior. However, I’d like to see those people who rely on #1 and #2 to make a more serious attempt at trying to achieve #4.
if govts are that concerned they wouldn’t use it. don’t believe a word of it. you think your government is that that silly? considering the level of expertise and intelligence they can draw on.
Hmm wonder if we see the source code for these programmes appearing on the P2P networks (or at least things claiming to be them!)
>>4) Having a nice lock but you post little to no information about the lock on your front door.
Yes, having a nice lock, keeping the specs secret including the portions for making dublicate keys or bypassing the locking mechanisms (which is now only known to “Key Inc”. company).
Now the “key Inc.” sells these locks to China and at the same time gives the bypassing specs to China’s enemies.
Very *convincing* security measure. Indeed.
“People need to step away from some of the conspiracy stuff..”
Translation:
Please stop being conspiracy theorists and start being “naivete theorists” (it makes things a little easier)
—
BRAD needs to wake up!
MS is realizing what business with competition is like.
Brad is either ignorant or is employed by MS.
The truth hurts and MS is starting to recognize the truth.
they have real competition that they can not just make go away know as Open source specifically “LINUX”.
Bill Gates has one thing in mind him-self; specifically power and money. He has gotten to be the richest man by cheating stealing and lying and we all have to pay for it.
even Brad.
I think the general point of having the source code is so that the various governments can audit the code. This does not mean that every user will have to download the source and compile their own version for themselves.
What would probably happen is that a single government body (say the NSA in the US) would get the source, compile it – just the once! – and then compare it against the binaries that MS have been providing. Something like comparing a checksum for both binaries would show that they are similar.
If the checksums are similar, then the government can assume that the binaries bought from MS are made from the sourcecode given to them. All’s well.
If they do NOT match, then MS has some explaining to do (this option is unlikely unless MS are feeling like taking an enormous risk).
It’s that simple – just one compilation done by experts (and yes they will have powerful computers), all done once and compared to check that they are getting what they think they are getting.
Once that’s done, the govt coders can check the source itself for things like backdoors, spyware etc and ask very difficult questions if any exist. That way MS keeps their source mostly to themselves, and governments get to check the code as much as they need to be satisfied.
btw – conspiracy theories – a lot of governments have said that they want access to the source code. I guess they must be the conspiracy theorists then because they are the ones who are insisting on examining the source code.
Deletomn: 4) Having a nice lock but you post little to no information about the lock on your front door.
massai: Yes, having a nice lock, keeping the specs secret including the portions for making dublicate keys or bypassing the locking mechanisms (which is now only known to “Key Inc”. company).
Now the “key Inc.” sells these locks to China and at the same time gives the bypassing specs to China’s enemies.
Very *convincing* security measure. Indeed.
Notice I never mentioned in #4 the status of the user of the locks. The user could in fact have all the specs and might even be able to modify the locks, however, the user is not publishing the specs to the outside world. Also, the user might even be the maker of said locks.
Also, security by obscurity is actually a very effective way of protecting something. (Assuming it’s well designed to start with) For example, with a lock: If you are trying to pick it but know nothing about it, how are you going to pick it? You don’t know if it takes a key, a retina scan, a finger print, a pass code, or whatever… You don’t know if there are special alarm systems or what have you. You don’t even know if the thing is designed to self destruct (and kill the person tampering with it) if someone should fiddle with it. You have no idea what tools or knowledge to bring with you to the scene. You could walk into the situation fiddle with it and die. Only an idiot “tampers” with anything “serious” if they have no idea how it works.
Or in short, the more you know about something you’re tampering with, the better.
But that’s besides the point. If you’re concerned about “sellouts” (a legitimate concern) the first step is to make sure you are only dealing with people you can have a fair amount of faith in. The second step is that (if you have enough resources and security is a major concern) you can ask for certain reassurances from the seller (for example, you can ask for access to the source code or ask someone whom you mutually trust to look at the source code and give you reassurances) or use some other mechanism to minimize (or even neutralize) the damage.
For example, with locks you could have more than one lock. You could use a lock from “Key Inc.” and use some other lock, in the case of China, maybe something built locally. At this point, you might ask, “Why bother with ‘Key Inc.’ then?” Simple. Perhaps they make better locks (in general) and you want that additional security, but you don’t entirely trust them to not sell whatever flaws might exist to your enemies. Or in other words, you trust the local people to not sell you out, but you trust the skill of “Key Inc.” so you take the best of both worlds by using both.
That way, anyone who tries to get through the door must get through both locks. If a foreign government who bought information from “Key Inc.” were to try to get through, they would find that the lock made locally would attempt to stop them. If a local criminal who has experience bypassing the locally made locks was to try to get through, he would find that the lock made by “key, Inc.” would attempt to stop him.
However, another problem with “sellouts” is that it can pretty much happen at any point. Locks (or software) aren’t even remotely the only place where problems can come from. For instance, hardware manufacturers could attempt to implement mechanisms in hardware to allow someone to acquire important information. The people who setup the computers could install backdoors themselves. The people who run the computers could sell information. The people who built the building could have put listening devices in the walls. And so on… Or in short, there’s a huge number of people “you” depend on who could sell you out at any time for any number of different reasons. Just keeping a list of them all would be a full time job.
As a result, it is largely an “unsolvable” problem for small entities (individuals, small businesses, etc.) and a pain in the butt for large entities.
As if that isn’t bad enough, in the case of software. An expert backdoor programmer, would not comment the code or do anything else that would “label” it. They would attempt to make it “blend” in and basicly turn it into an “intentional bug”. And since we have trouble making programs bug-free, it’s going to be a serious pain to find any backdoors made by experts. As a result, having the source code may do you no good. Also, this would be a good move for backdoor programmers even in a closed source environment simply because you don’t know when or if someone is going to start looking through various records.
Well, yeah, leak it. If I were Bill, I’d encorage a chance to leak source code that “will” likely be stolen, then when parts of it start showing up in OSS, I’d get my lawyers on it and shut that whole nasty OSS rats nest down. I’d have my boys pouring over that evil OpenOffice code 24/7 just looking for an excuse. It’s all in the timing. Let the IP out now, so when the evil doers start really using it in OSS that….
Bill for Billions.