Microsoft

Open Source Back Doors


This blog is brought to you by conspiracy theorists across the globe.

That being said...

I read a post recently on the Fedora Core mailing list about a rumor of a back door in all of Microsoft's products from Windows 95 to the present that allowed NSA in via a back door. The mailing list entry reads:

"A CARELESS mistake by Microsoft programmers has revealed that special access codes prepared by the US National Security Agency have been secretly built into Windows. The NSA access system is built into every version of the Windows operating system now in use, except early releases of Windows 95 (and its predecessors). The discovery comes close on the heels of the revelations earlier this year that another US software giant, Lotus, had built an NSA "help information" [local] trapdoor into its Notes system, and that security functions on other software systems had been deliberately crippled.

The first discovery of the new NSA access system was made two years ago by British researcher Dr Nicko van Someren. But it was only a few weeks ago when a second researcher rediscovered the access system. With it, he found the evidence linking it to NSA.

Computer security specialists have been aware for two years that unusual features are contained inside a standard Windows software "driver" used for security and encryption functions. The driver, called ADVAPI.DLL,.........snip" 

Here's a LINK to the full article that was published in 2002.

Now that's old news of course. But is it relevant? Think about it...with the way world politics are moving, digital rights arguments all over the place, security threats across the globe - it's not far a leap to make. Could the world's governments actually have access to anyone's computers? In theory - yes. Especially if there are "special back doors" created by the software makers that allow them just that.

But there is one piece of good news. The open source community - specifically those that develop SELinux - would never allow this to happen. Or so we are told. But it should be said that NSA has a hand in the development of SELinux. NSA designed and implemented flexible mandatory access controls in the major subsystems of the Linux kernel and implemented the new operating system components provided by the Flask architecture, namely the security server and the access vector cache. The NSA researchers reworked the LSM-based SELinux for inclusion in Linux 2.6, and continue to maintain the 2.6-based SELinux. So, should they choose, they probably could insert some back door into the code and bury it deep enough that no one, not even Linus himself, would see it.

My point is this: the rumor has been circulating for a long time. After existing long enough a rumor does one of two things: is proven true or becomes urban myth. For the most part this rumor has fallen into the latter category simply because their has not been nearly enough proof of its existence.  But the proof is in the pudding that Microsoft has closed the public's eye to. We can't see their code. We'll never see their code. There's no way for the public to be able to examine, first hand, that which is rumored to exist.

On the other hand, anyone can grab the code for SELinux (don't believe, go HERE, and grab it) and dig as deeply as they want. If a back door exists, and your persistent enough, you'll find one.

We live in a very different world than we did in 2002. Spying on individuals is becoming more the norm than ever. And the possibility of their being back doors in software gives me even more reason to not want to use proprietary software. I feel much safer knowing that, should I choose, I can open up the code I use and peek around to see if there's anything suspect. Does that mean I might find something? Probably not (I stopped coding a long time ago). But it's reassuring to know that at least with Linux I can do that.

Windows? Not so much. 

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

Editor's Picks