back to article National Security Agency beefed Win 7 defenses

The National Security Agency helped Microsoft harden Windows 7 against attacks and is providing similar assistance to Apple, Sun Microsystems and Red Hat too, an agency official said. The admission came in prepared remarks delivered Tuesday by Richard Schaeffer, the NSA's information assurance director, at a hearing before the …

COMMENTS

This topic is closed for new posts.
  1. kneedragon

    Your backdoor man, in black.

    As a suspicious person, I've long held that MS did a deal with the US gov back in the day. I take this as confirmation. Whatever other vulnerabilities 'windows' might have, I bet you it has an 'official' back door.

  2. Anonymous Coward
    Grenade

    Are you kidding me?

    Microsoft invites the NSA (of all orgs) to ?help? harden Windows 7? Oh, and we're already seeing zero-day bugs in W7....or are they really badly written back-doors.

    (why can't i choose two icons: grenade and fail)

  3. John Smith 19 Gold badge
    Joke

    In further news

    MS shuts down its internal security improvement programme.

    Why design something right when Uncle Sam can pick up the problem because of our need to get something new and shiny out the door.

    MS has a tradition of buying in new tech. Why should this change.

  4. The Original Ash
    Black Helicopters

    Right, so...

    Firewalls set to "Paranoid" from now on.

  5. John I'm only dancing
    Black Helicopters

    No mention of the back door they've inserted

    Who can trust any securiity agency, from whatever country?

  6. Duncan Hothersall
    WTF?

    "guide"

    What is the word "guide" doing in that statement from the NSA? As it reads just now, all they did was improve the security manual. Is that seriously it?

  7. Geoff Mackenzie

    They didn't do a great job

    I may never quite trust a Red Hat distribution again.

  8. This post has been deleted by its author

  9. Piers
    Black Helicopters

    [redacted]

    ...and we're also putting in secret back doors for us (and only us) sos we can spy on everyone secretly behind their backs. Oh yes.

    [/redacted]

  10. Anonymous Coward
    Flame

    State subsidy

    If the EU did this (there is no EU NSA) then the US would shout that this was a State Subsidy and was uncompetitive. Alas, there is no mainstream EU OS.

  11. druck Silver badge
    FAIL

    Backdoor keys

    One remembers previous help by the NSA a decade ago, when Microsoft accidentally left the NSAKEY debug symbol in NT4.

  12. John Chadwick

    Sounds like a bit of PR Nonsence to me.

    Exactly what could the NSA help them with, one wonders, that any half way decent CLAS consultant couldn't. Was the NSA actually helping them, or were they just testing stuff. An interesting word Help. The Police use the term "Helping with Enquiries" quite a lot over here when they really mean "We'll interrogate the scrote until he coughs to it" I suspect Apple, Sun et al. neded far less "Help" than MS.

  13. /etc
    Stop

    Read the article ...

    It seems most commenters didn't read the article closely before commenting.

    I quote:

    "NSA leveraged our unique expertise and operational knowledge of system threats and vulnerabilities to enhance Microsoft's operating system security guide ..."

    The NSA evidently just wrote a *guide*, in cooperation with Microsoft, on how to harden Windows 7.

    There's nothing new here. There are, and have been for some time, joint NSA-MS guides on how to harden XP, joint NSA-Apple guides on how to harden OS X Tiger, and so on.

    IOW, these are guides which say stuff like if you are running such-and-such an OS in a critical situation do the following:

    Shut down unnecessary dæmons; change the umask from the default; disable input from microphones, etc., etc.

    They're good guides and worth reading -- though not all the hardening recommendations will be necessary for all of us. They're here:

    http://www.nsa.gov/ia/guidance/security_configuration_guides/operating_systems.shtml

  14. Dustin 1
    Stop

    All previous commenters should STFU

    The NSA security guides are usefull, look them up. There are also some NSA guide based security scanner tools. They are far beyond a simple port scanner or exploit notification tool. They give you exaustive reports of file system, service and authentication threats. If you can get your hands on one, try it out.

    http://www.nsa.gov/ia/guidance/security_configuration_guides/operating_systems.shtml

    And by the way, NSA recomends using Apple's own security guide, so I gues that means Apple is in bed with NSA by design? You all need to grow the hell up and use your brain for more than paranoid anti M$ hate.

  15. John Ridley 1
    Big Brother

    Linux too?

    OK, I'm running Ubuntu, but this stuff still could make it back along the source tree.

    At least with Linux, there's a pretty good chance that backdoor code will be noticed by someone. I HAVE stopped building my own kernels though...

  16. This post has been deleted by its author

  17. Dest
    Stop

    The Spooks are all over this one.

    Lets go back to 1998 for just a moment.

    This is a link to some postings by Ellen Messmer of Network World, dating back to July 20, 1998 about the NSA involvement in software development.

    http://jya.com/nsa-lsa.htm

    So you can see that they have been at this for quite a while now and yet they claim that it's not true.

    Those so called back doors are in there, like it or not but as to whether it was put in there by Microsoft or the NSA remains a mystery.

    Not really important as to who or how it just remains a fact that they are there.

    "Those who would sacrifice liberty for security deserve neither."

    ~ Benjamin Franklin~

    "None are more hopelessly enslaved than those who falsely believe they are free"

    ~Johann Wolfgang von Goethe~

  18. Jonathan Larmour
    Linux

    "Now" Red Hat?

    Red Hat, and by now all other Linux distros have had work contributed by NSA for ages now - it's called SELinux. Lookie here: http://en.wikipedia.org/wiki/Selinux#Overview

    But it's all open source, so rather hard to hide back doors. Any security-related bug could possibly be considered a deliberate attempt to allow circumvention.

This topic is closed for new posts.

Other stories you might like