Vista: Remote-Controlled by design?

No matter which opinion I had about Vista, the latest release of Microsoft’s Windows operating system, so far, by now I am sure I will never use this kind of beast by free choice: The way things look now, it seems Microsoft has had some prominent help implementing the security system in Vista, although one should doubt whether this is a benefit or a threat to most of the people, companies, governments that might be interested in moving to Vista anytime soon. It’s not the first time people are talking about NSA being more or less involved into building Microsoft operating systems, but probably this time it’s more obvious than ever before. But then again… “trustworthy computing” probably hasn’t so far been about users trusting their computers / software, anyhow.

German report on that is available here, as well.

5 Kommentare

  1. “thrustworthy computing” means, that the NSA among other honest institutions trusts you after permantently checking what you do and have done.. 😉

  2. and, btw, two things:

    1.) SELinux was made by the NSA. Sure, it’s open and it’s no code (like it is in Windows?).

    2.) They still have to pass firewalls and home routers acting like firewalls, respectively, if they want to have access to someone’s computers. Backdoors in Windows? Well, so what? 😉

  3. @ralle: Some things:

    (1) You’re right about SELinux – but, as you pointed out, it is open, and I am free to disable / remove it from my kernel if I feel like it, and/or if I don’t put much trust in it.

    (2) Firewalls? Oooh, you do know very well the benefits of tunneling, don’t you? 😉 In this setup, the “enemy” already is inside of your network, and, given it utilizes “common protocols” and actually is working on OS level, chances are you won’t probably notice. How to figure out your kernel is sending out information via HTTP right through your proxy? Don’t really think that this is impossible, right now. We do have a kernel-level http server in the Linux kernel, after all… Feel free to correct me if I’ve all gone wrong here, though… 🙂

  4. @kawazu:

    You’re right, but i think that someone will figure this out if they (what i don’t really believe) do build connections from the inside. That would be some sort of polling, therefore to obvious. Sure, in almost all environments nobody will realize those connections, but i’m sure people are searching intensely for things just like those to pillory MS. Thus, if at all, the only way to go is from the outside in: On demand. Know what i mean?

  5. I thinke one should not over react to such rumors. Why the hell should the NSA do that?
    Let’s assume that in 2010 there are 600 million Computers with Vista arround there, even for the NSA it’s hard to eavesdrop all of them. It’s simply not effective.
    Well, and most Hackers don’t need nice, built in backdoors, so why should the NSA need those? If the NSA is about to eavesdrop a citizen, they have many better ways. And they can rely on the help of your Provider, establishing Trojans on demand on their Customers computers, for example via ICAP.
    I do not say “dont worry”, but “don’t ged mad”…

Kommentare sind geschlossen.