Microsoft Signs Renewed Cybersecurity Agreement With NATO 37
An anonymous reader writes: Microsoft and NATO have renewed a cybersecurity partnership. The agreement is part of Microsoft's Government Security Program (GSP) which allows worldwide federal bodies controlled access to Microsoft source code. PCWorld reports: "Since its inception, the GSP has grown to encompass a bunch of other types of information, especially over the past few years. With the new agreement, NATO will get controlled online access to source code for key Microsoft products including Windows and Office; information about Microsoft's cloud services, and intelligence about cybersecurity threats."
SEE! (Score:1)
And that boys and girls is another example of why you should NEVER trust Microsoft or governments.
Re:SEE! (Score:4, Interesting)
But when i KNOW what an entity does, then i can trust in that and act accordingly.
It's way worse when some entity does NOT disclose such behaviour.
Re: (Score:3, Insightful)
Governments also have access to Linux source code, so I guess we shouldn't trust Linux either?
Re:SEE! (Score:4, Informative)
The point is that we also have access to linux source code, so we're all on a level playing field.
Closed source code is only available to select groups, and is also in the hands of blackhats. Legitimate security researchers have no access to it.
Re: (Score:3)
Legitimate security researchers have no access to it.
Legitimate security researchers have no legal access to it. FTFY.
Re: (Score:2)
That's the whole point, legitimate security researchers don't want to break the law...
Re: SEE! (Score:2)
"Legitimate" != "legal"
Re: SEE! (Score:2)
Re:SEE! (Score:5, Informative)
And that boys and girls is another example of why you should NEVER trust Microsoft or governments.
I would be interested to see (if not classified) what the Nato recommended settings for Windows are. I have just taken the "free Windows 10" upgrade and took the "detailed" rather than the "quick settings" options and was amazed at the number of different data collection options I had to turn off. I say "had to", the truth is it probably doesn't matter, I dual boot and use Windowsa two or three time a year to run things like the update for my satnav
Re:SEE! (Score:4, Informative)
I would be interested to see (if not classified) what the Nato recommended settings for Windows are.
The US's NSA (with NIST - US National Institute of Standards and Technology) and Canada's CSE(C) (with the Treasury Board / Public Works) publish guidelines for civilian government security policies and recommendations on their public web sites. I believe other (counter-)intelligence agencies do the same as well.
Re: (Score:2)
Not all data collection has vile intentions. A lot of the data collected is used to understand user behavior or the sequence of events that lead to a failure. Some of the data collection is simply to do with the errors themselves.
By default they leave it on because they want to improve their OS.
The good thing is you have an option to opt out.
Re: (Score:2)
Re: (Score:2)
Wait.. (Score:1)
They allowed access to their source code and found exploits. Being ethical, they of course tried to fix them...
And then I woke up... It was just a dream.
Re: (Score:2)
It is hardly new that they share their code. They have had a Shared Source Initiative [microsoft.com] since 2001 to enable "source code access for customers, partners and educators, by making enterprise systems integrators (SIs) eligible to receive access to Microsoft Windows source code" (Source [microsoft.com]).
They already did share their code with partners like Mainsoft [wikipedia.org], who was the source of the leaked Windows code for NT4 and 2000 [slashdot.org] that happened in 2004.
Interestingly, Mainsoft was "one of the main providers for the Microsoft Windows
Viewing code means nothing; can they build it ? (Score:1)
Viewing the source code means nothing here.
The critical thing is: can they build that instance of the source code and use it in production ?
If not, then this is just a PR exercise because you have no way of knowing that your production binaries are built from this instance of the source code.
Re: (Score:1)
Spot on.
Microsoft could prove the value of the programme if it implemented something like the the Reproducible Builds project by Debian: https://wiki.debian.org/Reprod... [debian.org]
'Course, that would probably be an openness too far for them...
Re: (Score:2)
Dear NATO: (Score:2)
Dear NATO:
In the interests of keeping our world safe, we hereby promise not to sell you any of our products. We do hope you appreciate the gesture.
Sincerely yours,
Microsoft