Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Microsoft

Bundeswehr Says Microsoft Software Verboten 274

deran9ed writes: "The German foreign office and Bundeswehr are pulling the plugs on Microsoft software, citing security concerns, according to the German news magazine Der Spiegel. Spiegel claims that German security authorities suspect that the US National Security Agency (NSA) has 'back door' access to Microsoft source code, and can therefore easily read the Federal Republic's deepest secrets. Article in German, English article"
This discussion has been archived. No new comments can be posted.

Bundeswehr Says Microsoft Software Verboten

Comments Filter:
  • by Anonymous Coward

    The terrorists dream...

    I_LOVE_YOU_2.TXT.vbs:

    IF HOSTNAME="uss.ronald.reagan.mil" THEN

    MISSILE1.SET_TARGET("Washington DC")

    MISSILE1.LAUNCH
    PRINT("WE OWNZ J00")
    ELSE
    LET A = OUTLOOK.GET_CONTACT_LIST

    FOR I = 1 TO A.LENGTH
    OUTLOOK.SEND(THIS, A[I])
    NEXT I
    END IF
  • Have you ever tried the SuSE german version of Linux? even the kernel messages are in german (talking about make menuconfig)...

    As for MS or MacOS - you get the OS itself with localized version - and they're applications which Apple or MS written with localized version. If you'll install for example Quicken - you'll get it by default in .. english
  • by pb ( 1020 )
    I remember this from a while back, but it's nice to see other people asking these questions.

    My question is, why doesn't someone with a Source License check this out? And if they have, are they allowed to tell us?

    Windows source code isn't available to the general public, but a lot of people out there can get their hands on it. Anyone with access to it wanna pipe up and tell us?
    ---
    pb Reply or e-mail; don't vaguely moderate [ncsu.edu].
  • There may be truth to the rumors. Xerox was reported to have rigged a copy machine in the Russian Embassy to make extra copies on film. The machine would break down periodically, and a Xerox repair guy would go out fix it and put in a new film.

    Besides, it's not at all common for countries to throw up barricades to trade in order to boost their own industries.

    Good for them, maybe Germany will actually build some software that competes on the market as a result.
  • Interesting. I suppose the whole WWII thing causes us to believe we are morally superior. But you're right on one point. The US tries not to use foreign products in our own government.
  • Not quite sure how you could justify that comment.
  • I wasn't talking who won or lost, but rather how the war was fought.

    I thought that was pretty obvious. I guess not.
  • I wouldnt call this paranoid, it is a fact that there was a backdoor in Lotus Notes, and Notes was used by german military. So it seems like they have learned from their mistakes...
  • Well we at the Communist Jihad never plan our terrorist attacks through ICQ. Although we are foreigners, and therefor a little slow and backward, even we can see that you need more secure methods for this. We encrypt our data with software that we illegally downloaded from a USA based server.
  • Yes, the C compiler is strict ANSI C. They have it building using just about every C compiler known to man. Some of the other languages that come with GCC require GCC to build. So, you have to build the C compiler, and then use that compiler to build the rest. Anyway, they have a "bootstrap" mode that is very, very nice.
  • by Booker ( 6173 ) on Saturday March 17, 2001 @02:03PM (#357099) Homepage

    The NSA sure stays busy, what with putting backdoors in Windows [slashdot.org] and securing Linux [slashdot.org].

    Next thing you know we'll have a Congressional panel on why the NSA is being so... um... un-American [slashdot.org]. :-)

    ---

  • Thing is, it is absolutely crazy to let matters of national security rest on imported software. Maybe there are back doors in Windows and maybe there aren't -- but the fact that the government doesn't KNOW means they should have disqualified this software years ago. I hope other governments follow suit, including the US. Some things require the use of in-house products, whether that's more inefficient or not.
  • A former CIA director explained that this is done for moral reasons, but his article sounds awfully bigot to me...

    Yep. The US will use just about any tactic they can get away with to get big contracts for US companies overseas. For instance, the US told Australia that it had to buy submarine combat systems from US companies, instead of a competing European bid, because they wouldn't participate in joint exercises with these submarines if the subs used the non-US software. This, despite the fact that they happily conduct these kind of exercises with their NATO allies, who, shock horror, design their own submarines, tanks, helicopters, and planes, all with their own non-US combat systems.

    Like most countries, the US believes in free trade when it suits.

  • an act which would violate any number of laws within the US and any number of international treaties outside of it )

    I wasn't aware of any international treaties that placed limits on espionage activities - the only international treaties I can think of that relates to activities of spies are the Geneva convention (what you can do with spies once you catch them), and the Berne Convention (if they're diplomats, they've got diplomatic immunity). What are you referring to?

  • by banky ( 9941 ) <.gregg. .at. .neurobashing.com.> on Saturday March 17, 2001 @01:56PM (#357107) Homepage Journal
    There isn't anything *but* Microsoft software, if you think about it; with 95+% of the desktop market, even if it isn't made in Redmond, its written for their products.

    Besides, that German company may very well be SuSE...
  • ...the US secret service has a documented history of using its snooping on its allies, mostly for the benefit of US businesses.

    Can you name a major country that doesn't? Seriously, the Germans do it, the French have been caught a few times recently, the Japanese have been caught a few times. The list goes on.

    -
  • Canada probably doesn't spy on its allies.

    The US passes it's information on to Canada, and the rest of our allies.

    So if they aren't guilty by deed, they're certainly guilty by association.

    -
  • by Syberghost ( 10557 ) <syberghost&syberghost,com> on Saturday March 17, 2001 @04:43PM (#357110) Homepage
    Oh, yeah? Read this [fas.org].

    Perhaps you should stop relying on the German news agencies for coverage of German government excesses.

    -
  • by Admiral Burrito ( 11807 ) on Saturday March 17, 2001 @02:18PM (#357112)

    What makes you so sure that they received the complete source? Is the source even buildable? What makes you sure the Windows binaries don't include backdoors in source files Microsoft doesn't distribute?

    I would bet that it is buildable. But see Reflections on Trusting Trust [bell-labs.com].

    That paper applies to GCC too, of course.

  • Because the original article (not written by timothy) specifically mentions Microsoft products as a security risk. See my translation below.

    ------------------
  • I am pretty confident that the German secret service does not snoop on Boeing headquarters to make sure that Airbus (a company co-funded by the German and several other European governments) gets hold of the latest deal.

    At least, there hasn't been any report about such scandals here or in other country's news media, unlike many reports of such behaviour about the US secret service.

    Given the fact that the German secret service is probably (surely) far less competent than their American counterparts and the additional fact that German news media are very critical of our government and love to dig up such stories, it seems that Germany is not among them.

    Not yet.

    ------------------
  • Question is, who made the US the "mother" of Europe, in charge of educating its allies? The US does this because it is the one current superpower and knows it can get away with it.

    That still doesn't make it right since the very same things that Woolsley critizies are done by the US as well.

    ------------------
  • Thanks. I stand corrected.

    ------------------
  • Maybe "shoot" was the wrong choice. While that word was used, it wasn't used in its literal meaning. More like "German army targets Microsoft" or "pinpoints Microsoft".

    Even "farts in the general direction of Microsoft" would have been appropriate. :-)

    ------------------
  • by Hanno ( 11981 ) on Saturday March 17, 2001 @01:35PM (#357120) Homepage
    ...the US secret service has a documented history of using its snooping on its allies, mostly for the benefit of US businesses.

    A former CIA director explained that this is done for moral reasons [cryptome.org], but his article sounds awfully bigot to me...

    It should be expected that Echelon and similar technology that the NSA has access to will be used in a similar manner.

    ------------------
  • by Hanno ( 11981 ) on Saturday March 17, 2001 @01:53PM (#357121) Homepage
    [Everything in brackets is my comment. I am German.]

    http://www.spiegel.de/netzwelt/politik/0,1518,1231 70,00.html [spiegel.de]

    Enemy Software

    German Army bans Microsoft Software

    In fear of US secret services, the German foreign ministry and the German army are planning to close security holes. Instead of American software, federal computers will run German software in the future. [German software? There is no German operating system that I know of. DPA has a competent staff of tech writers, but I doubt they got this right.]

    Original article by Deutsche Presse Agentur [an independent, but huge commercial German press agency].

    (Image caption: In danger of spies - the German army shoots against Microsoft.)

    Computers that are used in security-sensitive areas shall not run Microsoft software anymore. According to German government security advisors, the American secret service NSA has full access to the complete source codes of the US company and is thus able to read even encrypted [Microsoft] files. Because of this, the German ministry of defense uses encryption technologies offered by the local companies Siemens and Telekom [the formerly state-owned, now largest telephone and internet provider].

    Meanwhile, the ministry of foreign affairs has halted plans to use video conference technology to communicate with their embassadors and foreign offices. During a Telekom presentation in Berlin at the beginning of March, State Secretary Gunter Pleuger was informed that for technical reasons, every satellite transmission is routed to the American city Denver, Coloroda.

    Pleuger thinks the detour to the USA is a security risk. "Then we could do our conferences in Langley right from the start" joked a staffer of the Pleuger office. Langley, Virgina, is the location of the US secret service CIA.



    ------------------
  • by sharkey ( 16670 ) on Saturday March 17, 2001 @06:24PM (#357124)
    No, no "backdoors" in software means that the author, publisher, NSA, etc. can get in while you think the software is secure.

    Outlook, on the other hand, is not a backdoor, it tends to "backdoor" the user. This is using "backdoor" as a verb, in the sense of prisons, or porn put out by Seymour Butts.

    --
  • the intelligence community protects its secrets under layers of "need to know." Though we know that some NSA agents worked at MS, we did not know what they were doing there. We didn't have the need to know. Even the president can be shut out from info because he may not have a need to know. so he won't know that he doesn't know, so he will not want to see info he doesn't know exsists. It would be naive to think that the NSA doesn't use the most widely used software for government and business, for its own purposes. It is also naive to think that MS isn't getting something in return. And to think that the Justice department wouldn't go after MS is naive too. To not go after them would raise suspicion. the software community would have blown the whistle, saying they are backing off the case because MS is in bed with the NSA. Most NSA guys are just normal geeks who like the work, and don't think of the moral consequences of what they are doing. They party as hard as they work.
  • Linux is not US Software, it is from Finland.
  • Don't count on Siemens having the nerve to say no to Microsoft. If you look at the most recent Dr. Dobbs, they are the featured "client" of Microsoft NT Embedded. Also, I work for a company that just got aquired (peacefully) by Siemens AG. We were a long time user of LynxOS for realtime embedded medical software. The word has now come from above that we will discontinue the use of LynxOS, and use Syngo(tm), which is Siemens Medical Software divisions' WinNT/2K based ActiveX framework.
  • 98% of SuSE is not german.

    If I wanted the ultimate secure OS for a PC-based server, I would want to use OpenBSD. But too bad, it's developed in Canada...
  • You know I can't say who it is :-)

    Suffice it to say that we used to be an engineering organization with an engineer/physician CEO. Now our Siemens CEO is a marketing dude, and our marketing department, dancing on their puppet strings, are creating our engineering *specs*. Gaaagh!

    We were best of breed, the most respected company of our type. And we got bought out by number eight in a field of nine competitors.

    It's time to get my resume in order...
  • Linus Torvalds, Richard Stallman, Larry Wall, and Guido van Rossum are but four major authors of SuSE Linux that are not German. You see, SuSE did not write 98% of SuSE. They only took existing components and fit them together, along with some of their own. SuSE may have created the SuSE Linux operating system, but they didn't create the vast majority of components.
  • This really is a bit silly, and I wonder if it isn't just a magazine report blowing comments out of proportion. Remember the old story about China dropping Windows for Linux [slashdot.org]? It turned out to be a complete exaggeration and misunderstanding. Besides, if they're really concerned about backdoors, why don't enter into Microsoft's new source code sharing program [slashdot.org]? I'm no more a fan of Windows than any other Slashdotter, but I do recognize that MS makes a lot of money overseas, and they'll take whatever steps they consider necessary to regain trust in these areas, especially as the US software/PC markets slow due to economic concerns and market saturation. --JRZ
  • Well, can you tell me what part of an airplane could be more important?
  • Germany may not have a Microsoft, but I believe RedHat has representation in Germany, SuSE is definitely huge in Germany (maybe even a German company?) so the options there are pretty open.
  • Where do you use foreign products anywhere in your government at all?

    Well, the Army's new berets are going to be made in China.

  • If we find the receipt, can we give it back?

    :-)
  • Every time a german buys an MS operating system some money flows out of germany and into the US. Great for us, sucks for germany.
    I don't see a penny of that money, so it you properly should have said great for Bill Gates and Microsoft investors.

    I have to use M$ crap at work so actually things are not so great for me...
    --
    You think being a MIB is all voodoo mind control? You should see the paperwork!
  • Namely, "US Navy carrier to adopt Win2k infrastructure" that goes to http://www.theregister.co.uk/content/archive/11929 .html [theregister.co.uk]

    I guess their problems with NT were't as bad as many people here would like to believe.

  • Nevertheless it's a good idea. Every time a german buys an MS operating system some money flows out of germany and into the US. Great for us, sucks for germany. Every country should make a policiy to use it's own products in it's own government. Anything else is saying your own countryman could not create a decent product and what the hell kind of an endorsement is that?

    I am always shocked when I hear that another government has standardised on some american product or another. Even if the products made in your own country are somewhat inferior why would you give away the tax dollars collected from your own citizens to a foreign corporation? Besides I am finding it hard to believe that a country which can make BMWs could not produce quality software.
  • What makes you so sure that they received the complete source? Is the source even buildable? What makes you sure the Windows binaries don't include backdoors in source files Microsoft doesn't distribute?
  • Well, the NSA apparently felt the need for a secure operating system. They went about it in the only sensible way (i believe) with an open source system. If there was a sensible alternative out there the NSA wouldn't have felt the need to throw money at the problem. This means, that even the NSA feels that Microsoft products don't do their job securitywise, and even if they can look at the source (i think the NSA has the necessary influence to do this) they might find it too complicated, apparently it's easier to start over with Linux anyway. Now, if even the US american NSA doesn't consider windows in their search of a secure OS why should the German Bundeswehr, or any other country for that matter. I think an Open Sourced OS would be the cheapest solution (and even allow for some interoperability).

    Also consider that MS' might build something into their OS so it can be switched off remotely (maybe if they think you didn't buy the licence, or you didn't update often enough). Also it becomes harder and harder to keep control over your computer once you installed an MS OS or MS applications. Already you have to turn off automatic updates. The system actively resists some tampering with system files (yeah, it's for the best of the user, but even someone who knows what he is doing can't turn it off). Well an obscure blackbox wich doesn't allow for tampering isn't what makes a happy security expert. He prefers a modular and well structured overseeable system (not an easy feat with todays OSes). I think a version of Linux would be a good start, but maybe some people at Siemens did some lobbying (that is to be expected, although american politicians call it bribery when it happens outside of the US, of course none of that happens in the US at all, and G. W. Bushs plans to distibute money to his rich friends are for the best of USA, but i digress ...).
  • by THB ( 61664 ) on Saturday March 17, 2001 @01:36PM (#357167)
    I'm sure the german government could get one, however it is most likely there are some anti-ms people in the german security/computer organizations, and they feel that this is the best way to get around it.

    If it is possible to utilize a backdoor, then it is just as possible to use the latest exploit, and they would be better off hiring decent admins.
    Hiding hole built into as much software as microsoft has shipped is not trivial.

    Its also possible that the german government wants to stimulate its software industry, the US has had policies like this for many years to give american companies advantages.

    The first reason could give linux a chance, but the second would most likely be a proprietary solution.
  • Even if MS shows them the source, there's no guarantee that the source that they get shown is the same source that gets compiled. You could just diff in your NSA backdoors right before compiling and no one would ever know the difference.
  • Burrito wrote: I would bet that it is buildable. But see Reflections on Trusting Trust.

    You're making the incorrect assumption that Microsoft has opened up its source code so that people can trust it. This is not correct. As I recall, even the best of customers gets access to only 95% of the source code, which casts further suspicion. Also, they specifically disallow any organization outside the United States from looking at their source code.

    If they are harboring secret code for the NSA, but are trying to address growing customer demand for a peek at their source, their current policy is exactly what you'd expect.

    From CNet: "Microsoft lists the main benefits of the program to customers as follows: one, augmenting the ability to debug and optimize customers' internal applications; two, improving troubleshooting of deployed Windows environments; and three, increasing understanding of Windows to promote long-term success of the customer's organization."
  • (Image caption: In danger of spies - the German army shoots against Microsoft.)

    I dont know what is scarier, Microsoft, or the German army shooting Microsoft. If not for Germany, we'd all be spaking english right now

  • by Cheshire Cat ( 105171 ) on Saturday March 17, 2001 @02:15PM (#357183) Homepage
    Citing "security concerns" is just a way for Germany to encourage the use of products from German-based companies. Right now Germany needs to do all it can to encourage economic growth at home. In former East Germany, unemployment is rampant. Its as high as 20% in some places.

    I believe that they can't simply bar American software for various trade legalities. So they need to use "security concerns" as a cover to justify this. It doesn't mean that MS has backdoors in its code; rather the *rumor* that such things exist is the perfect reason for the German's to use software from their country.

  • Another oddity is why would they just come out of the blue and state these transmissions are going to Denver?

    Read the Omega File. The NWO headquaters will soon be under Denver International Airport. It also says that Germany is set to be a key player in the coming of the New World Order, and that they were heavily involved with Grey aliens in WWII. It all makes sense thanks to conspiracy theories!

  • In case you were thinking that this is somehow a "win" (whatever that is) for Linux, think again: They are going to home-grow their secure solutions using a German software company.

    Hmmm, ever heard of SuSE? Nothing stops them from making a DGSE-linux in cooperation with SuSE, sort of analogous to the NSA's security enhanced linux... (Was DGSE the german foreign intelligence agency or do I even have the right country? oh well, what ever acronym is right the point is the same) Now does this mean that they'll release a new linux binary called /usr/local/bin/sniffgermansecrets? doubt it. but if they find and release fixes for kernel bugs and whatnot, hey, that's a win...


    --
    News for geeks in Austin: www.geekaustin.org [geekaustin.org]
  • The NSA has to report to someone right? If they spy on foreignors while the FBI spies on Americans, the thing kinda looks like

    NSA->State Dept

    FBI->DOJ

    Well there has to be some sort of oversight such that

    (diagram removed because it was 'lame')

    And I'm sure that oversight can coordinate a little information exchange between the NSA and the DOJ. I'm of the opinion that there is no NSA backdoor in Windows, because it would have been found and exploited by now. I think it's just some European nationalism thrown in to cover up the fact that someone in the IT dept. fucked up and now they need an alternative.

    It's fairly obvious where Deutsche Telekom hails from, but I didn't know Siemans was a German company... I suppose asking them to use NSA Linux is out of the question =) Anyone have any insight into what design decisions they'll be making?
    --
    Peace,
    Lord Omlette
    ICQ# 77863057
  • US corporations of course receive no money [amalthys.com] from their government.
  • Moral reasons. As if US corporations don't use the same tactics and get as many government subsidies as European ones. Anyone who thinks otherwise should do a search on corporate welfare on Google and see that more of your taxes go to wealthy corporations than go on benefits to the poor, and yet those same corporations via the puppet media are the ones advocating cuts in poverty benefit.
  • Because the NSA have it and the German government doesn't. If they used a truly open system then backdoors could be planted but a security audit would find them.
  • Trying to keep conflicts down? Ha! I think you should have a look at this [slashdot.org] and then judge how great a force for peace the US has been over the past 30 years. Not that the Europeans or Japanese have exactly covered themselves with glory either.
  • How to look an idiot by forgetting to close quotes. Try looking here [carlton.com].
  • Integrating a second world country into a first world one is not an easy task. What is wrong with Americans? I used to want to scream when I heard on CNN that Germany's problems were due to their socialist government. East Germany is a mess because it is a recovering Soviet client state that doesn't have the Soviet Union propping up it's economy, and reversing 40 years of misrule doesn't happen overnight, or even in 11 years. Just imagine how well the US would do if it decided to integrate Mexico into the US. Economic stagnation would be the result, just as has happened in Germany. Blame Chancellor Kohl, it was his dumb idea, based on a Germany that never existed in the first place.
  • Well Microsoft did it. Sort of anyway.
  • In which case then, the Vietnamese must be the master race.
  • No paedophiles in the US then? You can own a gun, we just don't hand them out to any lunatic or 2 bit punk.
  • John Logie Baird invented the television, and you're right it wasn't an Englishman who invented the first car it was a Frenchman [ausbcomp.com]. Saying that Daimler invented the car is as hilarious as saying it was Henry Ford that did it.
  • What point was that? Don't start dissing the Germans for losing a war 55 years ago if you don't want to be reminded of losing a war 25 years ago, and to an allegedly inferior force of communists no less.
  • And how was the Vietnam war fought? With Napalm, Agent Orange and soldiers who didn't care about the difference between a village of rice farmers and a VietCong base. The Nazis were evil scum, but the Yanks didn't exactly act with honour in Vietnam either.
  • People from my country (UK) invented the computer, the television and the car and a Scotsman invented the telephone in the US. The internet is undoubtedly a great invention, but it was an Englishman who created HTML and made it useful, and the next big thing on the internet will be mobile computing via 3G cellphone networks in which the US is woefully behind.
  • I work for a German Company and have visited a lot of German companys. From what I have seen is that all the companys run Windows NT and a few run Windows 2000. If they run Windows NT it's with SP5. I have also seen a lot of companys experment with Linux, mostly running internal websites.

    But the article talks about secure servers, I just see the "front end" not the secure servers, and from those that I have seen, they are running Suns.

    I wonder who is winning on this? SuSE?
  • until I read the write-up at The Register [theregister.co.uk] which ends:

    The two companies [Siemens and Deutsche Telekom] have supplanted Microsoft (and anything else American) and will be producing a secure, home-grown system that the German military can be confident in.

    So basically, instead of having a proprietary American software running a major military organization, they'll have proprietary German software running a major military.

  • by skybird0 ( 176892 ) on Saturday March 17, 2001 @06:04PM (#357236)
    The NSA while administered by the DoD reports to the DCI who reports to the NSC who reports to the POTUS.

    From the NSA web site [nsa.gov]:

    The National Security Council, a group of appointed senior officials, assists the President in formulating foreign policy and intelligence priorities. The Director of Central Intelligence (DCI) directs and coordinates the diverse activities of all the U.S. intelligence organizations. The IC has representation from many intelligence agencies, including intelligence functions in the DoD, Departments of Justice, Treasury, Energy, and State, and the CIA. While not a military organization, NSA is one of several elements of the IC administered by the DoD.

    "Then came the Holy One, blessed be He, and slew the angel of death, that killed the shohet that slaughtered the ox that drank the water that quenched the fire that burned the stick that beat the dog that bit the cat that ate the goat my father bought for two zuzim."

  • It's not a backdoor. It's a feature.
  • citing security concerns

    Right. Let's install RedHat instead...

    German security authorities suspect that the US National Security Agency (NSA) has 'back door' access to Microsoft source code, and can therefore easily read the Federal Republic's deepest secrets.And then we're going to help Mulder crack his biggest case!...

  • citing security concerns

    Right. Let's install RedHat instead...

    German security authorities suspect that the US National Security Agency (NSA) has 'back door' access to Microsoft source code, and can therefore easily read the Federal Republic's deepest secrets.

    And then we're going to help Mulder crack his biggest case!...

  • There really shouldnt be a doubt about Spiegels credibility. I trust them. Lispy

    Its settled! Well so long as *you* trust them, I guess I can too.
    br Your statement smacks of irony here, being that article is exactly about trust and mistrust of unknown 3rd parties and products.
  • by Sir_Real ( 179104 ) on Saturday March 17, 2001 @01:34PM (#357241)
    What like Outlook? :)
  • by Alien54 ( 180860 ) on Saturday March 17, 2001 @01:59PM (#357243) Journal
    What like Outlook? :)

    Like the classic sig file says:

    "I picked up a Magic 8-Ball (tm) the other day and it said 'Outlook not so good.'

    I said, 'Sure, but Microsoft still ships it.'"

    ;-)

  • It is quite bogus to link unemployment in former East Germany with encouraging software development in the Germany. Right now Germany is hungry for the software developers and tries to attract them from the whole world - East Europe, India, ... There are green cards for 5 years and similar programs and if Germany does this, they must really see this as a problem.

    I don't think the Bundeswehr really wants to switch from american software to software written by a bunch of Russians, Indians etc. I worked at Siemens Austria (I am a Slovak) and our team was two Slovaks, one Hungarian and our boss was from Iran. Now I work for another austrian company and the situation is not very different.

    I think they will develop some security modules by their own staff and that will pretty much be it.

  • by Erasmus Darwin ( 183180 ) on Saturday March 17, 2001 @04:31PM (#357245)
    I'm of the opinion that there is no NSA backdoor in Windows, because it would have been found and exploited by now.

    Let's not forget the whole NSA backdoor key in Win2k [www.iol.ie] debacle. There were, of course, reports from Microsoft denying that this was a key for the NSA. There is, at least, sufficient doubt to make it impossible to rule out the presence of a delibrate NSA backdoor.

    Even if that weren't enough, one could argue that such a backdoor, if found, might be (or possibly has already been) classified as a bug instead of a backdoor.

  • So... what are the odds some other C compiler is bugged with a target of GCC? Build GCC with something else (or several somethings and do some comparisons of subsequent GCC output).
    Is that possible? Can you build GCC with anything other than GCC?
  • Some-one tell them that MS software is full of a different kind of bug.

    PS: Believe it or not, Siemens really does have a Staines office (Siemens Building Technology [siemens.co.uk]). If only Wang had an office in Cologne.

  • I believe RedHat has representation in Germany, SuSE is definitely huge in Germany (maybe even a German company?)

    Suse is a German company.
  • 98% of SuSE is not german

    But at least you can examine, or modify the source code for 98% of SuSE. The other 2% of SuSE, you don't have to install.

    With SuSE being a German company, they might be less inclined to spy on their own government -- or, the government migtht be able to cooperate/coerce SuSE in various ways.
  • I would bet that it is buildable

    I wonder.

    It seems from all accounts I've read about MS letting others peek at their source, they specifically want it to be only so that you can consult the source. For instance, to make your board able to work with Windows. Or to see how Windows works, to get your enterprise app to work with it. etc.

    MS specifically doesn't allow you to modify it. Therefore, it might not be buildable in order to preclude non-authorized binaries from ever comming into existance, and possibly getting passed around, even finding their way outside of the licensed organiation into the wild, etc. Imagine the possibilities.

    Of course, the only way that MS could convince me to my satisfaction that there were no backdoors would be: (1) I get to analyze the code, and (2) I get to build the code and compare binaries to those that have been in circulation for years. Part 2 requires that I have access to the original compiler tools, configuration settings, etc. so that I can generate identical binaries. This is a pretty high bar in order to make a convincing argument that there are no backdoors. Of course, item 1 alone is a pretty high bar on my part. I would have to have a darned good reason to expend the effort to audit the (presumably) horrible MS code. Even if MS met item 2, the cost to me of item 1 might make it cheaper to go with open source. Even doing item 1&2 on open source.
  • Is Microsoft willing to let their source code out of the US? Really? Especially to countries like China where piracy is rampant and MS would have to trust the foriegn government to keep it's source a secret? Who does MS complain to if foriegn power does not respect MS's NDA? Even in such an event, the damage is done, even if there were an effective higher power to complain to? (aside: wouldn't MS complain to a "lower power"? Hey, buddy ol' pal Satan, some foriegn power released our source code.)

    I can see why MS is so tight lipped about their source. Even in the US. Even with legal recourse. If their source code escaped, imagine the consequences. Okay, Company X, and it's employee Cmdr Taco are found guilty of violating MS's NDA. They are to pay $200 billion in damages. C'mon, do you really think that any company besides MS could afford such a judgement? The damage is done. Period. No amount of money can undo it.

    Bottom line: MS is NOT going to do "whatever it takes" to earn back people's trust. Even if MS truly has nothing in their source to hide.

    (another topic: even if they have no NSA back doors to hide, they might have other secrets to hide in their source. Anticompetitive features. Code to sabatoge competitors. Undocumented features to benefits only MS apps. Code that violates other's patents or copyrights. Admittedly, this last one is quite a stretch.)
  • I replied to another message with basically the following argument...

    MS would never allow their source code outside the US. Who would they complain to if foriegn power violated the NDA? Imagine even inside the US where MS has the legal system in their pock..er.., um.., I mean, on their side. If a US company violated MS NDA, no amount of money in a legal judgement could make up for it. Period. Damage is done. So given the absence of any legal recourse, why would MS release source code outside of the US?
  • The east notwithstanding, the German economy is actually in pretty good shape at the moment.

    "It doesn't mean that MS has backdoors in its code; rather the *rumor* that such things exist is the perfect reason for the German's to use software from their country."

    Uh, I'm certainly no security expert, but even I can recognize the most basic principles of trust in a system. There does not even need to have been a rumour of backdoors - the more basic principle is that you're using a system that you simply DO NOT KNOW can be trusted, in an application where complete trust is imperative. The fact is, Germany simply has no way of knowing if MS systems can be trusted, and if you are the person responsible for implementing security in such a sensitive system, and you choose systems whose trustworthiness is inherently unknown, you should have your ass fired on the spot. The fact that the US goverment has spying backdoors in most major communications technologies exported from the states certainly should tell you that MS systems most likely *can't* be trusted. But even without this background knowledge, you know that the MS system is less than 100% trustable. When you absolutely need 100% trustable, then anything less cannot be accepted.

    You do have a point, and I'm sure that part of the reasoning is to encourage the use and development of home-grown stuff. But those "security concerns" are more than just a useful excuse for this - they are probably very valid concerns too.

  • You know, my friends and I have joked about MS (and other companies) having backdoors in their software for years. We've always known the NSA has incredible powers when it comes to finding out what they want to know. It's only a quick leap of logic to assume they've got systems that make Carnivore look like a toy. Besides MS, I'd say the next biggest target is Cisco's routers. Think about the incredible potential if the NSA can just reroute anything they want through their own network.
  • by BigumD ( 219816 ) on Saturday March 17, 2001 @01:26PM (#357270) Homepage
    You think that if the government had access to Microsoft's software then they'd have a stronger case against them...
  • Sorry; my comment was more in regard to the article at The Register, which details that they are phasing out ALL non-German software from their most secure areas. For normal governmental work and other divisions, they will probably continue using Windows, since that is the platform on which you'll find most business apps.


    -------
    -- russ

    "You want people to think logically? ACK! Turn in your UID, you traitor!"
  • by rabtech ( 223758 ) on Saturday March 17, 2001 @01:47PM (#357273) Homepage
    If anyone bothers to read the article, it states that Germany isn't going to use ANY American or foreign software in its most highly secured areas. Why the hell did timothy feel the need to specifically cite only Microsoft software?

    In case you were thinking that this is somehow a "win" (whatever that is) for Linux, think again: They are going to home-grow their secure solutions using a German software company.


    This is the same thing our United States military does. They contract with American-owned companies for custom software solutions (like the recent Windows Datacenter custom system for running Battleships and aircraft carriers, or the NSA's development work on a secure Linux system.)


    Can't Slashdot just stop focusing on Microsoft for even one minute? Please?

    Oh well.... life goes on :)


    -------
    -- russ

    "You want people to think logically? ACK! Turn in your UID, you traitor!"
  • I believe that they can't simply bar American software for various trade legalities. So they need to use "security concerns" as a cover to justify this.

    This would be true if they wanted to implement an across the board ban on all M$ or all American software in Germany ( makes you wonder what they'd have left? ) - or impose trade sanctions against all american or M$ software. However, the policy decisions of what one business or govt. agency is going to use for its own software is not prohibited by trade sanctions - that would just be ridiculous. If it were the case a govt. would have to have equal numbers of computers made by american, japanese, russian ( god forbid ), and other companies just to keep it fair. They don't need to cook up such an outrageous story just to cover what comes down to an IT dept. decision of buying local stuff instead of american.

  • I'm not an expert on this kind of thing, but I would assume that spying on countries that are presumably your allies is at the least not going to win you much good sentiment, even if it doesn't break any treaties.
  • there is no evidence of any such backdoor (the site which originally made the NSA claim has been taken down)

    Well, there is no evidence that has been made public, yet. I was under the impression that it was the german govt. which made this claim - not some website, and the fact that the article is gone or not has no bearing on this. Assuming that the german govt. really did make this statement and is intending to follow through on it. It seems unlikely that a very influencial world govt. would make such an "outrageous" statement unless they had some good reasons to believe it was true. The fact that they have not specified what those reasons are yet means nothing.

    Also given that the NSA released such a large number of microsoft weaknesses recently suggests that even if there were no NSA/CIA designed holes in M$ products, they have obvioulsy spent a good deal of time investigating what was there without their own contributions, and would naturally have been in a marvellous position for years to take advantage of same.

    Why should they want to publish these backdoors that they themselves have discovered and (potentially) been using then? Well probably because they figure that these back doors and security weaknesses aren't so well hidden that many people outside the US couldn't find them and exploit them, and they'd rather see the vastly computer-dependant US economy be more secure rather than have easy access to foreign interests. Just a trade-off that makes sense in the long run.

  • This is very interesting - I had no idea that they were so lax about allowing foreign spying. Thanks for the heads up - it explains much.
  • by corvi42 ( 235814 ) on Saturday March 17, 2001 @03:25PM (#357280) Homepage Journal
    The different branches of govt. likely wouldn't be sharing this kind of info. Its unlikely that if the NSA and/or CIA were using undisclosed backdoors in M$ software to snoop on people ( an act which would violate any number of laws within the US and any number of international treaties outside of it ) they would be wanting to tell the justice dept. of all people anything about it.
  • There is no German operating system that I know of.

    Untrue. Siemens-Nixdorf has had their own version of SVR4 for a long time now. It's called "Reliant UNIX" these days, but was known as "SINIX" for most of its history. It runs on the old Pyramid/Siemens workstations and servers. Not very well known in the states, but you can usually tell sysadmins who've touched it by the way they start cringing when it's mentioned.

  • There are some major satellite teleports in the suburban Denver area...
  • Under/Around/Near Denver is also a suspect spot for Area 51's replacement base and development center.
  • Are you by any chance referring to the SuSE A.G. in Nueremberg?

    You're right, this sounds awfully suspicious, but remember there has been a lot of bad feelings over the Echelon program lately, especially considering the fact that US companies suddenly come up with a better deal just as some EU company is about to sign a major contract (as for example Boeing vs Airbus when some Arab airline wanted to upgrade it's fleet). Germany, being an industrial powerhouse, was most incensed by this suspicion of industrial espionage sanctioned by the US government, and Germans being historically paranoid about eavesdropping, this is not a surprising reaction.

    Mart
  • Yesterday someone posted a connection between Microsoft & CoS [slashdot.org]. The Germans have good reason for their decision, especially considering that the disk-caching and defragmentation utilities shipped in NT & 2K were developed by a company founded by a Scientologist [execsoft.com]. Germany and CoS are not good friends (read more on google [google.com])

    The internet has spawned interesting phenomena such as rtmark [rtmark.com], which seeks to subvert worldwide corporatization by arranging contributions to fund legal anti-corporate activities. It's about time for someone to conduct similar efforts toward confirming back doors in OS software.

    Until then, we all have to wonder whether this is paranoia from the intelligence community, or reality.



    If you love God, burn a church!
  • by deran9ed ( 300694 ) on Saturday March 17, 2001 @01:57PM (#357307) Homepage
    German Federal Armed Forces
    banish Microsoft programs from fear of US secret services the Foreign Office and the German Federal Armed Forces safety gaps want to conclude. Instead of American software on the national computers in the future German programs will operate. In computers, which are used in sensitive areas, no software from Microsoft is to be used anymore. After realizations of German security authorities the American espionage service NSA has encoded data all relevant source codes of the US firm and can read in such a way.
    Apparently the article and everything it states is directly supported by the article. And it was me not timothy who posted the comment and it was no way done to boost any use of Linux.

    besides... last uname -a I did showed FreeBSD
  • by deran9ed ( 300694 ) on Saturday March 17, 2001 @01:34PM (#357308) Homepage

    Siemens is a mega corporation [http], so its going to be neat to see how this plays out on other European countries using Microsoft based products, as well as the governments of Germany and America's trust in each other (remember with a company like Siemens, its not like its a mom and pop company ranting off.) Germany is a very powerful force within the European Union as well so chances of this rubbing off into other countries will likely take place in the not-to-distant future.

    Another oddity is why would they just come out of the blue and state these transmissions are going to Denver? Out of all the places (for a conspiracy theorist to mention) in the US Denver and not someplace like Washington. Well here are the only places I know offhand capable of capturing, sorting info in the Colorado area along with respective information: ITS [bldrdoc.gov], NSA orders [fcc.gov] (keep in mind these are publicly accessible websites and known locations)

    I wonder if MS would comment on this article or will they ignore it. This isn't the first time MS has been accused of having backdoored software.

    (In fact here ya go enjoy... gov doc a [usgs.gov], gov doc b [ignet.gov], Slashdot's prior MS/Backdoor article [slashdot.org])

    Also its not the first time someone in the European Union has accused the United States of odd actions involving espionage. There was also something along the lines of ECHELON being by the U.S. used to promote industrial espionage in order to beat the EU to a large (billions of dollar large) aerospace deal with Saudi Arabia.

    Anyways...
    if [ -e bombdropping ];
    then
    mkdir /jail ; chroot /jail deran9ed
    echo "it could happen to you too [antioffline.com]"
    else
    for i in `find /somewhere/over/the/rainbow -name deran9ed
    do
    wget -U spooks www.google.com/query?deran9ed
    mv $i /jail
    done
    fi


    Well here's the babelfishified version of the German article:

    German Federal Armed Forces banish Microsoft programs from fear of US secret services the Foreign Office and the German Federal Armed Forces safety gaps want to conclude. Instead of American software on the national computers in the future German programs will operate.


    In computers, which are used in sensitive areas, no software from Microsoft is to be used anymore. After realizations of German security authorities the American espionage service NSA has encoded data all relevant source codes of the US firm and can read in such a way. In order to protect secrets, the Ministry of Defense sets Siemens and Telekom therefore on encoding techniques of the domestic companies.

    The Foreign Office reset meanwhile its plan to introduce video conferences with its representations abroad. Undersecretary of state Gunter Pleuger experienced with a Telekom presentation in Berlin at the beginning of March that all satellite transmission ways for technical reasons run over the American city Denver in the Federal State Colorado.

    Pleuger was too uncertain the detour via the USA. " then we can hold our conferences directly in Langley ", spoettelte a Pleuger coworker. In Langley (Virginia) the American secret service CIA resides.

    crummy translation...

    vroom vroom [speedygrl.com]
  • This may mean that rest of the EC will follow Germany's example. The German military might seem a bit paranoid, but Germany, as a country, has tremendous influence in the European Economic Community. Perhaps Germany, and other nations will start using alternate software, (maybe SuSE Linux) and MS will lose its market overseas. That, combined with Russian crackers [wired.com] and bad software/hardware security in Asia, might just contribute to the decline of MS. Who knows?

Economics is extremely useful as a form of employment for economists. -- John Kenneth Galbraith

Working...