comments 5

Should the government use Microsoft products?

[box icon=”chat”] I don’t think the US government should use operating systems made in China for the same reason that most governments shouldn’t use operating systems made in the US and in fact we just got proof since Microsoft is now known to be telling the NSA about bugs in Windows before it fixes them.

-Richard Matthew Stallman founder of Free Software Foundation
(Techbytes interview)

In what appears to be open-season on the NSA and Tech Companies, Bloomberg has joined in with a report of their own, implicating that Microsoft provides US  intelligence agencies with information about bugs in its popular software before it publicly releases a fix. In other words, Microsoft grants special access to the likes of the NSA to poke around in the nearly 1 Billion users of Microsoft software via newly discovered bugs—long before Microsoft report it to the public and eventually patch the bug.

What this means in practice is that intelligence agencies like the NSA and CIA could potentially be granted near complete access and control to every single machine running Microsoft Windows, including your PC and mine, but also the PCs of nearly every government agency in Malaysia. Potentially, every now and then, the NSA and CIA could  be snooping around the data of our local government officials thanks to good ol’ Microsoft, and no one would be none the wiser.

This also may explain how the Stuxnet could have been coded with 4 Microsoft zero-day exploits –that’s 4 with a capital F.

I’m not saying that these agencies ARE spying, I’m just pointing out that they COULD be spying–with relative ease. They’ve already demonstrated their willing to infiltrate the telephone and email networks of  the building that houses the European council. If they’re willing to do it to the Europeans, what more us Malaysians?

All of this is in addition to the PRISM revelations, which implicate Microsoft in providing back doors to US intelligence agencies to their cloud offerings. I personally don’t believe such a backdoor exist, but if it did, you’d better be careful on how you store your Microsoft Office 2013 documents–because its seamless integration to skydrive makes it very tempting to store your precious data in the cloud–where those backdoors exist, rather than on your local machine–where the unreported bugs exist.

Of course this begs the question, with these new revelations should the Malaysian Government or any other non-US government look for alternatives Operating Systems for their staff to use? Open Source versions of Linux like Ubuntu are community driven and publish their full source code online–minimizing the risk that certain governments have the upper hand when it comes to bugs and exploits. A similar situation exist for Microsoft Office alternatives in the form of Open Office and Libre Office, and nearly every closed software suite has a opensource alternative, which are good if not better than their commercial sold-for-profit cousins. Apache springs to mind.

This isn’t as paranoid as it sounds. A US congressional Intelligence Committee report released late last year accused Huawei and ZTE of providing opportunities for Chinese intelligence services to tamper with U.S. telecommunications networks for spying. Huawei and ZTE are one of the largest telecommunications equipment manufacturers in the world, the Chinese equivalent of Microsoft in this case.  Mike Rogers, the Chairman of the Committee that produced the report told US companies to “find another vendor if you care about your intellectual property; if you care about your consumers’ privacy, and you care about the national security of the United States of America.”

Of course this was prior to the PRISM revelations, so his words didn’t sound as hypocritical and hollow as it does today.

Basically, the world’s most powerful nation is itself afraid of foreign technology supplied to it from China, why shouldn’t we be afraid of tech from the worlds most powerful nation?

To be fair, the Tech giants, including the Business Software Alliance, wrote a letter in response to the report citing that “Fundamentally, product security is a function of how a product is made, used, and maintained, not by whom or where it is made… At a time when greater global cooperation and collaboration is essential to improve cybersecurity, geographic-based restrictions in any form risk undermining the advancement of global best practices and standards on cybersecurity”

5 Comments

  1. Pingback: How Computer Security Research works : Facebook 20,000 prize

  2. Pingback: Links 26/7/2013: Mozilla/Firefox and Jolla Phones | Techrights

  3. rmstallman

    Ubuntu is a version of the GNU/Linux operating system.

    Linux is not an operating system. It is a kernel, one essential
    component of an operating system, but useless without the rest of the
    system. GNU/Linux is the GNU operating system, which I started
    in 1984, plus Linux, started by Torvalds in 1991.

    There are over 1000 different GNU/Linux distributions, but Ubuntu is
    not good to recommend, because it contains programs that are not free
    (free as in freedom, that is — bebas in Bahasa Melayu, ziyou in
    Mandarin). See http://www.gnu.org/distros/common-distros.html.
    Ubuntu is also one of the rare cases where free programs spy on the
    user. See http://www.gnu.org/philosophy/ubuntu-spyware.html.

    The parts of Ubuntu which are not free software are also not “open
    source”, but since “open source” is basically a way to discourage
    paying attention to to ethical issues such as freedom, to highlight
    that issue we should say “free software”.

    See http://www.gnu.org/philosophy/open-source-misses-the-point.html
    for more explanation of the difference between free software and open
    source.

    • kar2on

      Wow, this is new information to me. How serious do you think the spyware on Ubuntu really is? And what recommendations would you make for GNU/Linux distros? Would Linux Mint be a good alternative?

      Personally I’m ok if Ubuntu contains programs that aren’t free, but the spyware bit really blew my top off. Thanks for the tip Richard.

  4. Pingback: Who are you trusting Online

#YourComment