China is to look at the Windows source to see if it can improve security. It is also suggested that security holes will be assessed to see if they are deliberate openings left for security agencies to use.
http://news.com.com/2100-1016_3-5083458.html
So is this a real possibility?
It’s extremely unlikely that the holes were put there deliberately. You can’t keep a security hole secret forever, and when one is discovered it makes Microsoft look bad and piss off their customers – not good business.
True, but when theres no competition for the home-users market you could afford to make as shoddy a product as you liked.
Meta, security holes are bad business period. Even if Microsoft has no competition. Although, OEMs have been shipping free office suites for years if not decades. There were and are alternatives.
The Chinese government is looking at the source code not for security holes but to see if Microsoft is a front for the CIA. The big fear of the Chinese government is that somehow Microsoft has designed software that will allow the CIA or someone else in the know the ability to access any PC or server running Microsoft products.
Here’s the quote from your linked article:
However, previous reports have said that the search for backdoors installed by national intelligence agencies is also among the aims of the agreement.
I’m no fan of Windows as an operating system or Microsoft as a company, but I don’t think the security holes are delibarately placed.
I think Microsoft made an operating environment that anyone, even those seriously computer illiterate folk, could use. To do this, they sacrificed quality for ease. I believe a lot of the security holes (and all operating systems have them) that cause the most trouble can be traced from an over-eager desire to make things work easily and with a minimum of training.
They have integrated too many of their products with no thought to security, because security adds complexity. Now that they want to add security, it is a gargantuan task.
There’s a big difference between a buffer overflow and an intentionally compromising back door. The closest I’ve ever seen was that NSAKey thing a while back, and even then no-one really thought it was a backdoor.
If they were gonna do something like that, it’d either be something no-one’s likely to find, and be impossible for dumbass script-kiddies to exploit (and buffer overflows happen everyday, so…), or they’d just put it in, and let everyone know they did. You have been reading those EULA that pop up every time you install/patch something, right? You’ve already signed your computer away to 'ol Bill.
So basically, the answer is no, they’re just screwing up.
The truth is out there.
I know it.