Why would they do this? Blackmailed with pictures of Bill Gates in a diaper being spanked by a leather-clad midget?
http://www.zdnet.com/blog/government/microsoft-turns-over-all-win7-and-server-source-code-to-russias-new-kgb/9191?tag=nl.e539

http://www.engadget.com/2010/07/14/immigration-deports-alexey-karetnikov-microsoft-engineer-alleg/


Might have been an inside job.

Over 30 countries have MS source-code, because they threatened to block sales of Windows if MS didn't give them some reason to believe that their governments/companies could continue to use MS Windows without having a CIA backdoor into their operations. That's why.

However, without having the actual compiler being used you don't actually have a compilable build, etc.

You're a software security expert too? Holy shit!!!

Not only does this give the Russians the opportunity to find gaps in Windows security — it gives them the opportunity to do so while most American companies and organizations don’t have the same opportunity to find the same gaps and plug them.

Cambridge University security expert Richard Clayton told ZDNet UK on Thursday that opening up source code leads to a complex security situation. While a view of the code could enable a government to find security holes that the state could use to launch attacks against other nation states, it is possible to find holes in software without having access to the source code, said Clayton.

"If a government has the source code it can find different sorts of security vulnerabilities and perhaps exploit them, [but] it's unclear whether access to the source code makes people better or worse off," said Clayton.

This expert seems unsure of the costs/benefits, but I'll go with you on this one. No worries then!

You're a software security expert too? Holy shit!!!

This expert seems unsure of the costs/benefits, but I'll go with you on this one. No worries then!
This is old news, read an article on it about a week ago. A cursory google-search (http://www.google.com/search?hl=en&safe=off&client=firefox-a&hs=JKg&rls=org.mozilla%3Aen-US%3Aofficial&q=%2Brussia+microsoft+source+code&aq=f&aqi=&aql=&oq=&gs_rfai=&gs_upl=105%2C105%2C0%2C0%2CNaN%2C0%2C) will turn up a few hundred thousand articles, why don't you educate yourself.

I reccomend Slashdot (http://tech.slashdot.org/story/10/07/09/0042238/Microsoft-Opens-Source-Code-To-KGBs-Successor-Agency) because it's populated by, yes, security experts I'm sure and other geeks much smarter than I in these fields who provide very valuable commentary.

They've already provided it to the Chinese (and the British, not sure who else). That means that the Russians and Chinese can look for and exploit holes in Windows. Last I heard (which, admittedly, was around 2002), the source code that they provide is not enough to build a complete Windows system, and the license does not permit building it, only reviewing it, so this only lets you find (but not fix) accidental flaws, not malicious ones.
(Source (http://tech.slashdot.org/comments.pl?sid=1713256&cid=32849268))


If you can't compile the code into a working binary using the same compiler that was used to produce the production binary because you're missing parts, then you can't be sure that the source code you have represents the binary you're using. You have take Microsoft's word for it, and it's not like the rep you're talking to is the actual guy who manages the build, so even he doesn't actually know for sure.
An incomplete set of source is absolutely useless for a true security audit.
(source (http://tech.slashdot.org/comments.pl?sid=1713256&cid=32850324))



It is not all that uncommon for Microsoft to open its source. I mean, it doesn't happen everyday, but they have special facilities for that purpose alone.It may have changed, but back when i saw it, it was basically a web based code browser that doesn't allow the more simple copying features (like no export and stuff obviously).
If its still what they use, then it definitely cannot (realistically) be built.
(source (http://tech.slashdot.org/comments.pl?sid=1713256&cid=32849534))



They changed even faster than that. IIRC, it was Jim Allchin that said releasing the source code for a portion of Windows (the message queue), would have serious US national security implications. This was in 2002, during the post-DOJ lawsuit cleanup where some states filed a separate lawsuit.
Less that a year later in early 2003, Microsoft entered into a broad source code sharing arrangement, with Russia, China, and many NATO members.
http://www.microsoft.com/presspass/press/2003/feb03/02-28GSPChinaPR.mspx [microsoft.com]
From "serious US national security issues" to "here you go Russia and China" in less than a year.
(source (http://tech.slashdot.org/comments.pl?sid=1713256&cid=32852826))


Etc. Why don't you just hold your tongue unless/until you actually find contradictory information.

I reccomend Slashdot (http://tech.slashdot.org/story/10/07/09/0042238/Microsoft-Opens-Source-Code-To-KGBs-Successor-Agency) because it's populated by, yes, security experts I'm sure and other geeks much smarter than I in these fields who provide very valuable commentary.

Bahahaha! You're posting forum posts from anonymous guys named TheRaven64, morgan_greywolf, Shados and thoth to refute the quote I provided from an expert on security at Cambridge University?

Wow. The halls of the Internet really do echo.

Actually I think myself and all the people I quoted are pretty much in agreement with your Cambridge quotes. What I "refuted" was your making my knowledge of the topic an issue.

Anonymous doesn't make them automatically wrong. If you'd like to attack their statements, feel free. They look pretty reasonable to me.

My only claim was why MS is doing it, which your Cambridge quotes don't even address.

My only claim was why MS is doing it, which your Cambridge quotes don't even address.

If you bothered to read and had any knowledge on the issue, as you say you do, you'd know it seems primarily related to commercial reasons.

A senior Whitehall source told ZDNet that Microsoft's decision to open its source code to various governments had been a commercial decision.

Microsoft said it had opened up code to the FSB as part of its ongoing Government Security Agreement with the Russian state.

"The agreement that we signed with the FSB is an extension of Microsoft’s Government Security Program (GSP)," Microsoft said in a statement on Friday. "The purpose of the GSP is to increase trust with national governments. In the case of the Russian agreement, GSP participation will facilitate the development of the next generation of secured solutions for Russian government agencies based on the latest Microsoft technologies and Russian cryptography."

Whether their commercial interests mesh with our national, and even individual, interests is another matter entirely, hence your apparent initial dismissal of any cause for concern is misplaced.

He can start quoting me. He won't be any more accurate but it will make him more popular.:D

If you bothered to read and had any knowledge on the issue, as you say you do, you'd know it seems primarily related to commercial reasons.
Which is why I said MS wouldn't be allowed to sell to those countries without revealing their source code.


Whether their commercial interests mesh with our national, and even individual, interests is another matter entirely, hence your apparent initial dismissal of any cause for concern is misplaced.
- I think there is cause for concern, but that it's quite likely that stuff has gone on behind the scenes between MS and our government to assure our government that national security concerns are being taken into account. Whether that's reasonable or not you can judge for yourself.

- I think there is cause for concern, but that it's quite likely that stuff has gone on behind the scenes between MS and our government to assure our government that national security concerns are being taken into account.

That's a reasonable position I can agree with.