updated 04:10 pm EST, Fri November 20, 2009
MS refutes talk of NSA-made security hole
Microsoft in a response late Thursday rejected assertions that it has put in a security "backdoor" at the request of the National Security Agency. The denial comes after the NSA's information assurance lead, Richard Schaeffer, told a US Senate terrorism subcommittee that the agency had worked with Microsoft to improve Windows 7's "security guide" and sparked fears that the government had deliberately left a secret window the NSA could use to spy on users.
The software developer was adamant to Computerworld that it "has not and will not" put privacy at risk by allowing such deliberate exploits, according to a spokeswoman. Cooperation with the NSA is said limited to Microsoft's Security Compliance Management Toolkit, which makes sure that Windows and Office can be used securely in a tightly controlled environment like the NSA's buildings.
Concern had been raised that Microsoft might feel compelled to add a backdoor through economic pressure, as the US government is one of its most important customers and could threaten lost contracts if it didn't grant the NSA's wishes. However, AVG chief researcher Roger Thompson noted that the consequences of allowing an exploit could be equally severe as it would trigger a broad backlash from companies and users.
Firms like Cisco have agreed to such gateways but can do so since they don't store user information on their own devices. Many of those who do produce computers or their operating systems, such as Apple, usually only hold themselves to the international and voluntary Common Criteria standard that ensures a baseline of security testing.