That really does sound a bit extreme even for a cynic – but it’s a question that is being seriously asked and needs a serious answer. It came to a head earlier this week when Zeit Online published a story suggesting that various federal German agencies had come to the conclusion that Windows 8 is not safe for use by government.
We need to put this into context with two technologies: UEFI and TPM. The Unified Extensible Firmware Interface (UEFI) is a specification that is meant to replace the Basic Input/Output System (BIOS) firmware interface on PCs. It provides many advantages over the original BIOS, but more pertinently here, it can be used to provide ‘secure boot’. Microsoft has come in for some serious criticism over implementing UEFI secure boot on Windows 8 – sufficient criticism for a Spanish open source group, Hispalinux, to level a complaint against Microsoft with the European Union for anti-competitive behaviour. Much of that criticism has died down as it has become clear that serious power users can get round it. However, implemented to its full potential it could enforce an Apple-like walled garden around non-Microsoft manufactured PCs.
TPM – trusted platform module – is a separate issue. This is a chip that controls what can and what cannot run on your computer. It can indeed provide additional security, since if only known good software is allowed to run, then any bad software (viruses and trojans and worms and so on) cannot easily run (never say never!). And there isn’t really an issue, since if you don’t want it, you can just turn it off.
Enter TPM version 2; which is what has upset the German government agencies. Microsoft intends to employ it with Windows 8. Windows 8 will be delivered with TPM 2.0 turned on, and no way to turn it off. But for new versions of Office or completely new Microsoft software, Microsoft clearly needs to be able to bypass TPM – and it has its own key to do so. The user does not have a key to do so.
And this is where the NSA comes in. Given everything we have learned about the NSA over the last few months, does anyone really believe that Microsoft will not willingly or at best under secret coercion be forced to give those same keys to the NSA and probably the FBI as well?
Some of us may even remember the NSAKey discovered in Windows NT by Andrew Fernandes in 1999. At the time, Microsoft denied the key had anything to do with the NSA, but frankly only the gullible believed them, and most people accept that it has been present in every version of Windows ever since. Anybody who believes that Microsoft and the NSA don’t go hand in hand is living in cloud cuckoo land under heavy surveillance.
The problem is that with access to a TPM 2 key that is always on, the NSA or the FBI or both could come and go at will with no-one being any the wiser. Which is exactly how they like to operate.
So how likely is all this? Professor Ross Anderson from Cambridge University wrote back in October 2011,
We’ve also been starting to think about the issues of law enforcement access that arose during the crypto wars and that came to light again with CAs. These issues are even more wicked with trusted boot. If the Turkish government compelled Microsoft to include the Tubitak key in Windows so their intelligence services could do man-in-the-middle attacks on Kurdish MPs’ gmail, then I expect they’ll also tell Microsoft to issue them a UEFI key to authenticate their keylogger malware.
And if the Turkish government can do that, what could the US government do?
I asked him what he thought now, and whether Windows 8 really is dangerous for governments. He said,
Non-US governments had better think carefully about their policy on all this. Until now you could grab the Linux source, go through it, tweak it till you were happy, recompile it and issue it to officials in your ministry of defence. Serious players like China even sent engineers to Redmond to inspect the copy of Windows that would be sold in their country. But most states don’t have enough competent engineers to do that.
Microsoft’s demand that the industry configure all Windows-branded machines so they’ll only boot signed operating systems will make life significantly harder for medium-sized non-aligned governments. And now that Microsoft’s admitted making NSA access easier, the idea of using COTS Windows is not emotionally compatible with the existence of large pampered signals intelligence bureaucracies, even if there isn’t a reasonable engineering alternative.
And so we return to the original question: is Windows 8 an NSA trojan? Yes. Microsoft and the NSA and the Obama administration will, of course, deny it. And the NSA — post Snowden — may never even use it. But that doesn’t alter the fact that the capability exists and could be used. A nuclear weapon is no less a nuclear weapon just because it hasn’t been used. And Windows 8 is an NSA trojan.
Nobody likes to admit to any enjoyment in “I told you so.” It is therefore with huge regret and personal pain that I now say, “I told you so.”
On August 7, 2012 – just over a year ago, this blog said: A Microsoft-made tablet? Big mistake. More specifically I added
But Microsoft’s solution is just plain wrong. It is planning to build its own tablet, to compete with the iPad and Android.
This would be a mistake…
Almost exactly one year later, on August 12, 2013, ‘Gail Fialkov, individually and on behalf of all others similarly situated’ filed suit against ‘Microsoft Corporation, Steven A Ballmer, Peter S Klein, Frank H Brod and Tami Reller’ in the US District Court, Massachusetts. The suit claims
What Defendants knew, but failed to disclose to investors, however, was that Microsoft’s foray into the tablet market was an unmitigated disaster, which left it with a large accumulation of excess, over-valued Surface RT inventory.
Despite costly attempts to spur the Surface market (such as a free $100 dollar magnetic cover/keyboard and a 30% discount on the price), ‘nothing generated meaningful sales of Surface RT.’
Then, on July 18, 2013, Microsoft issued a press release announcing that its financial results for the quarter ended June 30, 2013 had been adversely impacted by a $900 million charge related to a write-down in the value of its Surface RT inventory. In truth, however, the value of such inventory was materially impaired by March 31, 2013.
On this news, Microsoft common stock suffered its biggest price decline in more than four years, plunging $4.04 per share, or 11.4%, on very heavy trading volume to close at $31.40 per share. The magnitude of the decline in the price of Microsoft’s stock eviscerated about $34 billion of the company’s market value.
The action is claiming that anyone who purchased Microsoft stock between April 18 2013 (that is, just after the date at which it claims Microsoft was aware of the excess stock) and 18 July 2013 (that is, the date of its announcement of excess stock) suffered a material and unnecessary hit on their investment.
Whether Microsoft will issue a defence based on the public availability of this blog that had earlier warned all and sundry that the Surface was a big mistake and that they therefore had prior knowledge of the inevitability of the unmitigated disaster remains to be seen. But it could be, “Well, he told you so.”
Before I say anything else, let me just say that I really, really like Sophos; and I really, really like NakedSecurity; and I really, really like Graham Cluley. This is really, really just a comment on how the internet has upset the status quo rather than a criticism of any of the above.
Purely coincidentally I was talking to a fellow freelancer who, like me, is old enough to remember the golden, halcyon days of freelancing back in the mists of the last century. The internet has destroyed all that, along with the majority of magazines
I used to write for for whom I used to write.
“Today,” I said, “company blogs have replaced independent magazines. Just take NakedSecurity, which competes head on with the security magazines in terms of content.”
I stand by that. It’s a great blog and a great read written by experts in their subject. But the one thing it isn’t is ‘independent’.
Consider one of today’s news items: Microsoft and Symantec jointly took down the Bamital botnet (my news story is on Infosecurity Mag here). The problem is that Symantec, a direct competitor of Sophos, gets hardly a look-in on the Sophos blog – which is headlined: Bamital botnet dismantled, as Microsoft seizes control of malware servers.
In fact, you wouldn’t think that Symantec was involved in the actual takedown at all judging from the Sophos account – despite the fact that it published an excellent and detailed analysis of Bamital today.
Coincidence? Possibly; but I doubt it. The problem is that NakedSecurity is so good and so popular that it is often taken as news. It isn’t. It’s a marketing machine for Sophos – and readers should always bear in mind (not just for NakedSecurity, but for all of the company blogs that are replacing the magazines) that the one thing you cannot get from a company blog is independent news.