For a long time now, I have been an advocate of Open Source software. This advocacy predates the various security and privacy issues that have recently come to light.
There are many benefits to using open source software; such as, collaborative problem solving, flexibility, customization, and (of course) cost. That does not mean open source solutions are flawless. They do come with issues of their own.
However, as more concerns and issues come to light about proprietary software, more users may begin to turn to open source software as a solution. One such issue that has recently come to light is that Windows 8 may contain a back door for the NSA or even China.
Windows 8 Security Threat
Recently, a German newspaper published an article claiming that the German Government considered Windows 8 machines, along with the TPM 2.0 chip that resides within them, a security threat.
The German media outlet, Zeit Online, claimed to have official German government documents that describe their uneasiness over the operating system and the little chip. The Zeit Online even goes as far as to state that the Germans were aware that the NSA was part of several meetings with the Trust Computing Group, the multi-vendor group that developed the TPM 2.0 standard, and approved of the standard.
This approval is believed to be due to the fact that the technology would not interfere with their surveillance practices. According to PCWorld:
“The documents also refer to the NSA having representation at the meetings and the statement ‘the NSA agrees’ in the context of leaving the technology in its current (presumably unreformed) state.” (1)
Accusations were not only cast on the NSA, but the article also held China responsible. The author jumped to the conclusion that since the NSA approved of the chip and the chip was made in China, the Chinese government could easily have a backdoor of their own. Or, even use the backdoor that was built for the NSA. All of these concerns were outlined in the German government documents.
Immediately, the German government issued a statement that the Zeit Online article was inaccurate in its claims. The Zeit Online reported:
“The Federal Office for Security in Information Technology (BSI) has rejected a report by Zeit Online.” (2)
According to the German government and Softonic, the government report was taken entirely out of context. Instead of accusing the NSA and China, Softonic contends, “The report argues that any new system has potential risks, from bugs that have not been ironed out yet, to new systems that IT operators are not yet used to.” (3)
Long story short, no system is 100% safe.
Does the Conspiracy Sound Familiar?
Such claims are nothing new. Similar accusations were made when Windows 7 was released.
In 2009, Microsoft issued a statement denying the presence of any type of back door in the operating system. In the 2009 statement, Microsoft said, “”Microsoft has not and will not put ‘back doors’ into Windows.” (4)
Back then, the computer company even admitted that the NSA consulted with them on computer security. Not to create a back door, but instead to enhance the overall security of the OS.
In response to the most recent accusations, Microsoft issued the following statement:
“It is also important to note that any user concerns about TPM 2.0 are addressable. The first concern, generally expressed as ‘lack of user control,’ is not correct as OEMs have the ability to turn off the TPM in x86 machines; thus, purchasers can purchase machines with TPMs disabled (of course, they will also be unable to utilize the security features enabled by the technology).” (5)
Does Windows 8 contain a back door for the NSA and China? The official answer from Microsoft is, of course, no.
However, the larger question is can we trust that answer with all of the revelations from Snowden about PRISM? The best thing to do is to keep in mind that no system is 100% “safe”.