1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Microsoft opens Transparency Centre Brussels

Discussion in 'Article Discussion' started by Gareth Halfacree, 5 Jun 2015.

  1. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    13,197
    Likes Received:
    2,289
  2. Phil Rhodes

    Phil Rhodes Hypernobber

    Joined:
    27 Jul 2006
    Posts:
    1,415
    Likes Received:
    10
    These days, it would be exceptionally difficult for microsoft to be doing much behind the scenes without significant risk of detection. What's the hypothesis here, that they've written an OS that phones home with details it shouldn't, and is specifically written to make this absolutely impossible to detect with monitoring tools? Pull the other one, we're not that important.
     
  3. Corky42

    Corky42 Where's walle?

    Joined:
    30 Oct 2012
    Posts:
    9,565
    Likes Received:
    375
    I think it's more along the lines of including a secret back door that can be opened if you know about it when you want to, I don't think anyone is saying that they've written an OS that phones home with details it shouldn't as like you rightly point out that would be easy to detect.
     
  4. Icy EyeG

    Icy EyeG Controlled by Eyebrow Powers™

    Joined:
    23 Jul 2007
    Posts:
    517
    Likes Received:
    3
    Seems to me that Microsoft is really trying to prevent the adoption of open source alternatives in the EU.
     
  5. Phil Rhodes

    Phil Rhodes Hypernobber

    Joined:
    27 Jul 2006
    Posts:
    1,415
    Likes Received:
    10
    In any case, how is this being checked? How do we know the source code they're supplying is the version that's released?

    This is the reverse issue of one key problem with the GPL, in which that it is, to all practical purposes, impossible to show that source code you've released is the version you used to create a given binary.
     
  6. John_T

    John_T Member

    Joined:
    3 Aug 2009
    Posts:
    531
    Likes Received:
    21
    Yep, I reckon that's almost certainly what it is.
     
  7. wolfticket

    wolfticket Downwind from the bloodhounds

    Joined:
    19 Apr 2008
    Posts:
    3,027
    Likes Received:
    275
    Well, it should be possible to compile the software from the source code then compare with the released version.
     
  8. theshadow2001

    theshadow2001 [DELETE] means [DELETE]

    Joined:
    3 May 2012
    Posts:
    5,170
    Likes Received:
    146
    I would imagine these are air gapped computers in rooms where you can't bring anything in, nor can you take anything out. Compiling windows is unlikely to be a press the green button in visual studio type experience. I would think it would involve all sorts of build scripts and tools which are unlikely to be made available.

    So I would think that these reviewers would be brought in to use only their thoughts and knowledge to examine the code of which they have little or no experience in dealing with and no real ability to examine references, make modules work in real time, run tests etc. Even if it is the real deal and you can compare it to a build, Microsoft can change the whole lot willynilly through windows update thus nullifying the whole purpose of the exercise.

    If you want a secure operating system you need to have access to the code and build it yourself. It's as simple as that. Governments that are truly concerned about security should be running their own verified builds of some open source platform. If a tool they require doesn't exist on the platform they should build it. But security has always taken a back seat to convenience.
     
    Last edited: 5 Jun 2015

Share This Page