WinInfo Daily UPDATE January 11, 2007: Microsoft Confirms NSA Role in Vista Security

Microsoft Confirms NSA Role in Vista Security

Microsoft Confirms NSA Role in Vista Security

After reports emerged this week that the US National Security Agency (NSA) helped Microsoft with some of the security features in Windows Vista, the software maker finally acknowledged the agency's involvement. The NSA sent a team of cryptologists to Microsoft's campus to review Vista's security features and they provided feedback and suggested changes. The agency also ensured that Vista was compatible with existing government software.

"Our intention is to help everyone with security," NSA Chief of Vulnerability Analysis and Operations Tony Sager told the Washington Post this week.

Previously, the NSA had worked with Microsoft to provide best practices security guides for both Windows XP and 2000. Although guides for those OSs were created, after the OSs had been completed Vista marks the first time the NSA has helped Microsoft with an OS before it has been released to the public. The NSA says it used two teams of employees to evaluate Vista. One team acted as malicious hackers and attempted to infiltrate the OS. The other team helped guide Microsoft's default security configurations for Vista.

Privacy experts as ever are concerned about the NSA's involvement with Vista, fretting that the agency might be given secret back door access to the OS. Previous charges along these lines have proven false, however, and Microsoft has denied providing such access. The NSA says it helped determine Vista's security configuration and didn't access the system's source code.

Microsoft has also refused to comment on NSA's involvement with Vista beyond admitting that the agency did help. The company also noted that it asked other government agencies to review Vista, including the National Institute of Standards and Technology (NIST) and the North Atlantic Treaty Organization (NATO).

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.