NSA Helped Microsoft Set Security for Vista

Spy agency, vendor teamed to sync OS with standards

Microsoft Corp. and the National Security Agency confirmed last week that the intelligence agency helped the company configure Windows Vista so it meets the Pentagon’s security requirements.

> NSA spokesman Ken White said the agency has provided guidance on securing Windows XP and Windows 2000 in the past. But this is the first time the NSA has worked with Microsoft or any vendor prior to an operating system’s release, White added.

By getting involved early in the process, the NSA ensured that there would be a version of Vista that is secure enough for the U.S. Department of Defense and compatible with federal software, he said. Now the NSA can guarantee that Vista’s off-the-shelf security configuration “is at a level that meets our standards,” White said.

> Microsoft declined to make any executives available to comment about the NSA’s help. In a statement, the company said that it had asked a number of government entities to review Vista, including the NSA, the National Institute of Standards and Technology and NATO.

Alarm Raised

Still, the NSA’s involvement raised red flags for some privacy advocates. “Some bells are going to go off when the government’s spy agency is working with the private sector’s top developer of operating systems,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center in Washington.

> Rotenberg and other privacy advocates said it would be tempting for the NSA to push for a way to gain access to data stored on Vista-based systems.

But White said the NSA didn’t open any back doors into the new operating system. “This is not the development of code here,” he said. “This is assisting in the development of a security configuration.”

> The work with Microsoft was done in accordance with the NSA’s mandate to protect the nation’s information systems, White said. “This is the other half of the NSA mission that you never hear much about,” he said. “All you ever hear about is foreign signal intelligence. The other half is information assurance.”

McMillan writes for the IDG News Service.

Copyright © 2007 IDG Communications, Inc.

  
Shop Tech Products at Amazon