For Windows Vista Security, Microsoft Called in Pros
Tuesday, January 9, 2007
When Microsoft introduces its long-awaited Windows Vista operating system this month, it will have an unlikely partner to thank for making its flagship product safe and secure for millions of computer users across the world: the National Security Agency.
For the first time, the giant software maker is acknowledging the help of the secretive agency, better known for eavesdropping on foreign officials and, more recently, U.S. citizens as part of the Bush administration's effort to combat terrorism. The agency said it has helped in the development of the security of Microsoft's new operating system -- the brains of a computer -- to protect it from worms, Trojan horses and other insidious computer attackers.
"Our intention is to help everyone with security," Tony W. Sager, the NSA's chief of vulnerability analysis and operations group, said yesterday.
The NSA's impact may be felt widely. Windows commands more than 90 percent of the worldwide market share in desktop operating systems, and Vista, which is set to be released to consumers Jan. 30, is expected to be used by more than 600 million computer users by 2010, according to Al Gillen, an analyst at market research firm International Data.
Microsoft has not promoted the NSA's contributions, mentioning on its Web site the agency's role only at the end of its "Windows Vista Security Guide," which states that the "guide is not intended for home users" but for information and security specialists.
The Redmond, Wash., software maker declined to be specific about the contributions the NSA made to secure the Windows operating system.
The NSA also declined to be specific but said it used two groups -- a "red team" and a "blue team" -- to test Vista's security. The red team, for instance, posed as "the determined, technically competent adversary" to disrupt, corrupt or steal information. "They pretend to be bad guys," Sager said. The blue team helped Defense Department system administrators with Vista's configuration .
Microsoft said this is not the first time it has sought help from the NSA. For about four years, Microsoft has tapped the spy agency for security expertise in reviewing its operating systems, including the Windows XP consumer version and the Windows Server 2003 for corporate customers.
With hundreds of thousands of Defense Department employees using Microsoft's software, the NSA realizes that it's in its own interest to make the product as secure as possible. "It's partly a recognition that this is a commercial world," Sager said. "Our customers have spoken."
Microsoft also has sought the security expertise of other U.S. government and international entities, including NATO. "I cannot mention any of the other international agencies," said Donald R. Armstrong, senior program manager of Microsoft's government security program, citing the wishes of those agencies to remain anonymous.
Microsoft's concerns extend beyond the welfare of its software when it seeks the security expertise of government agencies. "When you get into an environment where a Microsoft product is used in a battlefield situation or a government situation where if a system is compromised, identities could be found out," and it could be a matter of life and death, Armstrong said.
Other software makers have turned to government agencies for security advice, including Apple, which makes the Mac OS X operating system. "We work with a number of U.S. government agencies on Mac OS X security and collaborated with the NSA on the Mac OS X security configuration guide," said Apple spokesman Anuj Nayar in an e-mail.