is this possible ever?

[biodegradable]

is it possible to NSA input backdoor in windows update? im read on internet Microsoft cooperate with NSA so maybe in future bacdoor can be in windows,and we will not know that because if they make good bckdoor he is undetectable? or this is inpossible and its big lie?

[Elise]

Is it possible, well anything is possible, a better question is, is this likely to happen? My answer would be "no". Because if it would become public (and this kind of things have the nasty habit to become public sooner or later), it will be real bad business for Microsoft. 

Could the NSA do this without Microsoft's knowledge? I doubt they will, you may have read the following article about possible backdoors: Greenwald: NSA plants backdoors in foreign-bound routers

This article describes possible backdoor implementation in certain devices (hardware). This means that you (as "the spying organization") know where a device ends up and decide to add a little something to make sure you can monitor said device. This is target-specific and, while I won't discuss the ethics around it, is still very different from mass-hijacking Windows update.

 

But, even if they did (again, aside from the whole ethical discussion that would bring with it), I've said it before, there's safety in numbers. Sure, you "can" get information from millions of users, but you'd still need to select. There's no way you can store extensive data from so many users for a long time and for such data to be useful you'd need to have a very good idea what you're looking for (in which case a targeted hack is much more useful and bound to attract less attention than a mass spy-mechanism, of whatever nature that may be).

[biodegradable]

i dont speak english so good like you madam Elise,so i cant ask all i want,but thank you for answer,i believe what you and EAM proffessionals say

[larryccf]

while we don't have exact details published, it was acknowledged sometime ago, BEFORE the Ed Snowden releases, that the gov't had received backdoors from Microsoft, Apple, Google et al

 

for a navy contractor, as i posted in the other thread, to be able to troll personal computers over the internet ( http://www.wnd.com/2014/09/u-s-navy-caught-spying-on-whole-state/ ), i can think of no other way for him to have gained access. While i have no interest in defending child pornography, i do have a strong interest in privacy and warrantless searching and even "fishing expeditions". It was reported in the story that the contractor had been doing this for 2 years and provided police with 8-9 leads - how many computers had he searched to find 8-9 possiblle child pornographers?

[Elise]

Having people say that large companies have willingly distributed backdoors to the US government is something else than having proof. I really don't want to go into the politics and/or ethics here, but suffice it to say, a whole lot of people would be thrilled to gather such evidence and it would be likely that at least some of it would have been public.

 

But whats more, the article states the following:

He was monitoring another computer at the same time that he found Dreyer’s IP address.
Read more at http://www.wnd.com/2014/09/u-s-navy-caught-spying-on-whole-state/#YKH4OrEbpy6KdHQt.99

 

This can really mean a lot of things. It can mean they set up a honeypot aimed to catch people involved in child pornography, it can mean they purposely installed a remote monitoring tool on a suspect's computer, or it can mean they were simply monitoring all the suspect's internet traffic based on their IP address. There simply is not enough information available to conclude Microsoft must have given the government backdoors.

 

Also, consider this. Malware developers are pretty good at finding (undiscovered) vulnerabilities in Microsoft (and other) software. They use those vulnerabilities to exploit them in order to install malware on a computer. A build-in backdoor would be perfect for them, because if rumors are true, such a backdoor would give plenty of system access. In my view they'd have a vested interest in sniffing out such a backdoor and using it. So far, nothing has been heard about that either.