Point vs. Counter Point: FBI and back door/wiretapping

Steganography would take off no doubt, and OTPs. Those are really easy and unbreakable (through cryptanalysis).

It's not about developing software, that's easy.
It's about cryptography and that's an entirely different beast. In fact it's so hard that only a few people in the world can do it. It's probably THE hardest problem of all technical things mankind has ever done.

Once "they" have quantum computers you can throw away all the public key crypto we have today, you can't just reuse what we have already available. It's an arms race and if cryptography became outlawed/monopolised the game is over.

Thank god the earth is a bit larger than the US of A

Anyway, I don't believe that will happen. There is no point in doing so and it's damn hard to enforce. Good old investigative police work still yields results despite strong crypto being available for years.
BTW, FDE is very needed, maybe not for John Doe's lolcats but for every business that stores customer data or trade secrets on portable devices....
So controlling what's allowed and what's disproved usage of encryption is pretty much impossible.

 

Unbreakable crypto is extremely hard. Crypto that will slow down a 3 letter agency for a long time, not so hard. At least that's my opinion. While security through obscurity is considered bad form, it certainly does have some merit. Even poorly developed crypto requrires some cryptanalysis. And no one can hope to crack the crypto of hundreds of amateur, armchair cryptographers in any reasonable period of time. Not even 3 letter agencies.

Besides, the crypto has already been developed. We have the source code. The existing code is priceless and can probably be used by non-cryptographers for 15+ years.

 

Here is an interesting glimpse into the "fears" that the FBI and NSA had about encryption back in 1997. This was a classified hearing in front of a Congressional Committee that has since been declassified by the FOIA. It is pretty fascinating reading if you have the ability to read between the redacted portions (most of the blacked out portions occur when the NSA assistant director was talking).

Basically, NSA was not concerned at all about encryption and was even promoting its use. The NSA man even went as far as to suggest loosening export controls. The FBI director, on the other hand, was extremely worried and was hoping Congress would pass a bill that made key escrow mandatory. The difference of opinion between NSA and FBI implies that NSA had "ways around" encryption whilst the FBI did not. The NSA man even said at one point "There is no brute force option for the FBI" but did not say there was no brute force ability for NSA. Sometimes what is not said is more important than what is said, especially when dealing with blacked out documents.

Even more interesting is one of the Congressmen said that if they didn't loosen export controls it would cause most encryption products to be manufactured overseas which in turn would hinder NSA's ability to "game the system." Game the system, eh? Would could that possibly mean? I think we all know.

Another interesting tidbit was the NSA's claim that software encryption vendors had been very helpful to NSA in complying with their "concerns." The NSA man named Microsoft as one of the compliant parties (but details of how they were compliant were not mentioned). He also said a lot about Sun Microsystems that was blacked out (probably relating to Lotus Notes, which was huge back then). The fact that his discussion of Sun was blacked out probably means Lotus Notes was backdoored.

Keep in mind this was before AES and other more modern ciphers. However, the gist of this hearing seemed to be that "breaking" a cipher was not critical -- more critical was maintaining the surreptitious ability to place backdoors and "game" the system.

So what does this mean for John Q Public who is not a terrorist or a criminal? Not much. It just means that most likely NSA can read your private information if they are so inclined, but since NSA only cares about "big fish" the chances of anyone compromising your strong encryption is next to nil (this includes LEA's). And this really only affects "commercial" encryption, it probably doesn't affect volunteer products.

 

That is true, but it's not the whole story. You are forgetting that individuals have the ability to encrypt their own communications and storage media. These are not subject to warrants and the like because no third-party has the ability to decrypt them. Anyone who relies on others do encrypt their data for them are fools. I would never trust some vendor who says "don't worry you can trust your data with us."

The government has been complaining about encryption since the 1990's yet hasn't passed any legislation against it. In fact, they have loosened the export controls. They haven't even made key escrow mandatory (which the FBI wanted at the time). So, knowing these facts, I think it's fair to assume one of two things:

1) Criminals/terrorists just aren't using encryption enough to warrant new legislation.

2) They already have a way around it via backdoors in software and hardware products.

I tend to believe #2 is more likely, at least for the intelligence agencies. See my post above this one for more on why that might be.

I agree. Speculating about what TOP SECRET agencies can do is futile (their budgets are not even published). But I do think it's highly unlikely they can break modern ciphers through traditional means. More likely is they have ways to "game the system." (This is the words of NSA, not mine).

I think we have a good idea what LEA's can do (and that's very little) when it comes to crypto. NSA is the real question mark.

OTP's are not the future, they are the past. They suck for any practical application. For one, the key material has to be as large as the plaintext. This means that to encrypt a 200MB file, you need 200MB of random numbers -- and the numbers have to be extremely high quality (like through a quantum generator). For point-to-point communication they are almost impossible to use securely, especially over the Internet.

 

Backdoor to what? Truecrypt, PGP, FreeOTFE, DriveCrypt, WinRAR, 7-zip, etc.

All of these programs are back doored?

Or is it to the algorithms? AES, Twofish, Serpent, Triple-DES


As far as I can tell, it has to be that either dozens of trusted programs are back doored or a dozen trusted algorithms. Extremely far-fetched from my perspective.

 

The operating system itself. Compromise that and all the encryption software running on it is worthless. Processes and files are easily hidden on NT systems, always have been. The NSA did supposedly help to "secure" Vista, but its still vulnerable. It makes one question whose security they really had in mind.

 

Well, that's more probable than back dooring all those other programs, but I still doubt it very much.

If I'm running a version of TrueCrypt that was updated in 2011 and a version of Windows that was last updated in 2005, how is that version of Windows going to reliably compromise the security of that version of TrueCrypt?

Let's not forget that WDE has been around for a while, and every byte of the hard drive can be encrypted. I don't see how it's feasible for an operating system to hinder every WDE program (even newer versions) and when it's easily verifiable that the entire drive is encrypted (using a hex editor).

When the computer is off, what's the entry point for one of these 3 letter agencies?

 

This is why I think the NSA seems extremely confident, in response to what chronomatic posted.

If I put myself in their position, I know I have the best cryptographers and mathematicians in the US. I know I can't really control consumer cryptography use anymore.

What do I do? I put a smile on my face and accept the inevitability of the situation. I don't admit any weakness nor do I try to make too many waves about strong cryptography, which may just have the effect of bringing more people into the fight.

And I know that consumers make mistakes, which may be exploitable by my people.

In short, I would do exactly what they did. It keeps a lot of people guessing.

 

It's doubtful TC itself is compromised (though I do admit the developers being anonymous is disconcerting). If anything is compromised it would be the operating system itself (a faulty RNG is a great way to do it, even though a flawed RNG in Windows wouldn't help much with TC since TC uses its own RNG). Another possibility is the hardware itself has covert channels built into it that might allow an attacker to crack encryption keys through something like a timing attack. In fact there is no doubt that there's covert channels in all of our hardware that are likely there by accident. It's very hard to design secure hardware and even harder to get secure software to go with it. Every year CPU's get more complicated, have bigger caches, etc. There is an unavoidable trade-off with speed/efficiency and security. The more complex CPU's get, the less secure they become and the more side channels pop-up within them. This is why NSA mandates that AES can only be used for top secret data if the machine it is being used on was first vetted by them (presumably because they have expertise in sealing the leaks in the hardware and software).

Researchers have already shown in the open literature how RSA and AES keys can be easily recovered by using these hardware attacks; they showed how a 2048 bit RSA key can be recovered in minutes on standard hardware. It turns out AES is particularly bad against timing attacks as well. However, it would take a very skilled and motivated attacker to subvert encryption using these methods (especially if they're doing it remotely), so the probability of it happening is next to nil. The timing attacks I am aware of require control of the machine and require the user to be doing decryption operations while the machine is being monitored. In order to break RSA, all you have to do is decrypt a single message (while the enemy has low level access to your hardware) and they can get the key. Of course the key here is the enemy must own your machine without your knowledge, and if they have that, then you're screwed anyway.

As for AES, I would say it would be very difficult if not impossible for there to be a trapdoor in it. For one, it was not designed by NSA. Secondly, it has been openly vetted and studied for 10 years now by people all over the world. I think the AES algorithm itself is secure and I think even the more paranoid types who know anything about crypto will agree. Where almost everyone falls short is in its implementation (making it immune to side channel attacks). This is probably where NSA has everyone beat -- they have the money and resources to design complete systems from the ground up. In this modern age, it is not about the algorithms -- all of them are pretty much only breakable by space aliens -- where the real concern lies is in side-channels and implementation flaws.

A hex editor is not going to show anything but random looking data and that data tells you nothing about the strength of the crypto. If a flawed RNG was used to generate that 256 bit key, the data would still appear random, but in reality the key could be easily recovered because it has been weakened significantly. If you own the RNG, you own the crypto, no matter how strong of an algorithm is being used. And even a very technical user would be none the wiser. The only way to discover something was wrong would be to see it in the code, which is why open-source software is so important for crypto.

Unless they somehow were able to monitor your machine (at the hardware level) prior to it being turned off and captured, it is doubtful they could do anything but attempt to brute force the passphrase. If they were able to monitor your hardware via some advanced attack while you were using it, they might be able to obtain the key that way.

I wouldn't worry about anyone being able to do this except for perhaps the NSA (and who knows with them?). Keep in mind that NSA is really mainly composed of the geeks of the intelligence world; that is people who sit behind computer screens listening to conversations of people in Tunisia and others who sit around making and breaking codes (and others who do R&D and ComSec). If someone were going to be planting a keylogger or somehow gaining access to your box on a physical level it probably wouldn't be them. They are more of the "brains" of the TLA's, whereas the CIA would be the "brawn" and would be the ones who specialize in HUMINT (agents in the field) operations.

Now let's back away from this Tom Clancy novel and get back to reality: unless your name is Mohammed and you live in a cave somewhere, you probably aren't a target. I am really just throwing hypothetical scenarios out here -- things that are unlikely but completely possible. My only point is you can never be sure about anything unless you built the hardware and wrote the software yourself. However, there's no reason to go tin-foil.

 

No, there is no reason to go tin-foil. And within the U.S., it would be the FBI who we would expect to plant keyloggers in a federal investigation.

However, it is not a question of simply being a target yourself, today. It is a question of whether NSA should be allowed to conduct wholesale capture of U.S. citizens' domestic communications. It is impossible to conduct oversight of an organization that is accountable to absolutely no one outside itself. It should be unacceptable. If more people were aware of the implications, it probably would be. And while it's true that you can never be completely sure of anything, and I enjoy the hypotheticals, I think it's important to stress easy-to-implement solutions that suit low-risk situations, in order to thwart creeping surveillance, from whichever source it arises. It almost doesn't matter where it comes from, as the ODNI was established to ease insitutional boundaries anyway. But this presents grave constitutional problems with, for instance, the merge of domestic and foreign intelligence collection, and creep of state propaganda disseminated outside the U.S. back inside, either by accident or design.

At this point, I think it is clear to all that "gaming the system" is NSA's best bet in the majority of situations where good encryption is even utilized. Further, a well-planned game would include efforts to discourage the use of encryption at all. And Caproni's remarks, cited above, lead me to believe the FBI believes the same.

 

Yeah FBI can certainly plant keyloggers and we know for a fact they have done it in a few cases. My point was more about the exotic attacks like timing and side-channel attacks that take more expertise to pull-off; I would be inclined to think NSA is ahead of the LEA's with these techniques. And when it comes to old-fashioned cryptanalysis, no one matches them.

I agree with the sentiment. NSA and other IA's should not be operating domestically any more than the Marine Corps should be policing the streets. NSA is an intelligence arm of the military and has no business using their tools against the public. If there are domestic targets that have somehow gotten flagged as imminent threats in NSA's Echelon-like systems (if they are, for instance, communicating with targets overseas), then NSA should pass that info to domestic agencies and let them handle it. FBI is more than capable of doing targeted and lawful wiretaps. But this scenario would only happen in a perfect world in which we don't live.

What is happening is not new; we know that details of Echelon were first being published in the late 80's after some journalists somehow got wind of it. I don't recall much outrage back then, even though it was widely believed the program could tap just about every phone on the planet. It was further revealed that supercomputers were processing the phone calls via keyword scanning. I don't know if people just assumed that they must be obeying the 4th amendment or what, but I don't see much difference with Echelon and the more modern efforts in surveillance. Thus, this technique of casting a huge net and seeing what one could catch did not start with the AT&T scandal (but that was what brought the issue to the public eye, partly because people were pissed at the Iraq war). No, this all started when they discovered how easy it was to intercept phone calls via satellite sometime in the 60's or 70's. Nowadays most international communications are no longer transmitted via satellite so they had to adapt by tapping the domestic fiber. Same game, different technology.

One of the difficult issues in this whole wiretapping business is how the Internet is routed -- most every country has its Internet traffic routed through the US at some point along the track. Since we know NSA wants to listen to most anything of foreign origin, then it follows they will want to have some sort of tap into this foreign traffic. However, if they tap the backbone here in the states people begin getting suspicious that they are listening to Americans.

I, for one, like having a strong national defense and I certainly want the IA's to have the ability to monitor international terrorist organizations and rogue states. But at the same time I don't like the prospect of a "Skynet" that catches us all in the net either. And we know this has happened -- we know for instance that NSA had a boat load of Princess Diana's phone calls. We know they were listening to communications that had nothing to do with national security (the personal phone-calls of congressmen, etc.). This, to me, seems like an abuse of power and a waste of time. It's a tough situation and there's no easy solution. I say that because if the NSA stops tapping the backbone here it means they lose access to lots of foreign traffic.

I suppose the bottom line is that I see no easy way to solve this without NSA being more transparent and having greater oversight by the courts. The question is how that will be done and how much the American public will be satisfied.

I am not trying to defend NSA, but they do have some oversight (Congressional intelligence committees and now the ODNI). The problem is that this oversight is not transparent and no one outside of these Congressional and military groups know exactly what is going on and why.

Oh, I agree. Encryption will definitely stop this business of "casting a wide net" and seeing what gets caught; it would stop the keyword scanning and the passive surveillance. My only point with mentioning all the hypothetical attacks is that if they really target someone they probably can get a hold of their communications, encryption or not. There's a countless number of schemes and side-channels one could devise.

Well it's almost certain that domestic agencies are nowhere nearly as capable with breaching encryption. NSA has had 50 years of study and technology development with the budget of a Microsoft. Most of the other domestic agencies have just now taken these issues more seriously. The question is how much of this know-how is NSA giving to domestic agencies and how much of it are they using against Americans. As you say, it doesn't make much difference if it's NSA or the local Sheriff -- illegal surveillance is illegal.

I would like you to elaborate on this.

I don't see any overt push by the government for people to not use encryption. The odd thing is, as I said before, NSA seems to be encouraging it. Thus, we can either believe they have our best security interest in mind and ignore the national security implications, or they have ways of gathering intelligence regardless of how secure the public thinks they are. I think it's probably both -- they want U.S. domestic security strengthened but don't worry about foreign entities getting their hand on the public-domain technology because they know they can circumvent it. How easily they can circumvent it is anybody's guess. I do think that encryption will stop passive surveillance and probably direct surveillance if done right.

 

In the 60s & 70s 80s etc the old keyword scanning on voice calls with the Echelon system was one thing, but now with big FAT pipes tapped into EVERY major data center & quite possibly ISP's too, it's quite another

Data mining as such & instant cross referencing etc wasn't possible back then. Now it's a completely different ball game ! Even if you're clean as a whistle, you can have enemies in "high" places, who have "friends" in "other" places that can/will/do whatever it takes to discredit you, and/or worse.

Personally i don't give a monkeys but i'm not a fool so i take precautions. Unfortunately, most people don't and wouldn't know such things exist

Anyways it's 2011 now and there isn't much time left, so good luck to "them" the're going to need it

 

I believe that this is precisely the point. I think all credible evidence points to the fact that NSA cannot break the best ciphers we have. Can we be sure? No. But the significance of the one time pad, and what we understand about human and machine communication, suggest that the cipher, as the purest distillation of human secrecy and a mathematical reflection of universal truth, has an advantage, if only for the reason that it can mimic "real" entropy. Thus computational power, used for cryptanalysis, may just get them nowhere, faster. But hey, you know, it's all up for debate

Agreed on all counts. And a constitutional problem, which you've recognized, here:

Which, of course they are. And as you pointed out, they always did. There was a thin fiction floated for awhile that they didn't. But I grew up a few miles from Griffiss Air Force base in the 60's, and anyone who cared knew that there were rapid and revolutionary developments in signals capabilities that were unwinding right down the road at RADC, and elsewhere and that there were spectacular things coming.

One of the reasons for all the disinformation regarding encryption - and I do believe it is intentionally propagated - is that the illegal information trade, in specific instance, and in the aggregate, is the biggest black market on the planet.

They know next to nothing, in my opinion. As for U.S. citizens, they are under collective hypnosis. Life is hard just getting from A to B. Not many people have the time or inclination to care about these topics when they are busy trying to make a living, and have access to sophisticated entertainment as reward. This is way too esoteric to suit most folks.

It is clear that the government "communication and control problem" has at least three components. You outlined them yourself, in skeleton form. The first is signals. The second is psychological and social. And then there's enforcement for when the first two fail. It is clear that programs like Operation Mockingbird paved the way for very sophisticated mass information spoon feeding.The internet is the perfect medium over which to conduct disinformation and propaganda. I'm pretty sure this fact hasn't pass unnoticed While our CIA is prohibited from targeting us in such ventures, it is clear that it is now impossible to regulate these covert operations to prevent domestic impact, partly due to the very anonymity we all (mostly) so enthusiastically espouse. This indicates to me a terminal prognosis for accountability, and an inability to function as we have in the past, which requires we seal faith in a sustainable vision of a constitutional republic. This form of government may require more transparency than is possible given our technological abilities.

I agree. And it is this, along with the double-edged implications of anonymity, that worries me, though perhaps as an inverse proposition than the one that might worry those at NSA.
It's been great reading this thread, and the exchange between you and the others. Thanks.

 

Well, if we're talking about tin-foil, my arguments certainly don't qualify for that label. Everything I said is about as grounded in reality as you can get.

I am however perceiving a disconnect in what you're saying. While you say you feel that the NSA probably has a way around encryption (hence their lack of worry), you can't cite one probable way that they can actually circumvent encryption absent having remote or in person access to a live system. In fact, you yourself have personally given arguments against them being able to bypass encryption on a system that's turned off.

Well, it's common knowledge that it's much easier to bypass encryption on a live system. That's not the issue. For the NSA to really be as confident and capable as you claim they are, I would argue that they would have to be able to bypass systems that are off and that they've not previously compromised. Otherwise, in my opinion, they don't really have a way around encryption. At least no more than any hacker who can plant a virus.

My opinion is they don't have a way around properly implemented crypto.

 

I just noticed your sig. Are you really 77 years young?

 

You know the saying, "you're as young as you feel." Well, that's as young as I feel.

 

If they want it bad enough, they'll label you a terrorist suspect, which terminates all your rights. Then they'll beat it out of you or let you spend the rest of your time in Guantanamo.

I'm very much inclined to believe that Microsoft has given the government what they want in Windows. In the past when companies grew so large that they dominated and controlled entire parts of the industry, they were broken up as unfair monopolies. Remember AT&T was for controlling telecommunications. Microsoft controlls and influences far more, but they're allowed to remain and to continue to expand, buying out and crushing competition as they please. Don't tell me that MAC and Linux are enough to keep monopoly laws from applying when Microsoft basically controlls the PC manufacturing and computer hardware industries as well. If 90%+ of cell phones sold had just AT&T service installed by default, that would be struck down as unfair on the spot.

When you finally conclude why this type of domination and unlimited expansion is allowed to continue, you'll have your answer as to why the NSA isn't concerned.

 

I agree with that. I'm inclined to believe the TLA's are better at thuggery than finesse.

I used to argue against using Microsoft security products routinely. I still have no problem telling people to avoid any crypto packaged with a Microsoft product. I don't even update my version of Windows through their updater. If I need an update, I download and install it manually.

But Google, I'm afraid, has become a much bigger boogeyman of late than Microsoft. Microsoft almost seems tame by comparison. But I still wouldn't rely on anything they provide to secure my system.

Regarding Microsoft giving the TLA's everything they need to bypass third-party crypto on their systems. Where you and I disagree is on the feasibility of an operating system developer being capable of systematically bypassing all crypto on its operating system. And with no one detecting it.

I don't think it's possible.

There were attempts made to split Microsoft a decade ago that failed.

http://en.wikipedia.org/wiki/United_States_v._Microsoft

I'm not sure we can blame this on the intelligence community. The first judge ruled to split them, but it was reversed on appeal. I'll admit I don't know all of the dynamics of the case or the reasons they actually weren't split.

 

While Google has certainly done some questionable things and forged some questionable alliances (we know they are in bed with NSA -- this is public knowledge), the thing that makes me sleep a little bit easier with Google is they release pretty much all of their code into the public domain. Thus, it is much easier to vet Google products than MS products.

Who knows what MS has really done? There's a lot of speculation. But, what we do know does not sound good. For instance, there's _NSA_KEY that was discovered by computer security researchers a number of years ago. What the significance of this find means is open for debate. Bruce Schneier doesn't think it was malicious, but thinks it was probably an extra key created for the government for their own key management systems. Others disagree and think it might be a sort of skeleton key.

Then there was the flawed RNG in Windows 2000 that was discovered by cryptographers in Israel (they also claim it affected XP and Vista). This was no theoretical or academic attack which makes it especially concerning: the attack actually allowed the researchers to recover crypto keys in a practical manner. As the researchers said, either MS has some very incompetent people designing their crypto code or they did it on purpose. There's no other option. Both scenarios are equally as scary.

And finally, we know that a RNG included as a NIST standard (Dual_EC_DRBG) was designed by NSA. Being designed by NSA is not necessarily a bad thing, but in this case, the RNG algorithm is slow and cumbersome and generally not worth using. This is why it is a mystery to cryptographers why it was made a standard -- there are better and faster options already out there. Yet it was mysteriously made a NIST standard and put in Windows. The weird thing about the algorithm is that the way it was designed allows for the designer to have certain constants that no one else has, which would allow him a way to derive all keys created with it. This is not a conspiracy theory but was actually shown by two world-class cryptographers. The only question is to whether this was an intentional design or an "accident." Since NSA designed it, I will let you be the judge.

 

Fact - MS publically admitted that they "worked together" with the NSA on Vista. Wonder what "worked together" meant I have a feeling they did on W7 too, wouldn't be surprised

Any company, especially one with MS's vast resources, who uses crappy encryption, or less good than what's available, should raise More than just suspicions, it does with me anyway

 

The entire NT file system raised my suspicions. Yes, it increased security as it relates to one users access to anothers files, but it also made it easy to hide files, processes, and data from all the users. It might be a reasonable tradeoff in a corporate environment, but for the average home user, the greater threat comes from outside. I can't look at a file system that hides things from the user as an advantage.

Every new version of Windows has taken more control away from the user. On a 9X system, the user had total access to every file without needing any 3rd party apps. If XP had something like DOS that wasn't controlled by Windows, rootkits wouldn't be near the problem they are. With 9X, one tweak closed the few open ports, making the system unreachable from the web. With 2K and XP, a lot of tweaking was needed to close the ports, and that came with possibility of breaking other services. Can all the ports on Vista and Win-7 even be completely closed? On 64 bit systems, the user can't control what runs at kernel level with any 3rd party apps. Security app vendors have been largely locked out, but malware can still compromise it. The one who's really locked out is the user. IMO, Windows has been gradually changing from a user tool to a user monitoring device with each new version. I'm becoming convinced that this is one of the main motives behind planned obsolescense.

 

I disagree. What's easier to audit, closed, even obfuscated code that runs on hardware you control on a network you control or partially open source (the real good stuff, the stuff they make money with like ad and search algos are of course closed) that runs in a remote datacenter?

With a Windows PC I always have the choice of pulling the plug, not connecting it to the internet and 99% of all security and privacy concerns go away in an instant. Not so with a Google Chrome OS device.

Oh please. There is a far more simple and less sinister explanation for that one. What about iPods, game consoles, flat screens... Are they too only updated because of their increasing surveillance capabilities?
The changes in Windows you mention are primarily explained by improving the security of the OS. You know, so customers have confidence in the product and don't switch to a competitor.

Fire up a live CD, full access to all files. Get your reverse engineering tools ready and start hacking away at the kernel. Patch guard can easily turned off.
I'll give you there is a problem once Windows starts to encrypt its own OS files to hide them from the user (with TPM or something).

 

You made my point entirely. Only a small percentage of users could even try to do that, and then only if they have the tools. The average user has no chance. Can the average user take a live CD and read everything on alternate data streams, or see a hidden process?

Can't comment on iPod. Have no use for one.
Gaming consoles? I seem to remember one that was supposed to be able to run a Linux OS, an ability that was taken away by an update. It's also my understanding that these things regularly scan themselves and report back on anything the user changed. Not a gamer so can't verify.

Is this a joke? What competitors? They dominate the industry and control the supporting industries. Mac is no better. Linux has to run on hardware built for Windows.

Improved security?? For who? Look back at the history of NT systems. The combined patches for XP are bigger than the entire OS it replaced, and it's still as vulnerable as ever. It's the primary component of botnets.

As for Vista and 7, AFAIC, they're nothing but massively bloated monstrosities that require ridiculous amounts of room and memory just to run themselves. They're the computer equivalent of an auto engine than consumes more fuel idling that the older ones did driving. No thanks. I'll stay with a lite, fast OS that serves as a platform for my software, acts as an interface between me and my hardware, then stays out of the way. Vista and 7 are the complete opposite of that.

Sure. You can pull the plug and do without the only source of uncensored news and events. Wouldn't be any point to even having a PC. As for Google systems, they're clearly no better, but saying that they're worse doesn't make Windows OK.

 

I'm afraid I didn't make "your point".
Give the users the full source code with great comments and full doc of everthing and let them audit it for backdoors. Well, "only a small percentage of users could even try to do that. The average user has no chance". See how that point works out for you?
I assume you know this:
http://en.wikipedia.org/wiki/Backdoor_(computing)#Reflections_on_Trusting_Trust

Here you are "missing the point". There is a single reason why game consoles are locked down the way they are. Hint: it's not to spy on the gamers.

If Windows hadn't updated, innovated and improved security and instead stuck with XP for yet another decade you could bet competitors would have taken off in a big way.
iOS and Android vs Win7Phone? See a trend there? Next round Win 8 vs Chrome OS? Google Docs vs Office 15 Live?
It's NOT a joke, I think you haven't kept up with the OS landscape lately,

The primary component is the user.
What got size to do with anything? Same can be said about the other OSs too, Linux and OS X updates usually are LARGER than Windows Updates. All mainstream desktop OSs are hopelessly insecure against any kind of dedicated hacker (ask me about it if you doubt so).

Right, "AFAIC".
Windows 7 is faster on modern hardware. Fact.
XP on the other hand is patched from top to bottom so many times it's architectural a frigging mess NOBODY understands, one reason why Vista took so long and still failed. (Don't believe me, ask Russinovich or anyone else familiar with Windows kernel development).

Oh, one thing we can agree on.

 

This notion that no one looks at open-source code is fallacious. They do. I know people who do. There are lots of people that are not involved directly with Linux kernel development that audit the code and send in bug reports. I can only code in higher-level languages, so I don't audit kernel code personally, but if I could I would.

There's always going to have to be some level of trust the average user is going to have to have since he lacks the expertise to do anything about it himself, but at least with open-source code we know that malicious code will come to light much sooner than it would for a binary blob that is the Windows kernel. At least with open code we know someone somewhere who has the expertise can audit it. Yes, these are only a small percentage of the users, but the Microsoft staff is even a smaller percentage of Windows users and yet they have total control over everything. I honestly don't see how anyone can argue that a closed model is somehow more secure than an open one.

As for Ken Thompson, yes it was clever. Yes it was devious. But that's why you check the compiler code.

I wouldn't say hopeless. If there is an uber-hacker targeting a machine, I will agree that he has a good chance of success (eventually) but a lot of that success will likely be a result of a careless user. Social engineering would likely be a part of any attack against a well secured desktop system -- some of the best computer criminals in the past relied more on social engineering and con man tactics than on hacking code. How do you think Stuxnet found its way into the Iranian nuclear program? I can guarantee you it wasn't because of remote hacking.

Personally, I don't worry about hackers (my bank accounts are small); I am more worried about those people who can do real harm and put real backdoors into everyone's systems. Ken Thompson's hack is a good example of how this is possible by a motivated and clever few. Open-code does not guarantee anything, but it makes finding such "mistakes" much more plausible. For one thing, there are lots of people involved in open-source development and it would take a conspiracy consisting of many developers for such a flaw to exist for very long. Someone, somewhere would get suspicious about his colleague's odd looking code patches eventually. In fact, we know this has happened already: Years ago a kernel developer caught someone trying to insert a root backdoor into the Linux kernel. It was actually a very clever obfuscated piece of code, yet this guy caught it.