| 515030 |
2007-01-11 21:52:00 |
Governments shouldn't be trusting Microsoft in the first place without an audit - the addition of the NSA to the list of 'trusted' agencies is almost incidental. Any critical government or military system should run only code which has been audited by them or a trusted partner (i.e. we could accept anything Australia or the UK had already audited and gave us the all clear on). Automatic updates direct from any external source should also be banned throughout such agencies as they could be used to load arbitrary spyware at any time. Putting political and military power into the hands of Microsoft or any other company would be a good indicator of stupidity for those making the decision.
One option that, though still imperfect, is a lot better is to use open source software and compile it yourself. Whereas a trojan added to a binary program can become almost undetectable, it is much harder to hide it in the source code. Even if you don't see it, chances are some other agency who does a full audit will. This minimises the risk and duration of exposure. |
TGoddard (7263) |