14 DAY TRIAL // Following the release of Windows XP, Microsoft implemented the Security Development Lifecycle in the building of Windows Vista, touting a tangibly superior operating system in terms of security. SDL was also the critical element in bulletproofing Windows 7, the Redmond company’s latest iteration of the Windows platform. But SDL should not get all the credit. In addition, it appears that the National Security Agency helped the software giant when it came down to securing Windows 7, and even Vista before it.
This is what Richard Schaeffer, the NSA's information assurance director, revealed before the Senate's Subcommittee on Terrorism and Homeland Security earlier this week (via IT World). Of course, that word is still out on Windows 7’s security, with the operating system still having to prove itself, but Vista did manage to deliver a more secure OS compared to its predecessor, according to Microsoft.
"Working in partnership with Microsoft and elements of the Department of Defense, NSA leveraged our unique expertise and operational knowledge of system threats and vulnerabilities to enhance Microsoft's operating system security guide without constraining the user to perform their everyday tasks, whether those tasks are being performed in the public or private sector," noted Schaeffer.
Andrew Storms, the director of security operations at nCircle Security and Roger Thompson, chief research officer at AVG Technologies, squashed questions related to the possibility that NSA built a backdoor into Windows 7 in order to monitor end users. Both agreed that such a move would simply be too risky for Microsoft to undertake, especially in the context in which the Redmond company would try to hide it from customers.
"All this was done in coordination with the product release, not months or years later during the product lifecycle," Schaeffer explained. "This will improve the adoption of security advice, as it can be implemented during installation and then later managed through the emerging SCAP standards."