Does Windows have Back Doors?

It's interesting that backdoors are so much more common in 3rd party "security software" than in 1st party code.

It sucks there doesn't seem to be any info about it online, it sounds pretty funny, I wonder if it was ever found out

@@SkynetCyb after posting this. I searched for the software. There is surprisingly little information online about any of it.

@@lwilton I bypassed my local public libraries incredibly weak "security login" simply by opening an open file dialog box in a web browser, navigating to System32, manually ran Task Manager, and killed its running "security login" exe process. They had the easy methods to open Task Manager and File Explorer blocked (no hotkey, or shortcuts) with some horrible login manager. I got caught after being on their computers for like 5 hours 3 days in a row, they had no idea how I did it, but I was banned for a week. Was like 12-13 years ago though. My wife works at the same library now lol.

Tf do you open a exe on notepad

A Window is just another opening it may as well be a door. leave a window open even a crack and anyone with time can slip the latch and slip in

It's a backdoor if you actually do it on someone else's machine. The ability to do it by itself is not a backdoor, first of all, because it was never intended. Maybe you could classify it as a vulnerability but imho it's not a serious risk since you'd need admin access on that machine in the first place to make that modification and if you had admin access you could just install some hidden remote access tool.

Being able to replace the files on a computer you have a physical access to is not a vulnerability.

its probally a bug, for it to be considered a backdoor it needs a few things, first it need to be intentional, and second it msut be able to be done remote via internet without physical acess to the machine.
that thing is a exploit in a local machine a vulnerability

indeed thats the ones that would be a far far greater risk as well since not only would they get pushed out with a stamped seal of approval by upper tards all too happy to screw over the public.. but the end result of such is beyond anmy doubt extremely nefarious.. and not just by the US alphabet agencies...
The risk of such is MASSIVE exp for foreign bad actors like china.. and they are all pissy over the banning of Huawei 5g etc well beyond the avg.. which makes it look all the worse for china since even their gov dosnt worry as much about such things for a "private company" per se.

this videos seems like somethinng Microsoft would incentivize people to make, lol

He knows that, he is directing you attention away from that because he's a shill.

@@duckie4670 another possibilty is, if he would speak the thruth he would end up in the ecuadorian embassy because of sexual herasmment claim. And years later it reaveals as untenable (surprisingly unexpexted), but because he flew from the local authorities he will be jailed and high security prison and after that he will be handed out to the (fair) hands of the us legislativ.
*Note: The brackets was irony

& nobody cares..
or think about snowden..
did you learn something today? any idea why he is trying to shame linux? any idea how the world goes?

Yeah he chose some very specific language in this one, it seems like there is some stuff he isn't telling us.

@*S U C T I O N* 💀

This was a misdirection video by a Microsoft shill

@@Mario583a Exactly that. If there was a secret key, for dubious intent, it would be highly unlikely that they named it that way.

Actual backdoors look like Dual_EC_DRBG. Or deliberately introducing a very subtle 0-day that will remain undetected through years of scrutiny.

I thought I heard stories from this very channel about when Dave's company worked with a very large 3 letter company for OS/2, that their security was way more strict. At least in the physical sense.

if the large three-letter company is a large German enterprise software conglomerate in the general direction of Heidelberg, things have changed massively in the last ten years. A lot of effort has been put into formalising those processes and enforcing them so shit is being kept track of, audited and fixed.

A good reminder that it's third-party software that is the big threat.

Security by obscurity is very effective - until it's no longer obscure. What's not effective is single-layered security. Obscurity should only be one (very thin) layer of your security model.
Your own example shows this - the systems you had at your school had the login source code available to everyone. That is more like open source software and isn't obscure at all provided you can interpret source code since it was available to everyone with any access level on the system.
The problems you described in one of the companies you worked for are also interesting. I work at a much smaller and less widely known company, and we go through a fairly exhaustive security review before we even enter into contract negotiations with a third party vendor. Our governance, risk, and compliance team starts off with reviewing the potential vendor's security policies and procedures, their compliance with various applicable security frameworks, their audit results from those frameworks, and so forth, before our legal team even starts to review and negotiate contract terms.
Then again, I also talk to various vendors who we consider working with, so I know that my situation isn't the norm and that I'm lucky to work at a company that has mature leadership that actually cares somewhat about quality, and that we have good team members on our security and GRC teams to provide those leaders with good information to make decisions with. But ultimately, security is hard, and it requires a great deal of attention, diligence, and effort to get it right. Companies as large as Microsoft typically have to do this because they have customers that are like my company, but ten times worse because they're government contractors or are governments themselves. Not every company has this, or understands that it's even necessary, yet.

Yess, I knew Intel was always better

I think you're treating "post patriot act USA" as a kind of "abracadabra" magic word that converts flights of fancy into sober contingencies.

@@eadweard. pretty sure the ones that say it can't happen are the crazies in this situation. Unless project PRISM doesn't exist, and carnivore didn't happen.

@@adriansrealm None of this amounts to an argument. It's all very, "If we had some eggs we could have some ham and eggs, if we had some ham".

@@eadweard. buddy, none of what you are saying is an argument, just a pointless blowing off of the past. and that is just ignorance.

(a) they don't do that or the FBI could get into the iPhone's secure enclave, which you know they can't.
(b) there's no world in which only one person would know, so it's still going to get code-reviewed!

The Gulags are in Russia. On the archipelago. Americans don't have to go to the gulag.

He is saying: If a driver contains a binary blob, you cannot read the contents of that blob, therefore that driver is not 100% open source. As the driver, let's say a GPU driver needs to be performant, it has low level access to the hardware. If it has low level access to the hardware, it can access whichever hardware component it wants - for instance read any physical memory address it wants or inspect whatever is typed on the keyboard.
What Dave is saying: Just because Linux is mostly opened source, there are no guarantees that such drivers with either malicious blobs or just exploitable blobs do not exist. This undermines the argument that open source operating systems like Linus are reviewed for security issues by the general public (implying that Windows cannot be reviewed the same way, therefore it must be less secure).

@@todortodorov940 what the poster to whom you're replying to is pointing out: closed source/binary blob drivers aren't activated in Linux by default. Most distros require you to manually enable them.

@@Leo-sd3jt Are you saying that the most popular distros, i.e. the ones used by the majority of people, are 100% open source, they do not contain any blobs and do not contain a single line of executable code that is closed to the end user?
I am sure that there is a hardened distro or one that is 100% open - but we are talking about what the majority of people are de-facto using.

@@todortodorov940 I'm saying that the closed source stuff is disabled by default and needs to be enabled by the user.

@@Leo-sd3jt That's only true for code which runs on the CPU. Device firmware blobs such as for Wi-Fi adapters _is_ usually loaded automatically.

What do you mean by "authorised"? Who would authorise such a thing, and for what reason?

@@eadweard. product management, legal and for “product support and improvement”.

@@c1ph3rpunk I think someone would ask why such things need unauthenticated access to admin privileges.

@@eadweard. when the boss says jump you start moving upwards until told to stop.
Darren has listed out some reasons that could be given, no doubt there are others. Beyond that, if you’re told to add something you do.

@@StephenBoothUK These are just phrases. The scenario doesn't seem very coherent.

Yes but often important projects are maintained and tested by very few people. Just look at the heartbleed buck. There was one person that reviewed the code written by a student. Now everybody acted in the best faith here and I don’t want to blame anybody. But this code then was shipped to basically the entire world and remained undetected for years. This is in part because OpenSSL in spite of being one of the most important software projects in the world was chronically underfunded and under maintained.

This aged like fine milk

Don't suppose you still have VB6 source code? haha, there was a mass call for MS to open source it when they decided to kill it off in favour of .NET.

@@Wilksey37 I spent many happy hours debugging in WinDbg but sadly, no. There was soooo much COM goo in there.

@@MarkALong64 Ahh that's a shame, yes, whilst I adopted C# fairly quickly when .NET 2.0 was released (the first real usable version IMO), I still have a lot of old VB6 code that could benefit from a 64 bit recompile, I guess we can be thankful that Windows will still run a VB6 app for now! I haven't done anything new in it for years but I know companies that still use it for their latest business apps.

@@Wilksey37 VB6 had it's quirks and hiccups over the years and patches, but I still feel that it was the most intuitive, stable way to build a GUI Windows App. I've even used it as recent as about a year ago to make a program, LOL! I learned enough C# to build apps, but still find Visual Studio 6 much more streamlined for fast development.

@@aceenterprise Yes, it was a true pleasure to develop apps with VB6, there was a massive community behind it too, I used to spend about 12 hours a day coding with VB6 when I was young(er), I still have my copy of MS VS 6 Enterprise which I bought for £30 from a company clearance sale many years ago, pure luck that the person taking the cash didn't know what it was as it was just another box to him.

That's quite the vulnerability. All it takes is one disgruntled engineer.

As awful as that is, I'll bet it saved a number of contracts. Clients never gripe about security when they are locked out and a tech can get them running again the same day. If they get to the point of having to rebuild, they are just as likely to switch vendors.

​@@toddmoore9841 For sure, it also unlocked a table editor so we could make edits to the DB's directly incase there was corrupted data or something hosing the system. Ah the joys of flat file FoxPro DB's, where if they are opened and the computer reboots, it can corrupt everything. Also access to the FoxPro 'console' window that would allow for minor commands to be executed.
Wasn't quite as bad as the PCCharge password system. PCC required 5 different passwords to rotate once a month, so we had a 'hardcoded' prefix and then 0001, 0002, etc added at the end LOL.
The old days were a lot different lol.

It’s the highly specialized systems that are constantly being used by non technical employees that are at greatest risk of having a passcode full access back door… when a company is paying for unique software/hardware systems to be built, one horrible mid level managers demands, and attitude, can quickly lead to angry phone calls to the technical staff, and demands from higher up from either company demanding a solution to their own incompetence, damn the security consequences!
See how quick a back door is created when you have technicians constantly degraded by a terrible mid level manger in charge of a highly technical project while being a massive Luddite. There is nothing more unpleasant to a tech, than the absurd and ignorant wrath of a narcissistic mid level manager at a company paying for your unique software/hardware that demands you fix ever problem they have. You show them at least once a day how to use some software/hardware, yet still manage to be yelled at about something not working, and it must be fixed immediately….Cue unplugged power cord, Capslock left on… etc…
Yeah those business to business projects, where highly specialized unique hardware/software system solutions are being managed by morons… Yeah those systems all have back doors… No technical employee on a project like that would survive a single day without a back door to the system they are working on… Too many employees making decisions with zero technical skills or understanding of security. Those employees and managers just want to hit deadlines. They couldn’t careless about security, anyways that’s not their problem anyways, so why would they care…
Ugh mid level managers do way more harm than good from my experience… I swear mid level, sales, marketing, and other bloated departments within many business spend more time preventing real quality work being done, along with crippling products, cutting costs in horrible areas, etc…
And internal marketing departments…
OMG I have seen hell, and it’s the inside of a mid sized business with an internal marketing department run by the owners nephew who just got their masters in “guerrilla marketing” with zero work experience…
I mean the guy’s only work experience was handing out red bull from a Mini Cooper that was “getting a giant red bull can suppository up its trunk…”Yeah that man was destroying his uncles business from the inside, it was so funny because of its stunning absurdity… I couldn’t believe how competent employees just went along with his nonsense! I pulled one employees I respected aside, and said “really?!” And she just turned to me and said “Afraid so… But at least I will see you on Tuesday for that Voice Over session!”
I stopped for a moment and realized she meant the session for another company, and already had a job at that fantastic company I was also doing work for, and she would now be leading the Voice Over session… I’m so glad she got out of there ASAP. The best employees are always looking for work opportunities for exactly this issue. If you have options to leave a job at any point for another one, you won’t become a slave to any one company!

@@letthetunesflow Ah, the joys of working for users who think "123456" is an acceptable business password, and give everyone their banking PIN because they can't even be arsed to do it themselves.

In summary, backdoors when Dave was working at Microsoft were VERY unlikely due to seasoned professionals having full responsibility for, and reviewing all code changes in their department at all times. If someone tried to put a backdoor in, it would be spotted by the many code checking processes and you would be reamed for it.

@@arnox4554 But only backdoors unwanted by Microsoft. NSA wouldn't try to sneak backdoors under M's nose, they don't need to. They surely had access to Microsoft's highest levels of command who in turn made the NSA guys work directly with the people checking the code, and since the "masters of the kernel" were just a few people, it's way less likely that the backdoors would ever leak.

Has there been an update if the rumors are true? Is this even still used?

Since when 2% of the marketshare is the 'most used'?

​@@IkarusKommt Only looking at consumer space

I just think they're neat ~~ Marge Simpson.

@@Masaliantiikeri In server space? Because it is free and can run primitive server applications like webservers and databases.

A very good point. However some drivers that run inside the main system's kernel are also binary blobs - the most common being NVIDIA's graphics drivers. After the recent leak of all of NVIDIA's source code, NVIDIA announced they will be making their driver open source - so there is hope.
A micro-kernel would be a better way to prevent unwanted escalation of bad drivers. That would make each driver effectively work like they were running on a separate computer.

@@markmuir7338 I wasn't referring to proprietary drivers. I understand those exist however the vast majority of Linux drivers are FOSS. My point was to refute Dave's comments about most distros not being fully open when the reality is as long as you avoid certain companies HW that's not quite the case. Having a fully open Linux system is basically just a matter of getting an AMD card as I don't know of much other mainstream HW that requires proprietary kernel code

The other point Dave made about the "many eyes" thing was actually tested by University of Minnesota. They made a number vulnerable Linux Kernel commits that weren't immediately picked up by anyone else. University of Minnesota got banned from making further contributions.

@@blkspade23 yes I'm aware of that but they did still get noticed eventually. I really wasn't trying to argue about that though as that's debatable as he pointed out. I just didn't like him taking shots at the firmware because it's not quite fair

@@Scoopta If his point was that "there will be code that you don't have access to that runs with unrestricted access" then it doesn't matter if "it only runs on the system that installs it", especially if that code is required for something to run, since you can't get around it. He also seemed to be using that as a way to point out "just use Linux which is open source" or "just use open source OS" aren't the end-all-be-all answers some people make them out to be.

A thing that is also kind of left out is that the source being open encourage curiosity and learning; thus having more domain experts. It is a particular skill set and for Windows it can only really start when (if) Microsoft hires or wants to expand their team.
Tho Dave has point in that there are many places were an integrity check is just a "trust me bro" and that does not inspire a high level of confidence.

@@KeithBoehler This has changed quite a lot. Microsoft has long had a great reputation of providing good documentation on how their stuff works, but the thing that kept people from learning it was that Visual Studio cost in excess of $500 for a license to use it. Now you can do everything you need to be able to learn their systems using a free license of Visual Studio Code. Although I'll admit that their documentation has gone down the toilet since the good old days of TechNet subscriptions and getting quarterly bundles of CDs/DVDs with all the latest updates. Now there's a lot more information out there, but of varying quality, so finding the good stuff does take more effort, but it's still a lot more freely available than it ever was before and is completely competitive with open source stuff.
Unless you want to look at or learn kernel-level stuff. You aren't getting access to a Windows kernel's source code anytime soon, so if you want to learn about schedulers and that kind of deep level esoterica, open source is still king by a wide margin.
And while I think you're right about open source being a good thing for learning, I've known hundreds of Linux people in my lifetime, but I've only known 1 of those who ever used that access to become any kind of domain expert on anything with it. The rest either become users or zealots in some kind of operating system-based religious war, and they know as little about their chosen OS as most religious zealots know about their chosen religions. But even in spite of that, I think open source is a great thing and provides tremendous value to humanity - or at least to those wise enough to make use of it.

@@babybirdhome atheist detected.
Opinion rejected

You can pretty much assume that every government has full access to any computer, not necessarily through backdoors, but just up-to-date information on exploits. They probably know every one and have programs constantly updated to automatically apply these to the target machine.

Sounds more like HR people being HR people rather than some grand conspiracy against you.

Nah, they just saw an opportunity to let go a senior employee that could be partially replaced by a younger underpaid graduate, saving a huge severance package by forcing you to quit.
HR people are garbage

1. No such thing as a conspiracy theory.
2. I Am a liar 🤥
3. Number 2 is false.
4. A conspiracy is a Felony in a Criminal Court.
5. 3 protocol changes took place
6. Learn to speak 🗣️ Octal
7. All your bases are belong to US
8. XaaS and you don’t even know it!
9. The Rights of the individual are only protected, as long as they don’t conflict with the state.
10. Rinse and Repeat 🔁 until 2035, you silly 🙃 flesh bags 💼 filled with mostly water.
11. See Number Three. ❤
12. The moral of the story to “The Boy Who Cried Wolf” is 2 never tell the same lie twice.
14. What are you expecting? Number 13? 😂

There's no way HR would be told about an NSA conspiracy.

So YOU'RE the reason that iron smelting plant in the Philippines shut down a month before Y2K - ha!

Yes you are old, so am i ;). Even tho i learned COBOL on the street so to say. COBOL was actually a great language. Simple and easy to learn. And meaningful names for variables were a must, if you still wanted to read and understand the code 6 months after you created the code. And yes, your code might still run somewhere. It wonders me how many banking systems exist, still running on old mainframes and still running COBOL and programs 30 odd years old.

That's a funny story. I'm old, too, with over 35 years as a COBOL programmer, both batch & CICS, I too started in the punch card days. Remember setting up the punch machine to automatically punch sequence numbers, in case you dropped your deck? Plus, use a black magic marker and make a diaganol stripe on the edge of the deck? It saved my butt, one time.

@@kg4wrq Funny how learning CICS coding set me up well to learn to program under Windows. Check your inbox (or get your message), do what they ask, wait for next message.

​@Thomas Fischer I had a COBOL course but then migrated to SAS, SQL, etc.
.
I should have stuck with COBOL. It's quite lucrative I hear.

But Microsoft wrote the compiler. It would (or should) have the same scrutiny as the kernel because it's used to develop everything else. One of the first things you do when writing a compiler is to compile the compiler on itself. It would be tremendously difficult to get a back door through that process.

@@babybirdhome And as the Ken Thompson paper points out, you are running a compiler that you did NOT create. The source may be clean, but the compiler itself can be tainted. In this day and age even the silicon may be tainted. Turtles all the way down.

@@Norman_Fleming Yeah Ken was technically correct (the best kind of correct) but somewhat paranoid in how far he took it. He wasn't wrong, but in real life things just tend to work (more or less). There probably are spies infesting the fabric of every society, but they leave things as they were afterwards, so you don't notice that they're there.
Not saying that's a good thing, in fact it's terrible. Just that it's easy to live with it.

@@Norman_Fleming these shills in the comments pretending they don't know lol

@@Norman_Fleming Three words: Intel Management Engine.

That was my thought. There have been plenty of exploits found over the years. How can we be sure that they were really all mistakes?

If there would be OS without any bugs, we would all use it 😂

Occam's razor - because errors are far more likely than someone that smart and capable.

This is where peer review should prevent such things. But this is true for any OS. Apple had a bug, where they did not validate SSL certificates correctly. It somehow got committed and was in the source tree for years. If this was a malicious act or just negligence, I don't know. The only way to prevent things like this is to perform peer review.

@@1971merlin Yet, statistically over the years it is also plausable that 1 was inserted by someone intentionally.
The amount of money up for grabs, just from major world powers makes it pretty plausible that someone would take the job. And that doesn't consider the possibility of state sponsered espionage. It does seem more likely that espionage would wish for the source code to look for 0 day exploits.

Symbols are files (extension: .pdb) which tell a debugger details about the spurces used to create a binary. Microsoft distributes Windows symbols freely - search the web for "Microsoft Public Symbol Server". Note that these are public symbols, meaning thet only contain function and param names, and stripped of spurce code location or loval var info

@@jonathanbarner121 that helps a lot thank you so much!!!

I was looking for this comment. How much do you trust Intel, AMD, ARM, NVidia, etc.?

@@skilz8098 ...
In truth, it goes down to the base manufacturers like DELL.

@@AmyraCarter Maybe, but I don't buy pre manufactured PCs, I usually build my own without any of their bloatware and proprietary configurations and setups.
I honestly don't think Microsoft would have a backdoor in their OS for themselves as that could lead to many legal ramifications. This isn't to say that they have not put any in their under the order of governments...
Now as for hardware such as your CPUs, motherboards and chipsets with the pre installed firmware... there is no way of really knowing unless either A, you had the full spec sheets with ALL of the instruction sets and functionality of the hardware or B, you were able to fully reverse engineer it yourself.
Take antivirus software programs for example... who benefits the most from those who write computer viruses? Those who write them or the those who sell software to protect against them? I'm not saying that this is always the case, but I wouldn't put it past some corporations to privately (off the record) hire people to write and design some of the computer viruses out there just so they can market and sell their products.
At the end of the day the best we can do is hope for the best while expecting the worst case scenarios. We can not always assume that they have our best interests at heart!

@@skilz8098 ...
Yes, I would build my own if...
1) I knew enough about it
2) I wasn't on a fixed and limited income.

@@AmyraCarter As for #1, you have to read especially the spec sheets, compatibility lists, and requirements for specific hardware. Also, having the schematic or diagram for the mainboard is a plus. Knowing is a combination of research and hands on.
As for the fixed income I can understand that as I have a tight budget too. However, if I'm looking to acquire a new system, I'll start to put money away and save it just for that purpose.
A barebones for about $400 - $600, not really worth it unless your own purpose of use is simple browsing, text editing and basic printing.
You can build a custom mid-grade gaming pc for between $800 - $1,200 and is good for mild gaming. This is the average price range for a decent bang for your buck, but still lacks in overall capabilities.
A mid to semi high end for about $1,200 - $2,800 will handle 95% of all current games with high graphics decently. These are the target pc builds that most people would generally be happy with as the tradeoff for cost and performance is fairly balanced.
A fairly high end but not quite top of tier system might be around $3,000 - $5,000. These systems will handle all games without question and future games for a few years to come. They can also serve as a workstation such as 3D Modeling, Photo & Video Editing, Content Creation - Live Streaming, Software Developing Systems, Mild to Moderate Simulation Systems, etc... These are a bit pricey, however if you're looking to invest to do a fair amount of work both effectively and efficiently while being able to multitask with computationally and resource intensive applications such as running Visual Studio, Unity or Unreal, Photoshop, and several other applications simultaneously it can be worth the investment.
Also the integrity of the hardware at this level is much better. For example a recommended power supply might be an 850W - 1200W Gold Rated or higher unit. These can run about $120 - $300 compared to a basic 450W - 700W low end power supply that costs about $30 - $50. The difference between the two isn't just the wattage and price difference, it's also the warranty and integrity of its internal parts. The higher end system can have a 7-10 year warranty while the lower ones can have a 1-3 year warranty and maybe 5 if you're lucky. They use cheaper capacitors in the lower ones.
Top of the line tiers can run from about $5,000 - $10,000. Typically these are the highest tier components across the board with multiple GPUs, high end cooling systems, maxed ram, plenty of storage on the order of 12-50 TB and these are typically out of most people's price ranges... These are more like enthusiasts, system builders who want to show off ect. Anything beyond these would be high end server racks or server farms or modern supercomputers.
I fully understand, I don't have the money and I'm looking to build a new system. I'm looking in the $2,800 - $4,200 range depending on which CPU - GPU combo I decide to go with and which type of RAM. I can probably save about $400 for sticking with DDR4 Ram or invest now and get the DDR5. I was thinking of getting an NVidia RTX 3080 Ti but from what I've been seeing, in the next couple of months, not just NVidia and Radeon(AMD) but also Intel and AMD are about to release their new lines of CPUs and GPUs and as I understand, Intel might even be entering into the fray with their own GPU.
The bottom line is, it depends on your needs for what kind of system you should invest in regardless of the cost. Even if you're on a fixed income but if you have good credit, you could always take out a single credit card just to purchase it, and then make the monthly payments. Then again, adding an addition $20 - 50 / month right now can make or break someone, especially with the ridiculous fuel prices.

Get a pen and paper. Cover all cameras. Job is done. Respect the people disrespecting you and others just as much, when pen and paper is not good enough ofc. It is hard to make mics quite unless you go in and cut them out by hard. Anything you do on any device is visible if someone or something cares enough to look into what you do with your private devices and data. So better buy 10 stacks to write stuff on and pens to last you. Since with cameras gone they need to get physically into your place and look at the stacks of data on paper media. :)
It is really scary to see what is just open to the users to do with modern phones. Scan data really clearly with just the camera. Talk into the mic and it knows exactly what you say etc etc. You really can just blank them off to win, but still without destroying the mic your out of luck trying to stop it listening in on your talking with loved ones.
Best is to make a device that can be 100% trusted to write data on and off never online connected storage devices. That being shield it from anyone but you having access to it. 1TB of text files and images what not is allot. Hopefully keeping physical copies too just in case. And fits more or less anywhere making it impossible to physically find the hidden data you keep at a secret place! But papers and pens without cameras is totally the safest way to store text and possibly also images. No firewall needed for that feat! Ha! Just bulky and harder to keep from home intruders to get access to. But ho is really going to go into your home for your ketchup preference??? O I know they have no remorse doing that to your computer or just tracking you other ways since screw privacy or decency.
Problem is trying to hide video from screwed -11 days. But what video files do one really care to hide away. Easy to find more movies and stuff if it is lost. But when having to pick up the pen agen just due to -11 day screwed is just a sad display of todays world.

Cut the mic? just open the device and remove the cable(s).

What's that got to do with windows lol!

What about it?
RISCV is our only hope bro.

​@@bravefastrabbit770 RISC-V is only a standard.
Processor manufacturers can (and will) backdoor them too.
Regardless if it's NSA, CCP, MOSSAD or some other secret organization, your machine is likely compromised.

@@install_gentoo Given that it's an open standard we will be faced with options rather than highly privileged proprietary firmware blobs (black boxes) necessary to even run the thing. That's the beauty of the beast.
Now whether the overwhelming majority of them will be compromised or not, I definitely agree that they will. But at least we will have alternatives. Until then, there are a handful of options out there. Such as the ones from System76 & Purism, on top of the better (but more expensive alternative) raptorcs for desktops which promises to have removed all blobs with their OpenPOWER, a "fully libre firmware and hardware solution".

@@install_gentoo There are also open source implementatins of the RISC-V standard, So we can make use of those and audit them if we want to.

I explain that... some is, but a surprisingly low percentage, at least in the timeframe we're comparing.

@@DavesGarage Makes sense, maybe the actual Linux team working closely and looking at it is smaller then Microsoft team looking at Windows. Thanks for the response.

​@@ShuAbLe He's lying. There are more people who contribute and look at Linux code than the Windows kernel, including Microsoft whose major revenue comes from selling Linux VPS.
Sure we can't look everywhere but it's still far more secure than Windows, where you're at the mercy of Microsoft prioritizing vulnerability fixes. The average time taken to patch Linux is a lot shorter than Windows. Sometimes Microsoft can take even months to fix a vulnerability while on Linux, it can be a next day update.

@@yoman9446 yeah thats why it took 20 years to find linux bugs😂

bugs are not vulnerabilities. Microsoft word has a zero day exploit that microsoft has known for months yet they refuse to fix it. good luck shilling, shill.

I agree, free software is not free of backdoors, thousands of volunteer programmers around the world can introduce backdoors in the software between millions of lines of code.
Many eyes looking at the source code to protect software security and many more looking at how to break security and introduce malware.

@@franciscojavier6003 I've had the discussion more times than I care to count but most foss advocates just don't want to admit that code need to be audited by a trusted third party for one to be able to claim it's secure. Most foss advocates really do believe that just because more people can view open source code that makes it more secure by definition.

Datamation magazine claimed in 97 or 98 the remote support system in 3.11, 95, and NT allowed admin access given the correct hash, a hash based upon processor model, processor id (if present), ram installed, and number and sizes of drives. whether correct or not, the federal agency I then worked for blocked all in/out on the remote support logical network port used.

You know damn well that's not what people are worried about

"Which makes me think if there had been back doors we eliminated them at that time."
Is it possible that people often say to you that you are naive?

@@WilliamHostman that would have been just prior to the review, hence the strict requirement which came down that there be no code not called for in the specifications. (Hence why even innocent Easter egg code had to go, because the Easter eggs prior to that time were never in the product spec.) there was a very serious review of all the code.

@@thomasjefferson4195 ACtually, that's what I'm worried about.
If some malicious hacker got past all the security features of MS, then they could easily close it later and they'd definitely tell us all about it.
But if THEY put one in, then it would be on everyone else to find it and make enough noise for people to notice, because obviously MS wouldn't tell us.

Sure, but *Microsoft* could update XP to be secure far faster than the public could update a 10-year-old sku of Linux, because they're had to start from scratch, with no knowledge of whats in there.
And being "updated by a third party" is only a good thing if those changes are proper, high quality, and benign. I just think we have less assurance of that under Linux.
As for me, I run Ubuntu WSL2 under Windows, so I'm screwed no matter what! They'll get me one way or the other.

@@DavesGarage " so I'm screwed no matter what!" ... Indeed, that is the main reason why I wear the tin foil hat and trust no one ! Looking forward to your NSA key video ... assuming "they" don't get to you first :-)

@@jonshouse1 they already got him, what you see in this video is high quality CGA/CGI :D
P.S. I'm wearing a stainless steel bowl i mean hat so I'm more protected... :P

re: "I can pretty sure that a copy of Windows XP will not cut it for an Internet connected machine today"
And, you would be so wrong. Internet-connected Xp box is writing this comment. Maybe you are unaware of how DSL and cable modems incorporate firewalls for instance. That would explain a lot of your naivety.

@@DavesGarage Microsoft *could,* but they won't. That, I think, is the main advantage of OSS. Why would MS spend resources writing fixes for a legacy product that, if it were made secure and had sufficient driver support, could be a perfectly valid alternative -- even today -- to spending money on new versions?
This is the thing I don't like about commercial software at all. You don't get a say in its destiny. I think Windows' UI peaked in XP, but Win 7 had some advantages, and either could be argued as the better one. Since then, there isn't really anything in the UI that has gotten better, and lots has gotten worse.
OTOH, security, Bluetooth, high-DPI monitors, USB 3.0, Thunderbolt, a decent 64-bit kernel... None of those things are visible on the exterior, but they matter a lot. Would be nice if you had any choice whether you liked the look/feel of 2000, XP, 7, 8, 10, 11, or 3.0 for that matter, but could run any release targeted for a 386 up to a Threadripper.
At least, if it was all OSS, and the community (or even one person) wanted it bad enough, that could've been the case. Given how many unofficial service packs, USB fixes, driver ports, and other things exist for the retro Windows community, they want it bad enough that that could've happened.

I remember going off the deep end when I first read the windows 10 EULA for that very reason. I think it goes way further than a backdoor to being all out access to your machine from theirs.

He knows all of that, he was paid to make a misdirection video

@@thomasjefferson4195 Prove it!

@@Bob-of-Zoid you can literal just goggle project prism, look into NSA enforced backdoors.
People that DONT work for microsoft know its history but this dude worked there and pretends to have mo clue about NSA nonsense thats already been proven.
You're so naiive it's painful

@@thomasjefferson4195 I didn't ask you to try to convince me of your belief, but to actually prove your claim! You are the naive one: Look up the word, then look up "Epistemology".

Or just patch the final binary you ship, no need for backdoor in the source. Or just put an extra master key/binary blob to the distribution config. It's much more easy to hide than commit it to the sources.

Too many people would need to be in on the conspiracy. If you tell a secret to two people it's no longer a secret

@@Luther7718 so you know everything the secret service doing? or the nsa? right, you don't. why? same reason why the windows source code not leaked already or anything similarly big. if you messing with national security level stuff you pretty much end up in Guantanamo without even a trial. look, if they spice the binary with a backdoor, it wont be the average Joe from accounting. but much higher up. or maybe Microsoft doesn't even know they are compromised by some 3 letter agency. :D

Did you fork dwm or start from scratch?

I backdoored my own windows 10 system because my pin wouldn't be recognized after an update, and I couldn't remember my password, which I only ever used a few times. At that time I had no coding experience, and still managed to get full admin privileges, I considered switching to mac due to glaring security concerns, but eventually I ended up on arch linux, because I'm not rich enough to afford a good mac, and I don't want to deal with the unreliability of hackentoshing. The AUR has locked me here forever.

@@accountid9681 literally just encrypt your hard drive and that wouldn't be possible anymore.

@@accountid9681 Your pfp hurts my brain

@@accountid9681 Can you explain how you "back doored" your Windows? To my knowledge, this is not possible, unless you have low level access to the hardware.

@@todortodorov940 I booted into recovery mode, and tampered with the filesystem to remap the visually impaired helper/reader button to open an admin terminal, then I used the admin terminal to change my password, and logged in. Pretty sure it's been patched, this was in august of 2021.

They don't need any since they have Windows Update.

Thank you for answering the question without a 17 minute video!

could not it be a bug instead of abackdoor? cause a backdoor its something did 100% intentional.

The Flame malware used the Windows Update system as a backdoor so you're exactly right.

@@Leo-sd3jt But the fact that they managed to sign the package in a way that made Windows Update accept it as a valid update package makes it a (serious) vulnerability in that case.

@@d-tech3190 why the "but"?

That's not a backdoor, it's a security vulnerability. The difference is whether it was intentionally left by the developer or a bug/oversight. In that specific case I'm pretty sure it was the latter.

I'd say it's usually left in on purpose. You get to a point where everything is running and it's as good as it's going to get and you're simply afraid to touch the code anymore lest you wreck something. Even putting NOPs over real code can mess up anything dependant on CPU timing.

I wouldn't call it a backdoor since it was a single player game and you'd only be cheating yourself. Not every undocumented feature is a backdoor, otherwise you could claim that most software has backdoors due to unremoved debug features, easter eggs etc. Backdoor are by definition features that allow you to risk or cause damage to others.

@@d-tech3190 And here I thought they were a method of gaining unrestricted access without a trace...

"hope", when it comes to corporations, is a dangerous thing

That's not a backdoor.

​@@eadweard. If someone can cause your machine to run anything they wish, with full privileges, without your knowledge, without your credentials, it's a backdoor.

@@douggale5962 It sounds more like an update mechanism. I think a backdoor is supposed to be something malicious and hidden, and intended to allow an attacker access.

@@eadweard. It is specifically designed to allow Microsoft to force updates onto your machine, whether you like it or not. Is that malicious? Yes. It's my computer. It's mostly a huge national security risk. If an adversary got Microsoft's private keys, they could disable almost all computers, at least temporarily. They would be able to impersonate the update servers, and they would be able to sign modified updates.

Linus flogged Tannenbaum out of the OS community for screaming this for years. You're beating an almost dead horse.

@@ea_naseer Yeah, I know. I'm also aware of the downsides of a micro kernel, but to me they seem reasonable in the modern world. When I wrote Linux device drivers a few years ago, I was amazed at how much destructive power I had at my fingertips. It's also why Android doesn't allow kernel modules - all drivers have to be baked into the device tree in the kernel image.

It's just an update mechanism.

@@eadweard. Changing the user settings, without permission, and without even letting them know, is pretty unethical.

remember when they pushed the stuxnet backdoor and then provide the removal tool for it?

This is more probable, targeted updates. Leaving code on a machine is risky business that really ends as a double edged sword. Law enforcement and intelligence only care about comprising machines when they are of interest. Comprising every machine is just a liability.

okay...?
but we have a BILLION (do you not know how insanely large of a number a billion is?) users and NONE of them have EVER actually proven ANYTHING youre talking about. 🙄🙄🙄
its as close impossible to slip by even a tiny backdoor without SOMEONE noticing without actually being impossible as you can get. so in 99.9999999999999% cases there is no fabled backdoor. possible, true, but so unlikely you might as well accept that it is impossible.
and you all can spew all the ignorant and rambly unfounded conspiracy theories but NONE of you have EVER provided ANY actuall evidence for what youre rambling about whatsoever.
stop watching faux news.
stop listening to alex jones.
start touching grass.
know something? put up or shut up.

You dropped your tinfoil hat

This was addressed in the video.

@@eadweard. Yes but he was wrong. Open Source is more secure by nature, closed source is by definition less secure as we have to trust that Microsoft Teams will pick up the attack, which they don't most of the time and take time to issue an update.

@@simhz2221 That is a mantra we've all been taught to repeat. There is no evidence things actually work that way.

That about sums it up. Why Dave started the subject if he can't tell the truth abut it. It was the same deal with Facebook. There is famous video from the beginning of Facebook with either CIA director or NSA one in Zuckerberg office just hanging around. Are we to believe they were discussing weather or perhaps something else?

You know, I somehow that Microsoft would do that because if they did was Microsoft would get in a lot of trouble.

@@MidnightThunderYT Hard to get in trouble when the man of this channel, and many of his colleagues then, have created a platform that is so good and lasting that it basically carries everything to the point where nobody can really do without it. Win32 has become a free IWIN button for Microsoft - they get far more leeway than they deserve because of it.

@@MidnightThunderYT I was writing a security paper and wanted to do Win10 privacy issues. There was no peer reviewed studies looking into this.
The only articles I did find detailed the Chinese government's special version of Win10 that was designed to not invade on the user's privacy. They weren't even academic, they were from trade journals.
In any case, the most secure version of Win10 you can get is a special version used on Chinese government computers.
Interestingly, even though there are programs designed to harden Win10 against personal data breech, no academic papers were found in a search of 2 different college libraries.
Maybe it has changed, but I known from experience that MS offers tons of grants to colleges, so it seems that they have purchased some good will against the curiosity of many researchers.

Hasbara posting

@@not_my_fn_real_name2689 highly doubt the Chinese windows is safer. maybe against the US but not against the Chinese government itself.
I guess it's more of pick your poison.

Processors have become so complex and capable that it's simpler to embed the monitoring software there rather than in every OS. With microcode updates being encrypted and the silicon being proprietary, there's not much scrutiny they can be subjected to.

That was my thinking from the beginning. My career was in MVS System Administration, where there's a hardware flag bit to indicate whether the current app is running in Supervisor State. The CPU could be designed to recognise a special sequence of OpCodes and set the Supervisor flag bit for whatever follows in the innocent-looking user's app. That should be a fun exercise for the CPU design nerds (if they haven't already done it).

This video is misdirection propaganda. He is paid to make people worry about hackers when it's evil government entities we are worried about.

@@thomasjefferson4195 I think each of us is more likely to be impacted by hackers. However society is not at risk from hackers, but absolutely at risk from governments. Even if you wanted to, there's little you can to do to keep them from monitoring you if they decide to. There exploit surface is so large for any modern computer.

@@gblargg that doesn't make it okay and doesn't change the fact that this video was specifically designed to distract from that basic fact.