Tyler1989 said:
To top it off Microsoft used advapi32.dll to spy on all Windows users since Windows 95 revision B.
http://www.nsclean.com/nsakey.html
This "bug" in Windows is NOT a trojan horse or an attack on your system, nor can it even remotely be used by government agencies to gain access to any machine by itself. In order to gain access to your machine, a separate executable program, Microsoft javascript, ASP script or ActiveX control must interface with the flawed libraries in order to exploit this hole. Should anyone decide to exploit this flaw in the absence of a Microsoft repair of the problem, customers using our BOClean 4.03 product will be covered by any necessary updates if and when it is exploited upon its discovery. People who are using the Netscape internet browser are not at risk because Netscape uses its own implementations of crypto which are built into Netscape and do not require the use of the Microsoft Cryptography API. However, we still advise those using our NSClean 4.50 product to disable java and javascript to protect against other risks when using Netscape.
...
Our conclusion is that this "mysterious key" is in fact a second public key intended for use by the international banking community which permits the use of 128 bit ciphers offshore, carefully skirting around US export laws while protecting the "domestic use" public key. Originally, export restrictions prohibited "strong encryption" from being exported, but on November 15, 1996, President Clinton signed Executive Order 13026 which changed regulation of encryption from the U.S. Munitions list to the purview of the U.S. Commerce Department. On June 25, 1997, the export of 128-bit encryption by Microsoft and Netscape for purposes such as international banking was approved by the U.S. Commerce Department with significant restrictions.
The issue of "Strong Encryption" has been a center of controversy between the U.S. Government and the computer industry for a number of years. During this time, only U.S. Citizens were permitted to download 128 bit encryption versions of both Netscape and Internet Explorer while citizens of other nations were limited to weaker 40 bit encryption. In order for U.S. Citizens to be permitted to download the 128 bit versions instead of the "international" versions however, they were required to fill out a form with a great deal of personal information to verify their citizenship as well as the location of the machine where 128 bit encryption would be installed. Microsoft has recently succeeded in convincing the administration in Washington to ease restrictions for Microsoft, and Netscape has just announced that because Microsoft was able to exploit a loophole in the regulations, that Netscape should be permitted to do so also.