By Annalee Newitz

HAVING ESCAPED CORPORATE evisceration last year during a massive antitrust trial, Microsoft seems to be celebrating by snuggling up to the White House in whatever way it can. The techno-imperial giant just swapped executives with the government, handing off former Microsoft corporate security officer Howard Schmidt to work as one of President George W. Bush's top computer-security advisors, then replacing Schmidt in late January with Scott Charney, former director of the computer crimes division at the Department of Justice.

Microsoft is also launching the multimillion-dollar "Trustworthy Computing" campaign, a company initiative that sounds an awful lot like the House of Representatives' recently approved Cyber Security Research and Development Act, which will allocate $880 million over the next five years to tech-security research. Yet the deepening love affair between Microsoft and the U.S. government is complicated by their continuing feud over who is topping whom in the security game.

It's hard to say whether Microsoft would have decided to move toward developing security tech without some outside incentive besides money. The company has always raked in cash despite being notorious for hideously insecure products. Windows XP (the latest version of its Windows operating system) was so vulnerable to security compromises, before the company released a downloadable patch, that it was laughed off the pages of tech publications and gleefully thrashed by hackers. Government computers running XP subsequently became potential breaches in national security. So perhaps Microsoft chair Bill Gates got hooked on security because he was just tired of bad press and Outlook virus jokes, or maybe a little government birdie told him what to do.

Richard Clarke, White House cyberspace security advisor, has been meeting with the heads of several large tech corporations over the past several months (Microsoft and Oracle top among them), suggesting gently that they get on the fucking tech-security bandwagon and look patriotic about it. As a result, Oracle chief executive officer Larry Ellison offered to pump millions of his own money into creating a national ID card system. Gates, no doubt still sweating over his near-reaming by the Department of Justice, has gone much further.

As part of his Trustworthy Computing campaign, Gates is already setting up new corporate divisions that will work on authentication technology such as Passport (which verifies your identity online) and patch up security holes in Windows, Outlook, and many other M.S. products that have brought joy into the lives of script kiddies who love to exploit their extensive security vulnerabilities. Although Trustworthy Computing may sound like empty sloganeering, Microsoft is backing its rhetoric up with a massive investment in recruiting for its security divisions. A spokesperson for the company confirmed that Microsoft would be hiring 4,000 people for technical positions over the next year, many of them in security.

The problem with this strategy is that most geeks in the security community look at Microsoft much in the same way they would watch a Farrelly brothers movie. Sure, it's fun to laugh at spooge jokes, but you wouldn't want to be covered in it.

And yet when Bill wants something, he has a way of getting it. M.S. corporate recruiters are courting – and seducing – the kinds of hackers you'd expect to see attending hardcore security events like Black Hat or writing for the underground publication Phrack! Bay Area hacker Dixon (not his real handle) recently interviewed with M.S. and said the job offer was so sweet he couldn't turn it down. "Six months ago I wouldn't have applied for this job, but now I think the company is really trying to work on making its products more secure," he said. "And they're throwing a lot of money at it."

In Chicago, tech publication the May Report (www.mayreport.com) put it succinctly when it reported last month that Microsoft is "calling all hackers." An unnamed Chicago hacker and his pals told May Report columnist Bob Cross they had been contacted by M.S. reps looking for people who had experience using software tools explicitly designed to break into – er, test the security of – computer network systems.

Amusingly, Microsoft reps are denying that they want to recruit hackers – after all, in an era of harsher and harsher cybercrime laws, it wouldn't be prudent to admit you're sucking up to the very people the government wants to send to prison. One M.S. representative insisted the company doesn't recruit hackers because "hackers are illegal," while senior director of technical recruiting David Pritchard emphasized that "we have no ads that say we're seeking hackers."

Dixon, whose hackish past would make John Ashcroft wince, laughs at these denials. "The job description I answered said that applicants should be able to think like a hacker," he said. "And that's why they wanted me." But how can an evil genius like Dixon, who wants to maintain cred in the underground, work for a company most hackers call simply "the Beast"? "I'm going there because they're going to let me make these systems secure," he said. "As soon as they ask me to let holes slip by, or if I report vulnerabilites and they do nothing about them, then the job will be boring and I'll leave." In the meantime, he'll enjoy that six-figure salary just fine, thank you very much.

Other hackers are equally pragmatic about their newfound relationship with a company that they've probably slagged daily on security mailing list BugTraq. At a recent Bay Area hacker conference one speaker noted wryly, "I whore myself to Microsoft as a contractor so I can support my open source habit." In the past, Microsoft execs have called open source software "un-American."

But only the government is allowed to say what's un-American. Last week's little spat over security holes in Simple Network Management Protocol demonstrates just how much the government really cares about its new Microsoft love bunny.

SNMP is a fairly common protocol that's often used to control many critical parts of computer networks. When myriad vulnerabilities were discovered in SNMP about nine months ago, they were reported to the Computer Emergency Response Team (CERT), a federally funded group whose sorry reputation is about as good as Microsoft's in the security community.

CERT decided the SNMP holes were a threat to national infrastructure and notified several vendors, including Microsoft, that they needed to patch any software they sell that uses the protocol. In addition, these companies were given nine months lead time before the security holes would be officially announced so they could get patches ready to go. This was definitely a make-nice move in the direction of Microsoft. As British geek paper of record the Register (www.theregister.co.uk) notes, Microsoft has been "neurotic" about insisting "that vulnerabilities not be disclosed until an 'official' patch can be cobbled together."

But the feds decided to screw Microsoft this time around and announced two weeks early that there was a security hole in SNMP. This left Microsoft with no patch for the vulnerability. Once again Microsoft was wearing the proverbial "exploit me" sign. Score one for the government, at least in this round.

Now that Microsoft is luring the truly brilliant hackers into its security divisions, many government-funded agencies like CERT may get left in the dust. Mason (not his real handle), a Bay Area hacker who used to contract for Microsoft, puts it simply: "I hate Microsoft. I hate everything about them. But I respect their technology."