Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

What is "LSA Shell" and why is it an "Export Version"?

Question:

Being a proud American why is my copy of XP running LSA Shell (Export
Version)? A search of the web pointed me to a lot of articles about the Sasser
virus. I use a very good anti-virus and, besides, the Sasser virus is from
2004. What’s up with LSA Shell (Export Version)?

I’m not totally sure on the “export version” issue, but I have a guess as to
where it comes from. Don’t take it personally but it is, or at least it was, a
matter of national security.

Or at least some people thought so.

Become a Patron of Ask Leo! and go ad-free!

First, “LSA Shell” is the friendly name for our old pal lsass.exe. As you’ve
seen, we typically hear of it in conjunction with
the Sasser worm
and other viruses. For various reasons many viruses cause
issues that appear to manifest as problems with lsass.exe.

LSA stands for Local Security Authority, which is an important required component of
Windows that deals with login authentication and security policies. You’ll see
it running on a perfectly clean and valid Windows installation. As I said, it’s
a required component.

“It used to be that strong encryption was classified as
“munitions” by the U.S. government.”

Now about that “Export Version”. Here’s my semi-educated guess.

It used to be that strong encryption was classified as “munitions” by the
U.S. government. That put it in the same class as guns, bullets and missiles.
The rules were such that munitions could not be exported. In fact, before the
restrictions were relaxed, several folks had an encryption algorithm printed onto t-shirts which they would then wear while
leaving the country – thus breaking the export law. If it sounds silly it’s
because it was, particularly considering that many of the better and more
commonly used crypto algorithms are coming from overseas anyway.

But regardless of its practicality, the law was the law, and software
manufacturers had to deal with it. Typically that meant producing two versions
of any software that required cryptography: a version for the U.S. which could
use strong crypto, and a version for export which used the weaker cryptography
that was allowed to be exported.

Hence the origin of the phrase “export version” – because once upon a time,
such a version was necessary.

The question remains why does your machine, presumably bought, paid for, and
delivered in the United States still say “export version”? (For what it’s
worth, mine does too Smile).

I’m not sure.

It could be as simple as no one having gotten around to cleaning up or
changing that label. There could be a compatibility reason. It’s possible that
there still are two versions, for historical reasons, and that you and I just
happen to get this one.

The bottom line as I understand is that there’s no practical impact.
The restrictions on cryptography were lifted several years ago, and
manufacturers have been using strong cryptography across the board ever
since.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

13 comments on “What is "LSA Shell" and why is it an "Export Version"?”

  1. For what it’s worth, I own a Presario with preloaded Win XP Home and my LSA Shell is an “export version” also.

    Reply
  2. CAN YOU BLOCK THE LSA SHELL FROM THE INTERNET SERVER? OR WILL IT CAUSE SERIOU8 PROBLEMS WITH THE COMPUTER AND CAUSE IT TO CRASH AND CAUSE YOU TO HAVE INTERNET CONNECTION PROBLEMS LIKE THEY SAY IT WILL? HELP

    Reply
  3. So can this LSA Shell (Export Version) be blocked from accessing the Internet, or is it an essential system process? Occasionally it pops up in my Sygate Firewall Pro, and I say No with no problems.

    Reply
  4. Have you ever thought that we probably actually all have an export-authorized version (would it only be because foreigners tend to shop in the US and their computers are not scanned when they leave), and that the full encryption’s distribution is only delivered to the military and the like? So that “export” rather means “demilitarized”?

    Reply
  5. Are you for real? Demilitarised encryption? Haven’t laughed so much in ages. And people are taking advice on here about securing their PC? Priceless.

    Reply
  6. @Simon
    It may seem weird Simon, but they’re completely correct. There was once a time when Apple marketed one of their desktop computers on the back of the fact that it could only be exported to nations with most favored status because it could do a gigaflop. Honestly, the Russians really were so far behind at the time that US home computers would have significantly improved their military potential.

    Reply
  7. Aside from the fact that the new AES adopted by the US Govt and the world at large is called “Rijndael” and originated in Belgium, did it ever occur to anyone that most US namebrand computers with OEM Windows are built, set up and bundled OUTSIDE THE UNITED STATES? The disk images must have been sent out to be installed before the machine is boxed. Is there a “non export version” of a consumer durable in today’s globalized world?
    Today this is a “non issue” and the absurd “export version” tag should have been quietly dropped.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.