Ask Leo!

What is "LSA Shell" and why is it an "Export Version"?

Home » Windows » Windows Components

Summary: LSA Shell is an important Windows component that unfortunately shows up in some virus related error messages. "Export Version" has a murkier history.

Being a proud American why is my copy of XP running LSA Shell (Export Version)? A search of the web pointed me to a lot of articles about the Sasser virus. I use a very good anti-virus and, besides, the Sasser virus is from 2004. What's up with LSA Shell (Export Version)?

I'm not totally sure on the "export version" issue, but I have a guess as to where it comes from. Don't take it personally but it is, or at least it was, a matter of national security.

Or at least some people thought so.

First, "LSA Shell" is the friendly name for our old pal lsass.exe. As you've seen, we typically hear of it in conjunction with the Sasser worm and other viruses. For various reasons many viruses cause issues that appear to manifest as problems with lsass.exe.

LSA stands for Local Security Authority, which is an important required component of Windows that deals with login authentication and security policies. You'll see it running on a perfectly clean and valid Windows installation. As I said, it's a required component.

"It used to be that strong encryption was classified as "munitions" by the U.S. government."

Now about that "Export Version". Here's my semi-educated guess.

It used to be that strong encryption was classified as "munitions" by the U.S. government. That put it in the same class as guns, bullets and missiles. The rules were such that munitions could not be exported. In fact, before the restrictions were relaxed, several folks had an encryption algorithm printed onto t-shirts which they would then wear while leaving the country - thus breaking the export law. If it sounds silly it's because it was, particularly considering that many of the better and more commonly used crypto algorithms are coming from overseas anyway.

But regardless of its practicality, the law was the law, and software manufacturers had to deal with it. Typically that meant producing two versions of any software that required cryptography: a version for the U.S. which could use strong crypto, and a version for export which used the weaker cryptography that was allowed to be exported.

Hence the origin of the phrase "export version" - because once upon a time, such a version was necessary.

The question remains why does your machine, presumably bought, paid for, and delivered in the United States still say "export version"? (For what it's worth, mine does too Smile).

I'm not sure.

It could be as simple as no one having gotten around to cleaning up or changing that label. There could be a compatibility reason. It's possible that there still are two versions, for historical reasons, and that you and I just happen to get this one.

The bottom line as I understand is that there's no practical impact. The restrictions on cryptography were lifted several years ago, and manufacturers have been using strong cryptography across the board ever since.

Related:

More articles about: Windows Components

Article Useful? Link to it from your own website; just copy/paste this HTML:

Article 11764 | Posted August 16, 2007

Recent Comments

For what it's worth, I own a Presario with preloaded Win XP Home and my LSA Shell is an "export version" also.

Posted by: Charles baker at August 22, 2007 03:22 PM

My hp pavilion with xp media center edition is about a year old and it also has the export version.

Posted by: David at August 29, 2007 12:09 PM

CAN YOU BLOCK THE LSA SHELL FROM THE INTERNET SERVER? OR WILL IT CAUSE SERIOU8 PROBLEMS WITH THE COMPUTER AND CAUSE IT TO CRASH AND CAUSE YOU TO HAVE INTERNET CONNECTION PROBLEMS LIKE THEY SAY IT WILL? HELP

Posted by: BINGO at December 16, 2007 10:56 PM

My Gateway laptop w/ XP Media Center Edition is about 2 years old and also has the Export Version.

Posted by: Taylor at December 28, 2007 01:15 PM

I have a new (Mar 2008) Vostro 1700 laptop with XP-sp2, and it has the "export Version" as well.

Posted by: David at June 24, 2008 04:26 AM

shall I allow this to communicate with Windows/system/32/zone labs/avsys/scanning process.exe?

Posted by: MARILYN LOW at June 24, 2008 09:09 AM

So can this LSA Shell (Export Version) be blocked from accessing the Internet, or is it an essential system process? Occasionally it pops up in my Sygate Firewall Pro, and I say No with no problems.

Posted by: Mark at July 3, 2008 08:05 AM

Have you ever thought that we probably actually all have an export-authorized version (would it only be because foreigners tend to shop in the US and their computers are not scanned when they leave), and that the full encryption's distribution is only delivered to the military and the like? So that "export" rather means "demilitarized"?

Posted by: Eric Polin at July 9, 2008 07:43 AM

Post a comment on "What is "LSA Shell" and why is it an "Export Version"?":






(Email Address will not be published.)

Remember Me?

By popular demand...
my tip jar
Cuppa Joe
Buy Leo a Latte!

(you may use HTML tags for style)

New!

RSS feed Subscribe to the RSS Feed specifically for comments on this article.

Before commenting, please...

Please wait. Your comment is being processed ...

Ask Your Question:


ask-leo.com
Web

Archives

By Category
By Date

Advertisers

Advertise on Ask Leo!

««   »»

Question? - Ask Leo!
Who is Leo?
Link to Leo!

Terms, Conditions & Privacy

http://ask-leo.com/what_is_lsa_shell_and_why_is_it_an_export_version.html
Copyright © 2003-2008 Puget Sound Software, LLC and Leo A. Notenboom