Microsoft probes Windows source code leak claim

Microsoft Corp was yesterday investigating whether its crown jewels, the source code to the Windows operating system, had been leaked to the internet.

A file, purportedly source code to Windows 2000, was yesterday found to be available on various peer-to-peer file-sharing networks, including BitTorrent and eMule. Snippets of the alleged code were also turning up on various web sites.

A posting to Neowin.net, a Microsoft-oriented message board, and subsequent postings to Slashdot.org and others, kick-started a hunt for the source code among geeks yesterday. Code for NT 4.0 was also purportedly available.

The rumor regarding the availability of Windows source code is based on the speculation of an individual who saw a small section of un-identified code and thought it looked like Windows code, Microsoft said in a statement. Microsoft is looking into this as a matter of due diligence.

One developer who saw the file said it was compressed with Zip and about 208MB in size. This suggests that even if it is Microsoft’s code, it is not the complete Windows 2000 source, which is said to be somewhere between 40GB and 50GB.

The news of a possible leak caused concern among some security experts, on the basis that there are already dozens of security vulnerabilities discovered in Windows every year, found by researchers who do not have access to the code.

Russ Cooper, editor of NT Bugtraq, which tracks problems with Microsoft software, pointed out that Windows Server 2003 contains NT code, but said that having access to source code would not necessarily make hackers’ lives easier.

Look at what people have been able to do without the source code. I don’t think they will be able to do a whole lot more [with it], he said. The time it will take for someone to look through the source code is enormous.

Microsoft has always been very protective of its source code. The fact that it is proprietary is at the center of the open source software debate, and the debate over whether OS buyers can take heart from ‘security through obscurity’.

But in recent years the company has found itself compelled to offer controlled read-only access to large sections of its source code to academic researchers and international government buyers, via its so-called shared source initiative.

This article is based on material originally published by ComputerWire

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing