“Microsoft Corp. says incomplete portions of the source code for some versions of its Windows computer operating system were leaked over the Internet, but analysts caution it’s too early to say how much damage the leak may cause,” Allison Linn reports for The Associated Press. “Microsoft spokesman Tom Pilla said Thursday that some pieces of source code – the tightly guarded blueprint of its dominant computer operating system – for its Windows 2000 and Windows NT4.0 operating systems had been ‘illegally made available on the Internet.”’
“Access to the source code could allow hackers to exploit the operating system and attack machines running some versions of Windows. Several versions of the operating system, including the ones containing leaked code, are used on hundreds of millions of computers worldwide. Such access could also provide a competitive edge to Microsoft rivals, who would gain a much better understanding of the inner workings of Microsoft’s technology,” Linn reports.
“But analysts and security experts cautioned that it was hard to assess any potential damage the leak could cause, since so few details were available. ‘Frankly, I’m not sure anybody can fully assess that, other than Microsoft,’ said Al Gillen, research director for systems software at research group IDC. The leak could potentially put more Windows users at risk because it opens the door to more people finding vulnerabilities in Microsoft’s code – and using them in malicious ways, Maiffret said. That could, in turn, wreak havoc on Microsoft’s ability to respond with fixes in a controlled manner,” Linn reports.
Full article here.
Bo’ster, MS IS going to be at Linuxworld, booth 753.
Well, yaknow what I meant.
(Voice of Nelson from the Simpsons)
” HAAAH haahh! ” M$ is busted
Cheers R.V.
King Candy said:
“It’s illegal? Really? Oh no! Better tell the hackers, perhaps thay don’t realise…”
Quick, someone alert the Department Of Justice…!
UNTrustworthy Computing (#70,001 in a series)
Maybe somebody can fix Windoze now that they have the code.
It’s a good thing Apple’s code was never revealed. If it had been, we’d probably have some security problems to deal with. Probably have to buy a virus scanner. Might have to stop opening my email. Might have to wait years for the next version of OS X.
Yep. Lucky Apple never let their secret code slip.
Voice of Roz from Monsters Inc.
“Haaaaahhhh… Haaaahhhhh !!! “
OSX was designed to be secure in the beginning… thats the problem with windows, security was a late late afterthought. They never thought pcs would replace mainframes and terminals…
Kenny: Mac OS X is a gui with apps that sits on top of OpenBSD. You want the source code for OpenBSD? I can email it to you.
UNIX is no mystery. No mystery man behind a curtain pulling levers. Unlike Windows, UNIX (and therefore Mac OS X) is secure by design, not by obscurity. And here I’m referring to the obscure availability of M$ code.
The entire Windows operating system as it exists today is a big hodge-podge of patches sitting on top of a shitty UNIX wannabe – DOS.
OpenBSD source code:
http://www.openbsd.org/cgi-bin/cvsweb/
Darwin source code (Apple’s implementation of BSD UNIX for OS X):
http://developer.apple.com/darwin/
Here’s a link to the source code for every OS X version:
http://www.opensource.apple.com/darwinsource/
If you need more info, Kenny, just let me know. It’s all readily available. You see, security comes from good design, not from mystery. Everyone knows how a good safe works. That knowledge doesn’t make it easier to break into that safe. Microsoft would rather hide your data in the back yard under a bush than put it in a safe. Sure, in the Microsoft model your data is secure if someone doesn’t go looking for it. But I’d rather have the safe.
Uh, I’m pretty sure Kenny was being sarcastic…
Ryan: No shit? Clearly.
I think someone needs to consider switching to decaf.
Only half my post was sarcasm. The other half was setting the stage for our illustrious guest-speaker, A.B. He came in right on cue.
Here is a paranoid take on the news:
I wonder about the possibility that Microsoft themselves leaked certain pieces of non-mission-critical codes. That way, they can claim that the attacks on the OS are not the result of their incompetence, but rather the consequences of a 3rd party inability to adhere to NDA. It is certainly consistent with MS’s knack to deflect blames to others. It also shows that Microsoft will agressively go after the leaker to protect the customers (sorta like OJ looking for the killer).
HA HA HA HA HA HA HA HA HA HA HA HA
I know somebody beat me to it, but it was worth repeating.
MDN is Mac Powered! Right On!
Kenny: Thanks. I’m always happy to entertain!
Nobody: I just assumed that was the case. Is that paranoid? Seems like it should be expected by now.
‘Access to the source code could allow hackers to exploit the operating system’
Is this a dig at open source???
Are they claiming that if source code is freely available, then it can be more easily exploited? There never was a leak. This is part of MS’s anti-Linux advertising campaign.
“But, what worries me about this, is that this may have been caused by China forcing M$ to open its code to them.” – b
A couple points:
China is well known to not respect intellectual properties. You can reasonably expect that Windows is not an exception. MS’s can’t claim ignorance here. They play because they want Windows to rule the world.
As others have pointed out many times, looking at codes does not automatically render a software insecure. Had Microsoft designed Windows well, this leak would have only lead to intellectual property infringement, not some security threats. One extra point: China actually is interested in having their own OS (along with Japan and Korea) which is to be based on linux.
AB-
” width=”19″ height=”19″ alt=”smile” style=”border:0;” /> I guess I am not the only one who is paranoid. Glad to have a company.
“…could further erode ‘security’ of Windows.”
Gosh… do ya think?
Microsoft is a virus. It must be eradicated.
I’m a recent parolee (two weeks!) from PC Prison, and news like this just keeps making me feel like more and more of a genius for springing myself from the depths of PC Hell. I think this might have been a “leak” perpetrated by Micro$hot itself to find the latest leaker. Man, I’m glad I don’t work for them.
resistance is futile – you will be assimilated
Resistance is inevitable! Anarchy turns resistance into revolution! To arms! To arms!
There are some potential advantages to this leak.
1. Software writers are now likely to actually see all kinds of poorly cobbled-together spaghetti code. This will give the folks a peek at how much of a mess that MS code is.
2. Who knows how much “borrowed code” will show up. Perhaps some deliberate hooks or other dirty tricks to assure that Lotus or Netscape (for example) won’t work. Maybe someone will find some of their unique code mysteriously showing up in this release (shades of enormous lawsuits)!
It wouldn’t suprise me if this is the REAL concern for MS.
“It seems unlikely this is going to create a material, significant security problem,” said Rob Enderle, a technology expert and principal analyst with the Enderle Group. “It’s more embarrassing than anything else because it makes it look like Microsoft can’t control its code.”
This is just like Mad Cow Disease, the spin has started.
This could be some of the code here. Sure explains a lot of things.
/* Source Code to Windows 2000 */
#include “win31.h”
#include “win95.h”
#include “win98.h”
#include “workst~1.h”
#include “evenmore.h”
#include “oldstuff.h”
#include “billrulz.h”
#include “monopoly.h”
#define INSTALL = HARD
char make_prog_look_big[160000];
void main()
{
while(!CRASHED)
{
display_copyright_message();
display_bill_rules_message();
do_nothing_loop();
if (first_time_installation)
{
make_50_megabyte_swapfile();
do_nothing_loop();
totally_screw_up_HPFS_file_system();
search_and_destroy_the_rest_of_OS/2();
make_futile_attempt_to_damage_Linux();
disable_Netscape();
disable_RealPlayer();
disable_Lotus_Products();
hang_system();
}
write_something(anything);
display_copyright_message();
do_nothing_loop();
do_some_stuff();
if (still_not_crashed)
{
display_copyright_message();
do_nothing_loop();
basically_run_windows_3.1();
do_nothing_loop();
do_nothing_loop();
}
}
if (detect_cache())
disable_cache();
if (fast_cpu())
{
set_wait_states(lots);
set_mouse(speed, very_slow);
set_mouse(action, jumpy);
set_mouse(reaction, sometimes);
}
/* printf(“Welcome to Windows 3.1”); */
/* printf(“Welcome to Windows 3.11”); */
/* printf(“Welcome to Windows 95”); */
/* printf(“Welcome to Windows NT 3.0”); */
/* printf(“Welcome to Windows 98”); */
/* printf(“Welcome to Windows NT 4.0”); */
printf(“Welcome to Windows 2000”);
if (system_ok())
crash(to_dos_prompt)
else
system_memory = open(“a:swp0001.swp”, O_CREATE);
while(something)
{
sleep(5);
get_user_input();
sleep(5);
act_on_user_input();
sleep(5);
}
create_general_protection_fault();
}