Posted on 02/14/2004 7:24:36 AM PST by Libloather
Net File-Swappers Snap Up Windows Source Code
Fri Feb 13, 3:50 PM ET
By Bernhard Warner and Lucas van Grinsven
LONDON/AMSTERDAM (Reuters) - Internet users on Friday were ferociously downloading pirate versions of Microsoft Corp's Windows source code, stoking concerns hackers and virus writers could use it for a new wave of cyber attacks.
The world's largest software maker alerted the public on Thursday that parts of its valuable source code for its Windows NT and Windows 2000 operating systems had been leaked to various online file-sharing networks.
Microsoft said the released code amounted to a fraction of the entire program, but that wasn't stopping the curious and the malevolent from checking it out for themselves. Noting the size of the files being swapped on Internet file-sharing networks on Friday, security experts feared there could be enough compromised code available to crack open vital pieces of a software that run millions of computers.
"Whilst we do not know exactly what's in circulation, every coder, every malware jockey and every hacker who has a reasonable understanding of programming is going to be looking to get their hands on this source code," said Richard Starnes, an information security specialist who works with various law enforcement agencies on cyber-crime investigations.
SOURCE CODE FOR THE TAKING
Various computer security firms were reporting on Friday that two compressed files -- one at 203 megabytes and another at 229 megabytes of Windows NT and Windows 2000 operating systems -- were being widely distributed on scores of online exchanges.
Security officials said the compressed files amounted to a CD-Rom's worth of data and represented less than five percent of Windows code. However, they warned it may relate critical security functions.
"I do not believe Microsoft would have issued a public statement if the source code for solitaire had been released," said Starnes.
The concern is that in the wrong hands, virus writers and hackers could discover vulnerabilities in the software and use it to break into PCs running on Windows 2000 or NT to destroy or steal data.
Microsoft on Thursday was quick to dismiss this as unlikely, but that hasn't deterred Internet users from downloading the files.
"The source code leak spread quickly in the underground," said Ken Dunham, Malicious Code Intelligence manager for security consultancy iDefense.
LONG LIST OF SUSPECTS
Microsoft said it believed the leak could be a software developer, but was no closer on Friday to pinpointing the suspect.
Microsoft, which has been criticized for a number of software glitches that have been used by virus writers to develop potent Internet contagions, said it is working with the Federal Bureau of Investigations to track down the culprit.
The list of suspects could be a long one.
Microsoft last year began sharing parts of its Windows source code with governments interested in tailoring it to fit, primarily, their security needs.
Microsoft also has a longer-running initiative to provide universities and large corporate customers pieces of its source code for research and development purposes with tight restrictions on making it publicly available.
The initiatives were launched in part to address the competitive threat Microsoft was feeling from vendors of the open-source Linux software.
Linux has gained valuable market share in recent years as government and corporate users see it as a transparent software alternative that can be customized to fit their needs.
Microsoft responded to the Linux threat by offering discounts to win over budget-conscious customers and vowing to give customers a closer peek at its most valuable asset.
"I don't think that this kind of shared source usage can be scaled back. It's become an essential part of our business practices. Governments want it for trust and transparency. Businesses want it for security," Wilfried Grommen, general manager for Microsoft's business strategy for Europe, Middle East and Africa, told Reuters on Friday.
"It's a very large group of people that have access to the source code. It includes people at 120 universities in 27 countries. It includes large enterprises," he said, adding Microsoft recently began distributing code to independent software developers too.
"That is another large community," he said.
Microsoft "Outsources" to ...India and China.
Buh Bye!!!
Source code is compiled into various files that cant be disassembled.
This has frequently been done on smaller programs, but "decompiling" Windows would be a monumental task. It could be done by a government like China, though.
There are disassemblers that will generate "source code" from a binary executable file, but any resemblance to the source code from which the executable was originaly compiled will be strictly coincidental.
Plus, compilers strip out all the comments before compilation, so the regenerated source code will contain no explanatory documentation.
That would make it almost impossible to figure out what was going on in even a moderately complex program.
Warning: most of the source code files traded on Kazaa are trojan fakes. You might back up your system before running any of these exe files.
God Bless USENET ! :D
Reverse-engineering can be reasonably effective if software developers don't take steps to prevent it. But it's possible to pretty well munge code in such a way as to be essentially indecipherable.
Thank you for that comment.
The intellectual property status of many things are in flux...it is now a question for the Jury, in Federal District Court in Seattle, to decide whether "Windows" is in fact a valid Trademark...evidence having been presented of its use by, among others, the present day UNISYS Corporation several years prior to Gates' dropping out of Harvard.
Microsoft doesn't publish the Source Code because it relys on TRADE SECRET law to protect it.[ Copyrights only protected the Binary Distributions].
Yet by outsourcing Development, people in India and possibly China became into possession of these Trade Secrets.
Now, if it can be shown that Microsoft Was in ANY WAY deficient in the high standards required to maintain said trade actually SECRET, it ENTERS THE PUBLIC DOMAIN!!!
Remember, the Law favors Patent protection over Trade Secrets as A MATTER OF PUBLIC POLICY!
But, no, I didn't injure myself in a "Knee Jerk Reaction".
I nearly split open laughing...one slip, and it enters the Public Domain, with even LESS protection than Open Source has!!.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.