Microsoft probes Windows code leak

By Robert Lemos, News.com
Posted on ZDNet News: Feb 13, 2004 4:10:00 AM

Microsoft is investigating how a file containing some protected source code to Windows 2000 was posted to several underground sites and chat rooms.

A spokesman said late Thursday that incomplete portions of Windows 2000 and Windows NT were illegally posted to the Internet.

"It's illegal for third parties to post Microsoft source code," spokesman Tom Pilla said. "We obviously take that very seriously."

Microsoft said it is investigating how the code got on the Internet and is working with law enforcement. "We will take all appropriate legal actions as we move forward with the investigation," Pilla said.

The company has no indication that the posting was a result of someone breaching Microsoft's corporate network, Pilla said, adding that at this point there should be no effect on customers. As for the long-term security impact, Pilla noted that "this is not buildable or executable code...nor is it the complete source code."

The 203MB file contains code from Microsoft's enterprise operating system, but the code was clearly incomplete, said Dragos Ruiu, a security consultant and the organizer of the CanSecWest security conference, who has examined the file listing.

"It was on the peer-to-peer networks and IRC (Internet relay chat) today," Ruiu said. "Everybody has got it--it's widespread now."



		Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.

The 203MB file expands to just under 660MB, he said, noting that the final code size almost perfectly matches the capacity of a typical CD-ROM. The entire source code, he said, is believed to be about 40GB, meaning that the file circulating Thursday is only a fraction of the full code base.

"It looks real," he said. "You can't build Windows, however. It's just a bunch of chunks of the operating system."

Microsoft said it is looking into claims that file traders were swapping its proprietary source code.

Earlier Thursday, a source located a file purporting to be the code on a Web site, but the file was removed from the Internet before it could be completely downloaded.

The releases of the source code created a buzz on the Internet but also worried some security experts.

"It's definitely not a good thing if 'black hats' have the source code," said Oliver Friedrichs, senior manager with antivirus company Symantec's security response center. "The underground can look at the code without legitimate security researchers being able to find vulnerabilities first."

But Microsoft downplayed the security angle.

In its statement the company said the main concern is the potential theft of its handiwork rather than the possible security threat that such a leak might pose.

"If a small section of Windows source code were to be available, it would be a matter of intellectual property rights rather than security," Microsoft said.

Getting to the source
Microsoft zealously guards the source code to the various versions of its Windows operating system, sharing it only with universities and government agencies that sign agreements not to release the code. While working versions of Microsoft's operating system have occasionally leaked to the Internet, actual source code leaks have been rare.

Although Microsoft Chairman Bill Gates has publicly bragged about the security of Windows, even Microsoft fears the release of its code. In testimony during the Microsoft antitrust trial, Jim Allchin, the company's senior vice president for Windows, said opening up the company's source code could be devastating for the operating system's security.

"The more (that) creators of viruses know about how antivirus mechanisms in Windows operating systems work, the easier it will be to create viruses or disable or destroy those mechanisms," Allchin testified during a May 2002 antitrust trial.

Allchin made the statements while defending the company against legal remedies supported by nine states in its antitrust case that would have compelled Microsoft to give away the source code to Internet Explorer.

Allchin's fears are not misplaced, said Thor Larholm, senior security researcher with security consultancy PiVX Solutions.

"Just look at the amount of vulnerabilities that are discovered without the source code," he said. "The majority of Windows servers are still running Windows 2000. Furthermore, Windows 2000 has a lot of shared code that is still being used by Windows XP and Windows Server 2003."

However, other security experts believe that fears are misplaced about a leak leading to the widespread discovery of vulnerabilities in the code.

"Theoretically, to a good reverse engineer, all code is open source," said a Microsoft security consultant who asked not to be identified. He added that the size of the compressed file that was being passed around the Internet sounded about right.

In the end, however, the mistake that made Microsoft's code public might result in benefits similar to open-source code, Ruiu said.

"Short term, there might be problem (as bugs are found), but long term it might be good for them," he said. "Their code might become more secure."

CNET News.com's Ina Fried contributed to this report.

SponsoredWhite Papers, Webcasts, and Downloads

Talkback
Most Recent of 103 Talkback(s)

Thread View
Flat View

no assembly required: There's no/little assembly in there. It's 98% C and C++. I think this number of 40 gigs came from some analyst and became accepted as truth. If you do the math, 40 gigs of source would mean Windows is... (Read the rest); Posted by: setsdfgsdf Posted on: 02/17/04 You are currently: Logged In | Log out

The source code of a monsterpiece. michael-t | 02/12/04

And they claim we are safer because the hackers don't have the code. DonnieBoy | 02/13/04

Now I wonder who did this?? Arthas | 02/12/04

Why would anyone do that?!? guido_z | 02/12/04

Advice for arthas nite_w0lf | 02/12/04

Advice for nite_wolf Arthas | 02/12/04

advise for Barfas stephen732@... | 02/12/04

it very well could be Arthas | 02/12/04

Evidence Martin Marvinski | 02/12/04

you are clearly showing your age matted@... | 02/13/04

Evidence Arthas | 02/13/04

it very well could be... Microsoft EJHonda | 02/13/04

very intrincted logic, pal fgh1234 | 02/13/04

Arthas, why Open source is good for students voska | 02/13/04

I never said it wasn't good Arthas | 02/13/04

Cable?! Frank.. | 02/13/04

Its Microsoft's doing OhMyGosh | 02/12/04

Fingerprint each copy? IT_User | 02/12/04

Exactly linux_skynyrd | 02/12/04

Controversy? sman_z | 02/12/04

On the Contrary linux_skynyrd | 02/12/04

unlikely guido_z | 02/13/04

interesting.... jediab | 02/13/04

Good question OhMyGosh | 02/13/04

guess ms shared source is not real JWatson77 | 02/12/04

Before you get your knickers in a knot Cardinal_Bill | 02/12/04

enough... fenderman | 02/12/04

You assume too much about Redmond. DanIelWalker_z | 02/13/04

HP Made $2,500,000,000 last year from open source jaydee_z | 02/13/04

Maybe it was the Smithsonian IT_User | 02/13/04

National Security issthatso | 02/13/04

Hackers have had the code for a long time. We just did not know. DonnieBoy | 02/13/04

Are you ready to retract this statement? rinaldo | 02/13/04

Care to post a link? BruceWheelock@... | 02/13/04

Here's where I read it rinaldo | 02/13/04

not a link, but a quote from full-disclosure SpikeyMike_z | 02/14/04

not happend guido_z | 02/12/04

40 GB????!!!! OhMyGosh | 02/12/04

Well... Martin Marvinski | 02/12/04

Agreed. doe_z | 02/12/04

Unusual Bloat michael-t | 02/16/04

Worse than that Robert Crocker | 02/12/04

40GB of source, not binaries Oggie_z | 02/12/04

That's still huge CobraA1 | 02/12/04

Hmmm michael-t | 02/16/04

no assembly required setsdfgsdf | 02/17/04

One floppy? sman_z | 02/12/04

W2K for all platforms, i386, alpha, ppc hal9000mx | 02/14/04

Windows has AV mechanisms??? Who knew? EJHonda | 02/12/04

I wonder who did that.... Typical.... guido_z | 02/12/04

They are more worried about their property than our SAFETY??? MrNasty000 | 02/12/04

not difficult guido_z | 02/12/04

Merits of the source.. sman_z | 02/12/04

and they are right.... ryusen | 02/13/04

It is complete, well... Richard Flude | 02/12/04

"damage national security and even threaten the U.S. war effort." David Mohring | 02/12/04

Good article CobraA1 | 02/12/04

Third option Nigel Johnstone | 02/13/04

Fourth option IT_User | 02/13/04

ha ha ha.. looking for to see this buggy source code M_c | 02/12/04

Expect them to "do a SCO" soon chris q | 02/12/04

Gee, but wouldn't that be redundant?

dicktaurus@... | 02/13/04

At last, the truth... p.severin@... | 02/13/04

MS Has Right To Protect Source, However . . . markdoiron | 02/13/04

security misused guido_z | 02/13/04

Windows is safer because the hackers don't have the code!!!! DonnieBoy | 02/13/04

Then perhaps... mikeybrass | 02/13/04

alcatel.... guido_z | 02/13/04

Re: Alcatel mikeybrass | 02/13/04

What's wrong with the command line? voska | 02/13/04

Installing mikeybrass | 02/13/04

network basics guido_z | 02/13/04

Re: Alcatel mikeybrass | 02/13/04

alcatel / security / user friendly guido_z | 02/13/04

another reply guido_z | 02/13/04

PS mikeybrass | 02/13/04

That has nothing to do with the current discussion DonnieBoy | 02/13/04

Contra mikeybrass | 02/13/04

The migration will start in the enterprise. For the home: Lindows. DonnieBoy | 02/13/04

Talk about Bloatware Rick_K | 02/13/04

Avoid, avoid, avoid... Zogg | 02/13/04

Best advice on this board IT_User | 02/13/04

MS might as well go OpenSource now mckoder | 02/13/04

scrutiny guido_z | 02/13/04

MS real fear... security or stolen IP revealed? MacCanuck | 02/13/04

how your subconscious reads this news aknxy | 02/13/04

Good for the goose... Rangerbob@... | 02/13/04

Its only pety larceny anyway! (nt) nite_w0lf | 02/13/04

Happens all the time voska | 02/13/04

What a coincidence Chad_z | 02/13/04

Allchin said devastating to national security... rinaldo | 02/13/04

Who On Earth Would Want To Look At That Sloppy Code? brenthawkinsmd | 02/13/04

Just Another Microsoft Ploy Against OpenSource claytonmuhler | 02/13/04

Code was leaked from Linux computer George Mitchell | 02/13/04

Then why was the code in a "zip" archive? David Mohring | 02/13/04

Not that I disagree, but... John L. Ries | 02/13/04

tar Teknophobic | 02/13/04

alcatel / security / user friendly guido_z | 02/13/04

Sorry, skip this one wrong post. guido_z | 02/13/04

Okay, which one of you leaked it and took FilledOut | 02/13/04

new security initiative

rgriffith64@... | 02/13/04

What goes around comes around Karma_1 | 02/13/04

Re: Arthas - Wonder Who etc. etc. Nicholas Donovan | 02/13/04

What do you think?

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

SponsoredWhite Papers, Webcasts, and Downloads

BNET Industries
Check out BNET's newest resource for managers and executives. Need to do research on your competitors? Don't have time to read every trade pub? BNET Industries is the new source for daily news, insights, and research on 11 major industries and 9,000 public companies.
The technology industry from a different angle
See what's hot in the auto industry
Stay on top of the energy industry