Neil Turner's Blog

Blogging about technology and randomness since 2002

Leaky code

You may know by now that some of the source code for Windows 2000 (and possibly also NT 4.0) has been leaked onto the internet. Only about a third of the code has been leaked, but that’s still a considerable 13.5 million lines.
I first heard this through one of my pals at Xteq, and there’s been an email discussion going on as to whether this was really a conspiracy. Could Microsoft have deliberately leaked the code to make Windows 2000 and NT seem more vunerable to security attacks so that people will upgrade to XP and Windows Server 2003?
The Betanews article suggests this isn’t the case, although you’d naturally expect a Microsoft spokesperson to deny the leak was deliberate. You also have to remember the XP and Server 2003 are both based on the same NT codebase as 2000 and NT – unless MS was very selective about the code it chose to leak, it makes users of the two more recent OSes vunerable too, so I’d say it was unlikely.
What it does mean is that there may well be more pressure on Microsoft to fix security vunerabilities in a faster timeframe, seeing as the source code may well be out there for all to see so viruses and worms which exploit vunerabilities will be much easier to create. It also means that more third parties can scrutinise the code and find exploits, as well as potential bugs, as is usual in the open source world.
Should users be worried? I don’t know, since no-one is quite sure what got leaked, although Betanews suggests it includes the IE5 and Windows 2000 logos and code to display the taskbar, and other bits are likely. It apparently doesn’t include the code for Product Activation, but that was never included in these two OSes anyway.
Update:The source of the leak has been found – a company called MainSoft, who uses the source code to create native-Unix versions of Windows programs. You can read the original article at NeoWin, and Microsoft’s official response.

Comments are closed.