Home / Windows source code leak

Windows source code leak

Microsoft has confirmed that portions of the operating system source code of Windows were illegally made available on the internet and being downloaded by thousands of users across many peer to peer (P2P) networks and FTP sites.

Microsoft has confirmed that portions of the software source code of Windows 2000 and Windows NT 4.0 were illegally made available on the internet and was available for downloaded across many peer to peer (P2P) networks and FTP sites.

Microsoft said this is not the result of any breach of Microsoft’s corporate network or internal security, nor is it related to Microsoft’s Shared Source Initiative or its Government Security Program, which enables customers, partners and governments to legally access the source code.

When ITP (publisher of ACN magazine) was informed of the Windows source code leak we used a peer to peer (P2P) search tool called Twister and had full access to the Windows source code files, which could be downloaded in a few hours on a broadband connection. (See screen shot). It has been reported that thousands of users have already downloaded the code in the past 48 hours.

An official for Microsoft South Gulf (a division of Microsoft Middle East said: “Yes, we are aware of the source code leak and we’re working on a global scale and not on a regional level [with local ISPs] to solve the issue.”

The Redmond giant is working closely with the US Federal Bureau of Investigation (FBI) as the source code is both copyrighted and protected as a trade secret, which makes it illegal to post it, make it available to others, download it or use it.

Most online file-sharing networks can be accessed using free P2P tools such as Twister, Grokster, NeoNapster, LimeWire, Kazaa, Morpheus, AyZoo to download MP3s, videos, software and pictures, many of which are a breach of copyright and intellectual property laws.

While Microsoft says there has been no reported impact on consumers or enterprises, analysts say the development is yet another twist in the company’s ongoing security saga. Last week, Microsoft issued two critical warnings for its new operating systems (Windows XP), which continues with the vendor’s weekly updates, patches, bug fixes and security alerts. The vendor has also been the target of daily virus attacks including the recent MyDoom and Doomjuice this week.

Microsoft’s entire operating system and applications code runs into several gigabytes or tens and millions of lines of source code (largely written in C, C++). The vendor confirmed that the released code amounted to a fraction of the entire program, going by the file sizes available for download which stand at around 200 megabytes and contain more than 30,000 files. While this could amount to only 5 to 10% of the total Windows code, the security issues and criticality are not being disclosed by Microsoft.

The source code leak is believed to have originated from a PC used by Microsoft's 10-year old software partner Mainsoft, which develops enables software developers to develop C++ applications on Windows using Visual Studio and deploy them on Unix and Linux.

Leaking of the Windows source code could be a shot in the arm for open source environment and Linux, which distributes its entire source code freely - a sharp contrast to Microsoft’s strategy of closely guarding it's source code. Open Source programs allow for the full source code to be publicly available so programmers and users can modify and improve the code or customise it for their needs.

After the recent surge in Linux usage, Microsoft has modified it’s source code policy. It recently began sharing parts of the source code with several governments including Bahrain and some 120 universities in 27 countries.

Follow us to get the most comprehensive technology news in UAE delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.