Windows Code Leaked Onto Internet
Microsoft Corp. Chairman Bill Gates got a glimpse of his worst nightmare Thursday: Portions of the tightly controlled programming instructions for the Windows operating system were leaked onto the Internet.
Sections of Windows’ source code moved quickly through online chat groups and file-sharing networks. That embarrassed Microsoft and might have increased the vulnerability of the software that powers most of the world’s computers.
The Redmond, Wash.-based software giant is investigating the incident, Microsoft spokesman Tom Pilla said. He said he didn’t know how much of the code for Windows 2000 and Windows NT had been revealed or how many people might have gained access to it.
Microsoft has asked the FBI for help, Pilla said.
People who viewed excerpts of the code said it was enough to fill a CD-ROM, about 660 megabytes. The entire source code for Windows is estimated to be 40 gigabytes -- enough to fill more than 57 CD-ROMs.
Although what’s out there is minuscule in size, it could be huge in significance.
If it’s the source code, say, for Solitaire or Minesweeper, Microsoft and its customers probably have little reason to worry. But if the purloined code touches the very heart of Windows, it could give hackers a better understanding of how to exploit security flaws.
Pirated copies of software are common currencies in the Internet underground, but leaks of blueprint source code are rare. It was unclear late Thursday whether any portion of the Windows source code had ever been widely disseminated.
Reviewing source code is essential to understanding how a program works and is the only way to modify it.
Thursday’s leak comes as Microsoft is sharing glimpses of the code with more people outside the company, including academics and officials from foreign governments, who want to make sure that Windows has no “back doors” for spying and that they understand how the operating system’s security features work.
Those who see the code must follow a number of safeguards to prevent its dispersal.
Release of the entire source code could be disastrous for Microsoft, the world’s biggest software company. Not only would such an event turn the company’s most valuable asset into the equivalent of an MP3 up for grabs anywhere, it would allow anyone in possession of it to modify the programs.
A smaller leak might be useful to programmers writing applications designed to run on Windows machines.
During the federal government’s antitrust case against Microsoft and in settlement talks, the company resisted releasing the source code.
Some programmers said that as malicious hackers study the code, they will find vulnerabilities. Microsoft and security professionals said that should not be an overwhelming concern.
“I don’t believe there will be an increase in the number of vulnerabilities found,” said Chief Technology Officer Bruce Schneier of Counterpane Internet Security. “It’s primarily bad for Microsoft because it’s their intellectual property.”
While some Microsoft foes in the software world were gleeful at the company’s misfortune, others warned that it could be some sort of trap to catch people incorporating Microsoft’s technology into free software, including the Linux operating system.
Some analysts noted that the greatest damage may be to Microsoft’s reputation.
“It seems unlikely this is going to create a material, significant security problem,” said Rob Enderle, a technology expert and principal analyst with the Enderle Group. “It’s more embarrassing than anything else because it makes it look like Microsoft can’t control its code.”
Associated Press and Bloomberg News were used in compiling this report.
