Source-code leak irks Microsoft


SAN FRANCISCO - The distribution Thursday of portions of the source code for two versions of the Windows operating system poses vexing legal and security challenges for Microsoft.

Computer security experts said yesterday that having even relatively small parts of the code for Microsoft's Windows 2000 and Windows NT operating system as easily available reference material for potential vandals and troublemakers could complicate the company's difficult task of securing its software.

Microsoft has been intensively criticized on security issues in recent years, and the company has devoted increasing resources to an effort to restore its credibility with its customers.

The posting of the information on the Internet does not present any direct threat to the hundreds of millions of users of Microsoft's software, but it could fan the fire among those who say that Microsoft has done a poor job of protecting computer users from hackers and invasions of viruses and worms.

The company might also face a debate over its contention that the secrecy of its proprietary software offers a computer security advantage over the publicly available text of open-source programs such as Linux.

Microsoft's executives said yesterday that they were working with federal law enforcement officials to attempt to understand how the software instructions had appeared in Internet peer-to-peer file-sharing systems.

"We take this seriously," said Tom Pilla, a Microsoft spokesman. "It's illegal for third parties to post or make our source code available. From that standpoint we've taken appropriate legal action to protect our intellectual property."

Word of the theft of Microsoft's source code spread rapidly Thursday afternoon after it was reported on a Web site,, and then widely discussed on the Slashdot Web site, which is widely read by the nation's programmers.

By late Thursday evening, dozens of copies of various text files ranging in size from 200 megabytes to one gigabyte were being downloaded by thousands of Internet users.

Computer programmers who examined the software instructions - the basic texts from which the Windows operating systems programs are assembled - reported that at least some versions of the program had come from a Microsoft partner, Mainsoft Corp., a software company with headquarters are in San Jose, Calif.

Several computer security experts speculated that the Microsoft operating system source code had been stolen from a Mainsoft computer via the Internet and then posted on peer-to-peer file-sharing networks.

Neither Microsoft nor Mainsoft would confirm the Web site report. Mainsoft, however, released a statement acknowledging that the company had a source code licensing agreement with Microsoft.

"Mainsoft takes Microsoft's and all our customers' security matters seriously, and we recognize the gravity of the situation," J. Michael "Mike"Gullard, chairman of Mainsoft, said in the statement. "We will cooperate fully with Microsoft and all authorities in their investigation."

Even though Windows 2000 and Windows NT are older versions of the company's operating systems, they are widely used by corporations around the world.

"This raises real national security concerns," said William Cook, a partner at Wildman Harrold in Chicago and a former federal computer-crime prosecutor. "The fact that Microsoft's software is so widely available will have an impact across the computer security industry."

A number of computer security and legal experts said Microsoft's biggest challenge as a result of the incident might unfold as skilled programmers begin to examine the texts in search of material that could be embarrassing or damaging to Microsoft.

Copyright © 2019, The Baltimore Sun, a Baltimore Sun Media Group publication | Place an Ad