Microsoft is investigating rumors that the secret code underlying its Windows NT and Windows 2000 operating systems has leaked out and is available on the Internet, a company spokesperson confirms.
The supposed leak was reported by Microsoft enthusiast Web site Neowin.net, which called it "shocking and potentially devastating news." The source code of the two operating systems is rumored to be spreading on a peer-to-peer file-sharing network as well as on Internet relay chat (IRC).
"The rumor regarding the availability of Microsoft source code is based on the speculation of an individual who saw a small section of unidentified code and thought it looked like Windows source code. Microsoft is looking into this as a matter of due diligence," the spokesperson says.
IDG News Service was shown Web pages that appear to contain a directory listing of the packages of Windows 2000 and Windows NT source code, as well as some actual source code that appears to be part of the Windows NT Task Manager. The contents of the pages could not immediately be verified.
Source code is pre-compiled code in the form of lines of text, usually with comments. It can be compiled into code that can run but can't be read. The Windows code on users' PCs is all compiled code.
On Thursday afternoon, discussion sites and mailing lists were abuzz with talk about the possible leak. Some sites offer screen shots or directly posted parts of what is said to be the source code. Posters also report having downloaded the code and claim the leak is real.
However, only part of the source code appears to have leaked. Those who say they have downloaded the code claim to have a 200MB compressed file that expands into roughly 600MB of code, says Thor Larholm, a senior security researcher at PivX Solutions, in Newport Beach, California.
"That is lot less than the 6GB to 10GB of source code Microsoft claims the OS consists of. If this is a real leak, it is only a leak of part of the code," he says,
Larholm analyzed the directory listings posted on the Web. "If we are to believe those lists, then the archive contains source code for network protocols, parts of Internet Explorer, certificate handling and kernel code," he adds.
Hackers Could Exploit
If the source code for Windows 2000 and Windows NT has indeed been leaked, the ramifications would be far-reaching. A breach of the code could expose users to an increase in cyberattacks because it would make it easier for hackers to find holes in the operating systems that they can exploit. It would also mean that Microsoft's closely guarded intellectual property is now out in the open, says Joe Wilcox, a Washington, D.C.-based Jupiter Research senior analyst.
"I would consider it fairly unlikely that the Windows 2000 and Windows NT source code has leaked. However, if any source for either operating system were to leak on the Internet it would be devastating for Microsoft," Wilcox says.
Windows 2000 and Windows NT are older Microsoft products but are still widely used. The products also formed the basis of the current Windows XP operating system, Wilcox notes.
In one posting on the Web site Slashdot.org, someone using the handle "Monkelectric" asked if the leak could be a ploy by Microsoft to get users to upgrade from Windows NT and Windows 2000 to newer operating systems, perhaps to avoid an onslaught of security breaches. Other posters joked about Windows having gone open source.
This would not be the first time that Microsoft faced a leak of its source code. In 2000 it confirmed that outsiders had accessed some of the code underlying a version of Windows as well as Office.
The team handling the reports about the possible leaks also handles the software maker's Shared Source Initiative, under which enterprise users, academics, and others can get controlled access to select parts of Microsoft's source code.