|
Thursday, February 26, 2004
Ng: What leaked Microsoft code means
By Wilson Ng
Wired Desktop
POSTED. One of the bigger pieces of news in the last two weeks was about how some source code for Windows NT and Windows 2000 were posted in the website for download. Microsoft has since come out with warnings that doing so violates copyright, and it seems like it has now been controlled.
But for many Windows users like you and me, what does it mean?
First, the code that was leaked is source code. Source code is the actual English-like code that programmers write to create the program before it is compiled, so potentially, source code can tell a lot of things on how the program is designed and written.
Windows 2000 is a very big operating system, and the source code for the program alone is about 40 gigabytes (the equivalent of roughly 20 million pages of code). The code that was leaked, however, was reportedly only 230 megabytes compressed, or roughly 600 megabytes uncompressed. It is only roughly 15 percent of the whole program.
People probably aren’t going to be able to write their own versions of Windows even if they have that. Besides, it could take weeks and months just to try to read and understand the code. Also, the source code version leaked was more than four years old.
This does not mean, however, that there are no dire implications. Let us create an analogy. Let us say the Central Bank has 100 rooms, and the blueprint for 15 of its rooms as they were constructed four years ago, was made public. That can create security problems for the Central Bank. People studying the 15 rooms might find some vulnerabilities that could be exploited to raid the Central Bank or steal its money.
Although the source code is for older versions of the program, many computer programs are built reusing old code, so it can be surmised that some of the codes there are still running on the latest versions of Windows 2003 and Windows XP, though many of its parts could have been rewritten already.
It has been well over a week already, and so far, happily, no bad reports of vulnerabilities or intrusions have been reported. But it does cause uneasiness for many of us.
What if some people analyze the source, find a vulnerability and use it to prowl inside our computers? This becomes difficult since the Open Source Software, as exemplified by Linux, has been very vocal in having Microsoft openly share the source code, which Microsoft is increasingly doing with its bigger customers and many governments.
The more Microsoft shares its source codes, the more people will know about its inner workings. Will it mean that the software will become more secure, or will it become more vulnerable instead?
Since Microsoft is the number one target for hackers, and hundreds of millions of computers run its software, a breach like this can become as serious as certain national security breaches.
Eventually, commercial and competitive pressure will mean Microsoft may have to share its source code with more and more people. But whatever it does, let us hope they don’t do anything rash to compromise the security of all our computer users.
(e-mail: wilson@esprint.com.)
(February 26, 2004 issue)
Write letter to the editor. Click here.
Join the Sun.Star message board. Click here. |
|
[return to top]
[home]
[network page]
|
LOCAL NEWS
BUSINESS
OPINION
SPORTS
LIFESTYLE
FEATURE
SUPERBALITA
WEEKEND
|
