The usually secretive blueprints for two Windows operating systems were made public when a leaked portion of the source code was found on the Internet Thursday.
A little more than a week after informing consumers about a major security hole in its flagship product, a Microsoft spokesman said more flaws could be exposed due to the theft.
Microsoft confirmed Thursday that 5 percent of the source code for Windows 2000 and NT was being traded among various underground chat rooms and file-sharing networks.
The source code for an application is the blueprint for its operation. This theft can be compared to someone stealing the blueprints for a military base and learning where all the weaknesses are so they can exploit them.
The size of the source code files taken is around 660 megabytes. The full source code for Windows is rumored to be 40 gigabytes. A gigabyte is equivalent to 1,000 megabytes.
Company officials and the FBI were hard at work on Friday trying to find the source of the leak and have centered their investigation on Mainsoft Corp., a San Jose-based software company that helps custom-tailor versions of Microsoft software for its clients’ individual needs.
Since 1994, Microsoft has given Mainsoft access to a portion of the Windows source code under the condition that it does not divulge any of the information to others outside the company.
According to Betanews.com, Microsoft’s probe into the matter is focused on the discovery of “a “core dump file, which is left by the Linux operating system to record the memory a program is using when it crashes.” Essentially, the program takes a digital snapshot of what is in the computer’s RAM at the time of a crash.
This file shows that a Mainsoft employee was using the source code when the crash occurred. Further evidence to link the company was found in the form of the e-mail address for Mainsoft’s technology director, Eyal Alaluf, throughout the code.
Although Microsoft has focused its efforts on the company, it is still unclear as to how the code was first distributed online. There are several possibilities for the cause of the disclosure, including the possibility that security on the computer where the code was stored could have been compromised by a hacker.
Responding to the accusations, Mainsoft officials did not confirm the connection between its company and the leak but said it is cooperating with investigators.
Sharing the Windows source code with certain educational and business contacts has been a common practice for Microsoft. The company allows certain entities to use the code in an effort to combat the adoption of the open-source Linux operating system.
Linux has been growing in popularity over the years among businesses and government entities because it allows them to customize the software to fit their needs. The open-source status, which means that anyone can contribute to writing the program, also means that the majority of security holes are minimized.
The commotion that followed the spread of the source code may force Microsoft to re-tool the way in which it shares the code. In any case, the leak could have repercussions for Microsoft users as the theft could allow hackers to find holes in the code that could allow them to gain access to computers using Windows 2000 or NT.
This lapse in security could further dampen efforts by Microsoft to keep its operating system free from constant attacks by worms and viruses that spread quickly in a computing world dominated by its products.
Microsoft officials said the exposure of the code could pose some minor security threats, but said the biggest problem would be a danger to the company’s intellectual property.
Still, security experts caution that with the amount of downloads occurring through file-sharing networks and online resources, the company could have a substantial problem on its hands.
Although the leaked source code was only reported to pertain to users of Windows 2000 and NT, the problems could have more far-reaching effects. This is due to the fact that Windows XP and Server 2003 were built mostly on code from Windows 2000 and NT.
Microsoft could see the security issues in those products as well, leaving consumers feeling vulnerable about the integrity of the software they rely on for most of their daily PC tasks.