The distribution Thursday of portions of the secret programmer's instructions for two versions of the Windows operating system poses vexing legal and security challenges for Microsoft.
Computer security experts said on Friday that having even relatively small parts of the blueprints for Microsoft's Windows 2000 and Windows NT operating system as easily available reference material for potential vandals and troublemakers could complicate the company's already difficult task in securing its software.
Microsoft has been intensively criticized on security issues in recent years and the company has devoted increasing resources in an effort to restore its credibility with its customers.
The posting of the information on the Internet does not present any direct threat to the hundreds of millions of users of Microsoft's software, but it may fuel the fire among those who say that Microsoft, based in Redmond, Washington, has done a poor job of protecting computer users from hackers and invasions of viruses and worms. The company may also face a debate over its contention that the secrecy of its proprietary software offers a computer security advantage over the publicly available text of open-source programs like Linux.
Microsoft's executives said on Friday that they were working with federal law enforcement officials to attempt to understand how the software instructions, known as source code, had appeared on a variety of Internet peer-to-peer file sharing systems.
"We take this seriously," said Tom Pilla, a Microsoft spokesman. "It's illegal for third parties to post or make our source code available. From that standpoint we've taken appropriate legal action to protect our intellectual property."
Word of the theft of Microsoft's source code spread rapidly on Thursday afternoon after it was first reported on a Web site, Neowin.net, and then widely discussed on the Slashdot Web site, which is widely read by the nation's programming community.
By late Thursday evening dozens of copies of different text files ranging in size from 200 megabytes to one gigabyte were being downloaded by thousands of Internet users.
Computer programmers who examined the software instructions -- the basic texts from which the Windows operating systems programs are assembled -- reported that at least some versions of the program had come from a Microsoft partner, Mainsoft Corp, a software company whose headquarters are in San Jose, California.
Several computer security experts speculated that the Microsoft operating system source code had been stolen from a Mainsoft computer via the Internet and then posted on peer-to-peer file sharing networks.
Neither Microsoft nor Mainsoft would confirm this report. Mainsoft, however, released a statement acknowledging the firm had a source code licensing agreement with Microsoft.
"Mainsoft takes Microsoft's and all our customers' security matters seriously, and we recognize the gravity of the situation," Mike Gullard, chairman of Mainsoft, said in the statement. "We will cooperate fully with Microsoft and all authorities in their investigation."
Even though Windows 2000 and Windows NT are older versions of the company's operating systems, they are still widely used by corporations around the world.
"This raises real national security concerns," said William Cook, a partner at Wildman Harrold in Chicago and a former federal computer crime prosecutor. "The fact that Microsoft's software is so widely available will have an impact across the computer security industry."
A number of computer security and legal experts said that Microsoft's biggest challenge as a result of the incident may unfold in the future as skilled programmers begin to examine the texts in search of material that may be embarrassing or damaging to Microsoft.
"There have been lots of stories about the existence of undocumented features" in Microsoft's operating system that were intended to harm competitors, said Bruce Schneier, founder and chief technical officer of Counterpace Internet Security, a computer security firm in Mountain View, California.
In 1999, Microsoft suffered a black eye when a Canadian programmer, examining a portion of its software, discovered an element inside the company's Windows operating system labeled NSAKey. At the time, Microsoft said the reference was not an indication that the company was engaged in a conspiracy with the National Security Agency, a federal intelligence operation. The label, however, undercut the company's credibility within the computer security community, where it was widely criticized at the time. In addition to the NSAKey incident, the Diebold Corp, a manufacturer of automated teller and voting machines faced criticism after the programmers' instructions for its voting machines were circulated on the Internet. Technical experts said the code revealed flaws that might make the machines vulnerable to manipulation, a charge that Diebold denied.
A number of computer experts said that Microsoft had no choice but to rush to court to try to limit the spread of the software instructions through temporary restraining orders.
"The horse is out of the barn," said Jim Brelsford, a partner at the law firm Jones Day in Menlo Park, California. "But you have to do this to protect your trade secrets."
CHAMPIONS: President Lai congratulated the players’ outstanding performance, cheering them for marking a new milestone in the nation’s baseball history Taiwan on Sunday won their first Little League Baseball World Series (LLBWS) title in 29 years, as Taipei’s Dong Yuan Elementary School defeated a team from Las Vegas 7-0 in the championship game in South Williamsport, Pennsylvania. It was Taiwan’s first championship in the annual tournament since 1996, ending a nearly three-decade drought. “It has been a very long time ... and we finally made it,” Taiwan manager Lai Min-nan (賴敏男) said after the game. Lai said he last managed a Dong Yuan team in at the South Williamsport in 2015, when they were eliminated after four games. “There is
Chinese Nationalist Party (KMT) lawmakers have declared they survived recall votes to remove them from office today, although official results are still pending as the vote counting continues. Although final tallies from the Central Election Commission (CEC) are still pending, preliminary results indicate that the recall campaigns against all seven KMT lawmakers have fallen short. As of 6:10 pm, Taichung Legislators Yen Kuan-heng (顏寬恒) and Yang Chiung-ying (楊瓊瓔), Hsinchu County Legislator Lin Szu-ming (林思銘), Nantou County Legislator Ma Wen-chun (馬文君) and New Taipei City Legislator Lo Ming-tsai (羅明才) had all announced they
Nvidia Corp CEO Jensen Huang (黃仁勳) yesterday visited Taiwan Semiconductor Manufacturing Co (TSMC, 台積電), as the chipmaker prepares for volume production of Nvidia’s next-generation artificial intelligence (AI) chips. It was Huang’s third trip to Taiwan this year, indicating that Nvidia’s supply chain is deeply connected to Taiwan. Its partners also include packager Siliconware Precision Industries Co (矽品精密) and server makers Hon Hai Precision Industry Co (鴻海精密) and Quanta Computer Inc (廣達). “My main purpose is to visit TSMC,” Huang said yesterday. “As you know, we have next-generation architecture called Rubin. Rubin is very advanced. We have now taped out six brand new
POWER PLANT POLL: The TPP said the number of ‘yes’ votes showed that the energy policy should be corrected, and the KMT said the result was a win for the people’s voice The government does not rule out advanced nuclear energy generation if it meets the government’s three prerequisites, President William Lai (賴清德) said last night after the number of votes in favor of restarting a nuclear power plant outnumbered the “no” votes in a referendum yesterday. The referendum failed to pass, despite getting more “yes” votes, as the Referendum Act (公民投票法) states that the vote would only pass if the votes in favor account for more than one-fourth of the total number of eligible voters and outnumber the opposing votes. Yesterday’s referendum question was: “Do you agree that the Ma-anshan Nuclear Power Plant
RSS