Microsoft Code in Captivity

By Peter Galli  |  Posted 2004-03-14 Print this article Print

Microsoft's code leak increases criticism of the company's practice of tightly controlling its source code.

The leak of some of Microsoft Corp.s Windows source code on the Internet last month has elevated the discussion about why the software company believes it needs to protect its code so fiercely when other vendors are more liberal with access to their proprietary source code. The leak has also raised doubts about Microsofts commitment to, and ability to effectively deal with, the security of its products.

Microsoft officials are downplaying the security aspect of the leak of the Windows 2000 and Windows NT 4.0 source code. "The leak was not a breach of our internal security, it was not a breach of corporate network security and it was also not a breach of the Shared Source or Government Security programs or from one of those licensees. The code also did not come through the Code Center Premium, the mechanism we use to deliver source code to customers," said Jason Matusow, Microsofts Shared Source Program director, in Redmond, Wash.

Click here for eWEEKs interview with Jason Matusow.
Microsofts response is not sitting well with some customers and developers. "The code leak was a fairly serious event, both for consumers and for Microsoft itself. Downplaying the issue is standard Microsoft damage control, but there will be consequences for that leak," John Persinger, an internal network administrator for Source4 Inc., in Roanoke, Va., told eWEEK. "We run on the realistic knowledge that our network is, and always will be, subject to potential threats. We do all we can to maintain the most active awareness of threats to both us and to our customers, but events like the code leak dont help."

Bob Duerr, president of Integrated E-com, in Naperville, Ill., takes the code leak seriously. "This is a breach of the very code that is the core of what we use today in our business, Windows 2000. Even little pieces can be put together to give insight into where a hacker may insert trouble and breach security," Duerr said, adding that Microsoft must assume responsibility for the leak.

"The buck has to stop somewhere. This is no different than Coke keeping their secret formula for their cola. The bigger issue is that they should have had contingency plans if this happened," Duerr said.

Should Microsoft open-source its leaked code? Find out here. Brian Riley, a senior programmer and analyst at a publicly traded health care services company, also points to Microsofts security record. Riley said that "from a user standpoint, Microsoft products have never been secure and have gotten even less so." But unless there are some serious exploits as a result of the leaked code, he does not expect that to have any impact on his company. "Security has tightened up quite a bit around here since Slammer, Nimda and Blaster," he said.

In defending Microsoft and its security initiatives, Matusow said, "I think our candidness around security vulnerabilities and our response mechanisms are part of the effort to show that we are dealing with these issues head-on. But I understand how customers make the leap of logic that the leak represents further proof to them of security concerns," he said.

"Weve been sharing Windows source code for 13 years, and many eyes have looked at that code. Maybe we havent done a good-enough job telling the source code story. It appears that many people think this is the first time anyone has ever seen Windows source code," Matusow said.

Next page: Microsofts crown jewels.

Peter Galli has been a financial/technology reporter for 12 years at leading publications in South Africa, the UK and the US. He has been Investment Editor of South Africa's Business Day Newspaper, the sister publication of the Financial Times of London.

He was also Group Financial Communications Manager for First National Bank, the second largest banking group in South Africa before moving on to become Executive News Editor of Business Report, the largest daily financial newspaper in South Africa, owned by the global Independent Newspapers group.

He was responsible for a national reporting team of 20 based in four bureaus. He also edited and contributed to its weekly technology page, and launched a financial and technology radio service supplying daily news bulletins to the national broadcaster, the South African Broadcasting Corporation, which were then distributed to some 50 radio stations across the country.

He was then transferred to San Francisco as Business Report's U.S. Correspondent to cover Silicon Valley, trade and finance between the US, Europe and emerging markets like South Africa. After serving that role for more than two years, he joined eWeek as a Senior Editor, covering software platforms in August 2000.

He has comprehensively covered Microsoft and its Windows and .Net platforms, as well as the many legal challenges it has faced. He has also focused on Sun Microsystems and its Solaris operating environment, Java and Unix offerings. He covers developments in the open source community, particularly around the Linux kernel and the effects it will have on the enterprise.

He has written extensively about new products for the Linux and Unix platforms, the development of open standards and critically looked at the potential Linux has to offer an alternative operating system and platform to Windows, .Net and Unix-based solutions like Solaris.

His interviews with senior industry executives include Microsoft CEO Steve Ballmer, Linus Torvalds, the original developer of the Linux operating system, Sun CEO Scot McNealy, and Bill Zeitler, a senior vice president at IBM.

For numerous examples of his writing you can search under his name at the eWEEK Website at


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel