Experts Disagree on Potential Effects of Stolen Code | eWeek

Experts Disagree on Potential Effects of Stolen Code

Verfasst von
Dennis Fisher
Dennis Fisher
Feb 23, 2004
2 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren

Despite predictions of Windows-eating superworms and fears of dozens of new vulnerabilities hitting the Internet every week, security experts say it could be some time before any real security problems arise from the theft of Microsoft Corp.s Windows source code.

Many researchers said that they are intentionally steering clear of the code and will not download it for fear of legal reprisals from Microsoft or the FBI, which is handling the investigation. As a result, there will likely be little in the way of new, legitimate vulnerability research done on the code, which includes portions of both the Windows NT 4.0 and 2000 source code.

However, soon after its public debut two weeks ago, the code appeared on several peer-to-peer file-sharing networks, as well as underground Internet Relay Chat channels frequented by crackers and less talented script kiddies. Having access to even a portion of the Windows source code is a dream come true for those in the security underground, most of whom have a great deal of time to search for cracks, experts say.

Still, the stolen code, which reportedly amounts to about 15 percent of the source code for each operating system, is more than 10 years old, and researchers have been hammering on both Windows NT 4.0 and 2000 for a while. As such, theres a good chance that most vulnerabilities have been discovered and patched, researchers said.

“I dont think its going to be terribly useful,” said Chris Wysopal, director of research and development at @Stake Inc., a security consultancy based in Cambridge, Mass. “We all need to keep in mind that there are people out there with access to the code, and theyre not the people who publish vulnerabilities. Perhaps good guys should have access to it, too.”

Other researchers arent convinced. They said that having the code in the hands of so many people with malicious motives can lead to the discovery of more flaws.

“I definitely think that this could lead to a horde of new vulnerabilities and exploits being discovered,” said Thor Larholm, senior security researcher at PivX Solutions LLC, based in Newport Beach, Calif. “A lot of the shared code base is still in use in Windows XP and Windows Server 2003. In the short term we will see a lot of public insecurity, but, ironically, this insecurity might very well lead to a hardening of the OS as previously undetected vulnerabilities are weeded out.”

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.