Experts Disagree on Potential Effects of Stolen Code | eWeek

Experts Disagree on Potential Effects of Stolen Code

Écrit par
Dennis Fisher
Dennis Fisher
Feb 23, 2004
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Despite predictions of Windows-eating superworms and fears of dozens of new vulnerabilities hitting the Internet every week, security experts say it could be some time before any real security problems arise from the theft of Microsoft Corp.s Windows source code.

Many researchers said that they are intentionally steering clear of the code and will not download it for fear of legal reprisals from Microsoft or the FBI, which is handling the investigation. As a result, there will likely be little in the way of new, legitimate vulnerability research done on the code, which includes portions of both the Windows NT 4.0 and 2000 source code.

However, soon after its public debut two weeks ago, the code appeared on several peer-to-peer file-sharing networks, as well as underground Internet Relay Chat channels frequented by crackers and less talented script kiddies. Having access to even a portion of the Windows source code is a dream come true for those in the security underground, most of whom have a great deal of time to search for cracks, experts say.

Still, the stolen code, which reportedly amounts to about 15 percent of the source code for each operating system, is more than 10 years old, and researchers have been hammering on both Windows NT 4.0 and 2000 for a while. As such, theres a good chance that most vulnerabilities have been discovered and patched, researchers said.

“I dont think its going to be terribly useful,” said Chris Wysopal, director of research and development at @Stake Inc., a security consultancy based in Cambridge, Mass. “We all need to keep in mind that there are people out there with access to the code, and theyre not the people who publish vulnerabilities. Perhaps good guys should have access to it, too.”

Other researchers arent convinced. They said that having the code in the hands of so many people with malicious motives can lead to the discovery of more flaws.

“I definitely think that this could lead to a horde of new vulnerabilities and exploits being discovered,” said Thor Larholm, senior security researcher at PivX Solutions LLC, based in Newport Beach, Calif. “A lot of the shared code base is still in use in Windows XP and Windows Server 2003. In the short term we will see a lot of public insecurity, but, ironically, this insecurity might very well lead to a hardening of the OS as previously undetected vulnerabilities are weeded out.”

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.