Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Latest News
    • PC Hardware

    MS Code Theft: Whats All the Fuss About?

    By
    Rob Enderle
    -
    February 13, 2004
    Share
    Facebook
    Twitter
    Linkedin

      Is Microsoft going out of business due to the source-code leak on Thursday: Not!

      Im starting to wonder if the security industry has lost its mind. For most of the morning Ive been hearing security “experts” say that the leak of Microsofts source code is a huge exposure for the company.

      These same security experts often favor Unix and Linux for secure deployments—both now Open Source products where virtually all of the code is available on the Web. This leak is embarrassing, sure, but life threatening? Please….

      Lets take a deep breath and go back and look at the issue. Microsoft has been strongly anti-open source, arguing that widely distributing source code could result in security problems. But so far open source hasnt suffered from these types of problems.

      Crackers have taken the path of least resistance. Its easier to create a virus or attack based on a security bulletin then to do the hard discovery work needed to identify the exposure from scratch. And thats regardless of whether the source code was “open” or not.

      Microsoft was created in an era where people kept intellectual property close. The belief at that time was that secrecy provided better protection then a patent or copyright.

      The premise was, and is: If only you knew it, then no one else could copy it. The act of patenting something, according to popular belief, could reduce your competitive advantage because others could duplicate what you had just by obtaining the patent.

      Often that secrecy was part of the marketing campaign—the “secret Coke formula” or the “Secret Sauce.” In Jacks case (from Jack in the Box), at least, it wasnt so special. It turned out to be simply Thousand Island dressing.

      But that mystery ingredient let companies like Bayer sell generic products at premium prices. When it comes to cola, most cant tell the difference in a blind test between Coke and brand X. But theyll pay more for Coke because of a perceived taste advantage.

      Next page: Whats good for food isnt necessarily good for an OS.

      Secret Sauce

      : Food yes, Software no”> While secret recipes have added value—and even saved mystery meat like hot dogs—software buyers arent as sanguine. Big customers have demanded access to the secret sauce to conduct their own due diligence: to identify problems, make systems work better, or to simply discover how the darned stuff works.

      With roots in education, much of the Unix code has been widely available for decades. Some of the Unix variants (Digital Unix, HP-UX, and Solaris) had significant secret parts, but the core technology was there for all to see.

      Linux started out as a community project, and has always been widely shared. And in the age of the internet, once you set your code genie free, its virtually impossible to stuff it back in the bottle.

      This has created a problem for Microsoft, since it continues to believe that the open release of source code can create serious problems for a high-volume multi-national vendor.

      Microsoft already has a serious software piracy problem, compounded by the potential for Windows clones that look and feel like Windows, but either contain malware or circumvent anti-piracy enforcement. The chance of this happening with Windows is much higher than with open source software, which is often tied directly to hardware or other services.

      This as a far greater threat for Microsoft than crackers simply using source code to create new attacks.

      There is one area where exposing the code could cause security problems. The security industry is still anticipating organized attacks from criminal or terrorist groups who may move more strategically than the common-day rogue.

      These shadowy groups could choose to avoid known exposures (where patches are generally available, and applied in many cases), and could instead target previously unknown vulnerabilities gleaned from the code. An attack vectored on an unknown hole, if wide enough, could be virtually unstoppable.

      But even more worrisome than an attack, sophisticated crackers could instead simply create back doors into sensitive systems, and then manipulate financial transactions, extract sensitive data, or take control of critical systems at a predetermined time.

      However, many of these truly sensitive systems still run Unix, and many, based on the advice of “security experts” are beginning to run Linux. As a result, any problems rising from source-code mining would be at least as bad for these platforms as it is for Microsofts.

      There is a silver cloud, however. The source code theft is once again raising the issue of whether OS source code should be publicly available. If “open source” is good, then why is the accidental release of a small amount (only about 15 percent) of source code so damaging to Microsoft?

      Maybe its time to set aside our Microsoft biases and objectively analyze this issue. Until we do, we cant honestly determine whether open source is worth the risk. And answering that question, as weve seen in this crisis, is critical to the future of the software industry.

      Rob Enderle is the principal analyst for the Enderle Group, a company specializing in emerging personal technology.

      Rob Enderle
      https://enderlegroup.com
      Rob Enderle is a principal at Enderle Group. He is a nationally recognized analyst and a longtime contributor to eWEEK and Pund-IT. Enderle is considered one of the top 10 IT analysts in the world by Apollo Research, which evaluated 3,960 technology analysts and their individual press coverage metrics.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×