MS Source Code and the Lesson of Pandoras Box

The last thing any programmer should do, Linux & Open-Source Center Editor Steven Vaughan-Nichols advises, is take even a sneak peek at Microsoft stolen source code.

Eventually, everything secret leaks. The fact that you ate the last cookie, that you didnt take out the trash, or that you looked at the source code for Windows 2000 Service Patch 1… it all comes out eventually.

But lets face it, peeking at W2Ks source code is a much, much bigger deal.

Most of the attention over the release has been, rightly I think, focused on the fact that with this code out there it will be an awful lot easier for crackers to break into W2K systems and write viruses and worms.

In a way I feel sorry for Microsoft, its not as if Windows has any reputation for security to speak of anyway, and this latest breach will offer a detailed road map to anyone who wants to break into Windows 2000.

However, I feel much more sorry for Windows users. For years now, many business IT departments have been willing to put up with one Windows security problem after another. I guess its because their CFOs never looked at the real cost of Windows maintenance and downtime vs. the cost of switching to Linux, BSD or another more-secure operating system.

Now, following the leak of Windows source code, even the most shortsighted bean-counter must see that sticking with Windows 2000 will be an extremely expensive proposition.

But, enough of that. Ive made those arguments before.

There is another, more subtle, problem with the code release. Obtaining the code isnt a big deal. I found out how easy it was after about an hour of checking cracker sites and by Monday, Im sure anyone who wants to look at the code will be able to find out how.

On the other hand, I have but one word for anyone considering looking at the source, and who is now, ever has been or ever hopes to be a developer: Dont.

If you look at the code, there will always be reasonable doubt that any programming project you work on in the future will reflect Microsofts work. If that sounds far-fetched, you havent been paying attention to the ways that intellectual property law has been being looked at in the courts.

Of course there are programs under development, like Black Duck Software Inc.s Black Duck Enterprise Edition, that exist expressly for finding legally questionable code. But a future employer may not want to take a chance on hiring you in the first place if its known youve been reading Microsofts proprietary code.

Some programmers may believe that this tainting issue is mainly a problem for open-source developers. They would point to those who work on programs that try to duplicate Windows functionality in open source such as Samba, which provides Windows-compatible file and print services or Mono, an open source implementation of .NET. Thats not true.

Open source or closed source, youre taking a big chance of getting into legal hot water with Microsoft, if youve viewed stolen Windows code. If you write a Windows-compatible program, and Microsoft decides that it shows signs of having tainted code within it, Microsoft will come after the product, its vendor and you. Frankly, the boys from Redmond would have every reason to come after you.

And, if you have looked at the code, dont be surprised if the courts find for Microsoft even if you swear on a stack of bibles that you never inhaled any Microsoft source code in your brief peek.

It may be a cliché, but its true that when it comes to the sin of looking at stolen source code, you should just say no. Linux & Open Source Center Editor Steven J. Vaughan-Nichols has been using and writing about operating systems since the late 80s and thinks he may just have learned something about them along the way.

Be sure to add our Linux feed to your RSS newsreader:</a>