The Windows source code leak
13 Feb 2004
On 12th February, Microsoft Corporation announced
that part of the source code for Windows 2000 and Windows NT 4.0 had been leaked and illegally published on the Internet. As a service to computer users, Kaspersky Lab provides information on the potential threat that this leak represents.
The day before Microsoft announced the leak, several hundred megabytes of text files containing source code for Windows 2000 and Windows NT 4.0 were published on a number of hacker websites. The files included the code of key applications such as WINSOCK (the application which works with network resources), Internet Explorer, and Outlook. All the websites where the code was published have been closed down, but there is no guarantee that the information will not resurface.
The source code lays bare the internal workings of the operating system, exposing the nuts and bolts of the system. Access to source code makes it possible for users to modify programs, adapting them to their own needs. They can even independtly correct program errors without having to wait for a response from the manufacturer. It should be remembered that a user needs to have substantial IT experience in order to take advantage of such opportunities.
On a more serious note, access to source code does make it far easier to identify previously unknown vulnerabilities in the operating system. Virus writers and hackers then use these breaches to attack computers. Having the source code makes it possible to integrate malicious programs into the heart of the operating systems. Viruses are then an undetectable part of Windows. This is dangerous, as it opens the door to a new generation of stealth viruses: viruses which mask their presence in the system by controlling the operation of anti-virus programs and firewalls.
"The leaking of the Windows source code is a historic event in computer virology; a new round of virus vs. anti-virus has begun. We are certain to see new viruses attacking vulnerabilities in Windows for which no patches yet exist. The appearance of system viruses, which are almost impossible for traditional anti-virus software to detect, is another real danger," comments Eugene Kaspersky, Head of Anti-Virus Research at Kaspersky Lab, "Nevertheless, virus analysts are prepared for such contingencies and will rise to this new challenge from by the computer underground".