Microsoft Corp. said late Thursday that some 13.5 million lines of source code - possibly 33 percent of all of the code of its Windows 2000 and Windows NT4 operating systems - had been leaked over the Internet. The software giant said an official investigation is underway and downplayed the leak as a major security threat to the hundreds of millions of people worldwide who use the operating system as the ibraini behind their personal computer.
In a statement released by the company and obtained by The Mac Observer, Microsoft said it was investigating the matter further. "The rumor regarding the availability of Windows source code is based on the speculation of an individual who saw a small section of unidentified code and thought it looked like Windows code," Microsoft said in a statement. "Microsoft is looking into this as a matter of due diligence. If a small section of Windows source code were to be available, it would be a matter of intellectual property rights rather than security."
Microsoft said it did not know how much of the code had been leaked or how many people may have gained access to it. The company could not immediately pinpoint the source of the leak, and has contacted law enforcement authorities to help in the investigation.
According to experts contacted by The Mac Observer who have seen the leaked code and talked with Microsoft officials Thursday night, the leaked source code contain some 30,900 files written with 13.5 million lines of code. Portions of the code are said to have contained libraries files, images, un-compiled code and executable files. In addition the code contained notes and references from developers, including specific bugs and references to Microsoft employees.
It is not clear how much of the source code has been compromised, according to experts. Initially, Microsoft told reporters the 13.5 million lines of leaked code equaled 15 percent of the entire source code. If true, this would mean the operating system is made of some 90 million lines of code. That would contradict Microsoft statements made at the release of Windows 2000 that said the OS was made up of between 35 and 38 million lines of code. If the number is 38 million, the amount of leaked source code is more like 33 percent.
"Microsoft is trying to downplay this leak, but this is a tough one to downplay," Joe Wilcox, a senior Microsoft analyst with Jupiter Research, told The Mac Observer. "Windows is Microsoftis crown jewel and source code is the blueprint.
"Microsoft has already been taking a beating of security issues, so people may look at this and wonder about Microsoftis security if it looses some of its source code," Wilcox commented. "Also, there may be concerns at some point in the future that hackers will find things in the leaked source code that will allow them to break into the source code of Windows 2000 or even later versions of the operating system."
Wilcox also believed Microsoft will take a "real black eye" in the media over the source code leak. "This is a credibility problem for Microsoft, if nothing else," he said.
Wilcox said the downplaying of the leak by Microsoft is to assure customers their computers running Windows are safe from a security breach. In his opinion, the real problem for Microsoft is now credibility with customers.
"If the blueprint for your bank gets out and people can see how to break in, then you made not want to put your money there," Wilcox said. "Microsoft is legitimately concerned that customers will look at this and say, iMaybe Windows isnit safe. Maybe I shouldnit upgrade. Maybe I shouldnit purchase a new OS. Maybe I should look at something else.i"