Microsoft is working with law enforcement to learn how incomplete parts of the Windows 2000 and Windows NT source codes got posted online this week, and threatened to take "all appropriate legal actions" in the case.
"It's illegal for third parties to post Microsoft source code," Microsoft spokesman Tom Pilla told reporters Feb. 12. "We obviously take that very seriously."
The coding in question turned up in a 203-megabyte file, but Microsoft doesn't yet believe it was the work of someone breaching their corporate network. It hit some peer-to-peer and Internet Relay Chat (IRC) networks Feb. 12, according to CNET. Rilla said customers shouldn't feel any effects and that the long-term security impact was likely to be minimal if anything, since it is incomplete code.
That's not quite the way the makers of Norton Antivirus saw it. "It's definitely not a good thing if black hats have the source code," said Symantec senior manager Oliver Friedrichs to CNET. "The underground can look at the code without legitimate security researchers being able to find vulnerabilities first."
But Microsoft said the key issue here was intellectual property. "If a small section of Windows source code were to be available, it would be a matter of intellectual property rights rather than security," a company statement said.
On the other hand, CNET said, even Microsoft is on record as fearing the release of its Windows source codes because of security issues. That came fourth during the antitrust trial of a few years ago, in which Microsoft senior vice president for Windows Jim Allchin testified that releasing the source codes would be "devastating" for Windows security.
