Expert Opinion on Microsoft Source Leak

I downloaded this analysis (.doc) of the Windows source code leak from a Dutch Windows news site, Bink.nu. The author is a Dutch programmer named Tamura Jones, who wrote a book called Undocumented Windows. Jones makes several good points, which I reproduce below.

"This is not the first time that Microsoft source code leaked onto the net. In 2000, the source code for MS-DOS 6 was leaked. It received considerable less attention, as most journalist considered it obsolete, despite the fact that it still had millions of users around the world, and that MS-DOS is actually the basis for many versions of Windows still in use today. That leaked source is still being passed around...

In October of 2000, Microsoft had to confirm that crackers had broken into their network and actually gained access to the Windows source code. That breach was done using the Qaz trojan. Microsoft has stated that this time round, their security has not been breached...

Evidence inside the Windows 2000 source code leaked on Thursday 12 February 2004 suggests that this particular leak originated at long-time Microsoft partner MainSoft. The leaked source would implicate Eyal Alaluf, MainSoft's Director of Technology...

MainSoft is a commercial company that provides a product called MainWin. The MainWin product makes it relatively easy for third-party software companies to make the programs they already created for Windows available on Unix as well.
The MainWin product is based on actual Windows source code...

The leaked source is more than three year old. The newest files in the Windows 2000 source code are dated 25 July 2000. The source probably corresponds to Windows 2000 Service Pack 1, while the current Service Pack for Windows 2000 is Service Pack 4. The Windows NT 4 source code probably corresponds to Windows NT 4 Service Pack 3, while the current Service Pack for Windows NT 4 is Service Pack 6a, and a Service Roll-up Pack has already followed it...

Here’s a table summarising the official figures [on Windows source code lines] collected from various Microsoft sources:

Year: Product: Million Lines of Code
1993: Windows NT 3.1: 6
1996: Windows NT 4.0: 16.5
1999: Windows 2000: 29
2001: Windows XP: 45
2003: Windows 2003: 50

None of these numbers means much. The issue is not what percentage got out, but what got out. The real observation is that what got out is not just any part, but an important part of Windows, and you do not even need to read the leaked code to figure that out.

MainSoft's MainWin product allows developers to create Unix versions of their existing Windows programs. There are all kinds of technicalities, but the basic idea behind the MainWin product is very simple: MainWin pretends to be Windows.

MainSoft has incorporated considerable parts of the Windows code into its MainWin product. In a very real sense, large parts of the MainWin product do not just pretend to be Windows, but are Windows.

In support of the MainWin product, Microsoft provided MainSoft with a license in its Windows Interface Source Environment (WISE) program. The WISE license provides source code access to the very core of Windows, the basis the rest of Windows is built on. The WISE program is so exclusive that it is not listed on Microsoft Shared Source Licensing Programs page. What is provided under the WISE license is so essential, that only a few companies ever got one. That fact alone already indicates the value Microsoft places on this particular source code license.

The source that leaked is part of what MainSoft got under that rather exclusive WISE license, and what it got is the hottest part of Windows."

I found a January 1995 document archived on a site in China about WISE. Here are some extracts:

"The Windows Interface Source Environment (WISE) is a licensing program from Microsoft to enable customers to integrate Windows-based solutions with UNIX and Macintosh systems. Microsoft has licensed the Windows family source code to Mainsoft Corporation, Bristol Technology Inc., Insignia Solutions Inc., and Locus Computing Corporation. Using the products being developed by Mainsoft and Bristol, developers will be able to write to the Win32® API and OLE on different UNIX platforms...

WISE SDKs enable developers to write to Windows APIs and use the resulting applications on Macintosh and various UNIX systems. To get a Windows-based application running on a Macintosh or UNIX system using a WISE SDK, the application source code must be recompiled on those systems...

A WISE SDK consists of tools to port code from a PC and libraries to compile Windows code on the Macintosh or UNIX system."

I also found a 21 Sep 98 story announcing Mainsoft and Microsoft agreed to licensing terms for "Windows NT 5.0" source code. According to this 1 Nov 00 story, "Mainsoft is one of only two companies—Bristol Technologies Inc. is the other—with access to the source code under the Windows Interface Source Environment agreement." I found this 29 Oct 95 story claiming "When IBM purchased Lotus Development Corp., it acquired Lotus's license to Microsoft's Windows Interface Source Environment (WISE), giving it access to the source code in Windows 95 and Windows NT, including Microsoft's OLE object technology."

So it seems Mainsoft may be in trouble for trying to get Windows programs to run on Unix. If you want to run Unix programs on Windows, take a look at Interop Systems. They work with the Windows Services for Unix.

Updated: Tamura Jones wrote me last week. He clarified a few points that I updated in the story above.

Comments

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics