RealTime IT News

Windows Leak An Experiment in Open Source?

Less than a week after it discovered that parts of its Windows 2000 and NT source code were leaked to the Internet, Microsoft officials are now finding that a kind of grassroots peer review of its code is sprouting among programmers and the merely curious from all points of the globe.

The Redmond, Wash., creator of the Windows operating system is legendary for the tight rein it has held over source code to the operating system that runs on 9 out of 10 computers in the world. Only in recent years, goaded in part by an anti-trust settlement with the U.S. Department of Justice in 2001, has the company extended some of its code outside academia and made it available for use by independent software vendors (ISVs). The program, called Shared Source Initiative (SSI), has garnered more than 3,000 development partners in the past three years, according to Microsoft officials.

Some programmers contacted by internetnews.com say many in their community are wary of even looking at the code in order to avoid inflaming intellectual property issues over software copyrights -- in a software industry already inflamed over copyright amid the SCO Group's intellectual property challenge of parts of the Linux kernel.

But for those who do, including plenty of people in peer-to-peer networks and in Internet Relay Chat (IRC) rooms worldwide, the 660 MB file containing the code is essentially open source material.

Chris Wysopal, vice president of research and development at security firm @Stake, said Microsoft should expect to field a lot of calls in the coming months as developers chime in with their ideas for improving the code.

Indeed, experts say the leak of Microsoft's proprietary code to the public might just result in code benefits to the Windows platform overall.

Expect comments from the developer community to outpace any discussion about active open source projects such as Linux, Wysopal said, because of Microsoft's dominant presence throughout the world.

"It's Microsoft. Everyone wants to scrutinize what they're doing," he told internetnews.com. "This is the first glimpse for most people to the way Microsoft actually builds their applications and what kind of quality they have in their coding. People are definitely going to say, 'Microsoft, you made a mistake here,' or 'Why did you do it this way?'" he added.

One of the latest online parlor games involving the leaked code is the glimpse it provides into comments in the code from Microsoft programmers charged with updating and patching the code over the years.

One technology enthusiast at Web site kuro5shin noted many of the hacks (additions) to the code base included some colorful comments and creative use of adjectives in noting programming changes.

In this case, the reviewer concluded the code was generally "excellent." But he also noted the many additions to the Windows code to be almost universally compatible with previous Windows versions. And third-party software has "clearly come at a cost, both in developer-sweat and the elegance (and hence stability and maintainability) of the code."

Microsoft, which does not comment on specific questions about its code, on Wednesday said it has begun sending notifications to people who may have downloaded the company's source code warning them that such actions are in violation of copyright law.

The code leak last week doesn't mean code snippets will find their way into future applications by competitors or the open source community, predict developers in the community.

Most developers who have peeked at the code have found that, while providing a glimpse to some of Windows' inner workings, the code mostly references other areas of source code that were not leaked, said Adnan Masood, a U.K.- based software engineer.

"Programmers may learn bits and pieces about how Microsoft's kernel, input/output optimization, multi-threading, spooling and hardware abstraction layer actually work and what's behind the Windows, but I'm not sure it will become public or get used in any other projects," he said.

Chris Spann, a systems architect, agreed. "Microsoft's only real concern is that someone may be able to use their code in a commercial product," he told internetnews.com. "This really isn't too much of a concern either, as there are open source products in the Linux/Unix world that can already mimic much of what Microsoft has to offer."

Even more of a reason, added Wysopal, is that the code is between three to four years old, a time that pre-dates Microsoft's security initiatives.

"We're sort of looking back in time at what Microsoft was doing in the year 2000 or 1999," he said. "We still don't really know, looking at that code, what today's code looks like.