Windows 2000のソースコードが流出した事件を振り返る

2004年2月に発生した Windows NT 4.0 Service Pack 6a/2000 SP1のソースコード流出事件について、まとめてみた

@IT:Insider's Eye -- Windowsソース・コード流出がもたらす波紋
ソースコードの違法掲載に関する声明

Windows source leak traces back to Mainsoft

BetaNewsは、木曜日に漏えいした Windows 2000のソース・コードが Microsoftからではなく、長年のレドモンドのパートナーであるMainsoft社から発生したことを知った。漏えいしたアーカイブ内のファイルが、同社のMainWin製品で使用するためにMainsoft社にライセンスされたWindowsのソースコードのサブセットのみであることを示していると分析しています。 MainWinは、WindowsアプリケーションのネイティブなUnixのバージョンを作成するためにソースを利用しています。

Mainsoft社は、MainWinでは触っていないWindows数百万行のコードが組み込まれているといっている。FBIと調査を開始したマイクロソフトは、それはレドモンドの内部セキュリティには影響は受けないと言っています。

と言っていたにもかかわらず

Microsoft Code Leak Invokes Issues Beyond Security | Security | TechNewsWorld

ソースコードの漏えいに加えて、Internet Explorer 5の脆弱性にそれに関連する脆弱性が週末に発見されたことをSecurityTrackerからの警告は示しています。
複数の脆弱性がエクスプロイトや攻撃が過去数ヶ月で大量に出ているため、Internet Explorer 6に影響を及ぼさないこの新しい脆弱性自体は、ほとんど際立っていない。

ソースコードからIE5の脆弱性は発見されたらしい・ω・

Microsoft Updates Code Leak Statement, Mainsoft Fingered | Windows Server content from Windows IT Pro

報告によると、メディアとの接触を拒否しているMainsoft社の技術ディレクターのイスラエル人、Eyal Alaluf氏が使用していたPCがWin2KとNTソースコードの流出元だそうだ。

Windows 2000 ソースコード流出拡散 - faireal.net

このコードは本物としか思えない。 タスクマネージャのソースを見ると、タスクマネージャを起動するときに、Shift Alt Ctrl の3つ(Ctrl-Alt-Delではない)を押すと、 前回起動時のウィンドウの位置などを使わず「初期化される」という内容が書かれている( スタートボタン→R で taskmgr を指定、Shift Alt Ctrl を押したまま Enter を叩いてみてください)。 こんな隠しコマンドがあるとは知らなかった。手元で確かめたら、実際、 タスクマネージャは、そのようになっていた


こんな記事も見つけた

Windows Internals Expert Speaks on Source Code Leak

Published by: justin-goldberg on Feb 16, 2008 Traditional Copyright All rights reserved

THE FACTS
It is the source code The Windows 2000 source code leaked was first reported by Neowin on 12 February 2004 andsoon confirmed by a public statement from Microsoft. There are two major downloads circulating,one 229 MB archive with source for Windows NT 4 and one 203 MB archive with source code for Windows 2000.No Windows XP, Windows 2003 or Windows "Longhorn" source code is being circulated. What is source code? What is source code? Many report have called it a blueprint, but that's wrong. A blueprint for abuilding tells you how to create that building. Source code isn't a blueprint for how to create aprogram. Source code is the program. The difference between source code and the program youuse is one of  translation .Programs are written in a computer language , that's a language for writing computer programs,but one that humans can learn to read and write. The text they write - in one or more computer languages - is source code . That source code is translated  into a form you can actually use, andthat form is called an executable . The source code and the executable are the same program. They are not different programs, just different forms of the same program.The important thing about the availability of source code is that the source code is not only writtenin a language humans can understand, but also contains suggestive names and helpfulcomments to aid in understanding it.It is possible to learn a lot about how a program works by studying just the executable, but it ismuch easier to understand a program by studying its source code. Not the first Microsoft source code leak This is not the first time that Microsoft source code leaked onto the net. In 2000, the source codefor MS-DOS 6 was leaked. It received considerable less attention, as most journalist considered itobsolete, despite the fact that it still had millions of users around the world, and that MS-DOS isactually the basis for many versions of Windows still in use today. That leaked source is still beingpassed around. Security breach In October of 2000, Microsoft had to confirm that crackers had broken into their network andactually gained access to the Windows source code. That breach was done using the Qaz trojan.Microsoft has stated that this time round, their security has not been breached. How did this happen It is a little known fact that Microsoft has been providing access to Windows source code toUniversities, strategic partners and consulting companies for a long time. As Microsoft expandedthe number of license programs and the number of licensees, the risk of a source code leakincreased.It has been reported in a BetaNews exclusive, that evidence inside the Windows 2000 sourcecode leaked on Thursday 12 February 2004 suggests that this particular leak originated at long-time Microsoft partner MainSoft. The leaked source would implicate Eyal Alaluf, MainSoft'sDirector of Technology. MainSoft MainSoft is a commercial company that provides a product called MainWin. The MainWin productmakes it relatively easy for third-party software companies to make the programs they alreadycreated for Windows available on Unix as well. The MainWin product is based on actual Windows source code. Microsoft provided MainSoft withits first Windows source code license in 1994. Access to the actual Windows source code makesit easier for MainSoft to ensure that the resulting Unix programs made with the MainWin toolkitwork just like the original Windows program.Neither Microsoft nor MainSoft has acknowledged that MainSoft is the cause of the leak yet. Bothcompanies have issued statements that they are investigating. Windows source code The availability of Windows source code is a big issue, but not in the way many reported it.Access to Windows source code can be had legally from Microsoft. Microsoft has a number of source sharing programs. Many of these require you to sign paper agreements, but a packagecontaining the source code for Windows CE 3.0 can be downloaded from the Microsoft web siteafter agreeing to an electronic one.Apple makes source code available too. The full source code for the latest version of MacOS canbe downloaded from Apple's web site.So, the mere availability of source code isn't a big issue. The issue is that this particular sourcecode, which Microsoft has always presented and is still protecting as a trade secret, has leakedoutside its licensing program. It has been made available for download to anyone, withoutMicrosoft's consent, and without any of the recipients agreeing to any license first.This creates all kinds of problems ( see below  ). the leaked Windows 2000 source code is old The leaked source is more than three year old. The newest files in the Windows 2000 sourcecode are dated 25 July 2000. The source probably corresponds to Windows 2000 Service Pack1, while the current Service Pack for Windows 2000 is Service Pack 4. The Windows NT 4 sourcecode probably corresponds to Windows NT 4 Service Pack 3, while the current Service Pack for Windows NT 4 is Service Pack 6a, and a Service Roll-up Pack has already followed it. the leaked Windows 2000 source code is incomplete The distributed Windows 2000 source is reported to consist of 30,915 files that take up roughly650 MB of disk space (just about how much will fit on a single CD) and contain some 13,5 millionlines of code. That sounds like a lot, but it is only part of Windows. One question people keepasking is just how much it is.To answer that question, you must know how big Windows is. How big is Windows Many news sources keep quoting each other, saying that the estimated size of Windows 2000 is35 million lines of code, with no attribution to any reliable source.The 35 million is just someone's estimate. Most code sizes mentioned are either estimates or numbers for other versions of Windows. Most numbers mentioned are too high. The actualnumbers are all available from Microsoft sources if you know where to look. . A Microsoft press announcement dated 15 Feb 2000 about the introduction of Windows 2000in the Middle East clearly states that Windows 2000 consists of 29 million lines of code. . On 24 Sep 1997, Microsoft Senior Vice President Jim Allchin told the attendees of theProfessional Developer Conference that Windows NT 3.1 was six million lines of code,Windows NT 4 was 16.5 million lines of code, and that Windows NT 5.0 Beta 1 (Windows NT5.0 was later known as Windows 2000) was 27 million lines of code. . Some sources mentioned 50 million lines of code for Windows 2000. A document onMicrosoft's web site makes clear that that's the number for Windows 2003. Another documentreveals that another number that is being passed around a lot, 45 million lines of code, is thenumber for Windows XP. . Some very authoritative figures for the size of Windows 2000 are in presentation Microsoftdistinguished engineer Marc Lucovsky gave at the Usenix 2000 conference. He told attendees that Windows NT 3.1 consisted of 6 million lines of code and that the Windows2000 source code consisted of 180 projects, that total 29 million lines of code and take up 50gigabytes of disk space.Here's a table summarising the official figures collected from various Microsoft sources yearproductMLOC 1993Windows NT 3.161996Windows NT 4.016.51999Windows 2000292001Windows XP452003Windows 200350MLOC = million lines of codeMost numbers reported so far for the size of Windows 2000 are too high and as a result, theestimates for the percentage of code that has leaked are too low. CALCULATIONS  explaining the 15 % quote; Microsoft's calculation? Microsoft reportedly told analyst that the leaked source is roughly 15 % of the source for Windows, and many have doubted that number. Apparently, Microsoft later told the same reportsthat is was just one or two percent. Both numbers can be explained.Many analysts believe the actual percentage to be higher than 15 %, despite assuming highestimat
es for Windows's size -- but what if you assume that the 15 % is right?If 13.5 million lines of code is 15 % of the code, then 100 % would be 90 million of codes. It is notimpossible that 90 million lines of code is the actual size of the code base for Windows“Longhorn”, the next major release of Windows.Assuming that this is the calculation Microsoft made, the problem is that that calculation just isn'tright.If you were look up that 15 % in the current Windows source and compare it with the leakedsource, you would undoubtedly find that it had been changed in thousands of places. It just isn'tthe same source. You may also find that the parts that do actually correspond with the leakedsource aren't 15 % of the current source, but say 12 % or 18 %, depending on both the nature of changes and your definition of corresponding.The simple truth is that the leaked source isn't any percentage of the current code base at all, it isthree and a half year old code that's a percentage of the official code base for Windows 2000Service Pack 1.If this is indeed Microsoft's calculation, Microsoft would consider the distribution of the completeWindows NT 3.1 source (6M LOC) as just 7 % of the Windows source, while it is in fact 100 % of a complete, working operating system.That does not mean that the Microsoft calculation is meaningless. It is only natural for Microsoft tocompare to the current code base, as it represent the current extent of their intellectual property,and the quoted percentage is rough quick & dirty initial indication how much of the currentintellectual property has leaked.Whether this is indeed Microsoft's calculation or not, I make different calculations. The real calculation I believe we should compare the size of the leaked source to the size of the correspondingoperating system. The leaked source is 13.5 million lines of code; Windows 2000 is 29 million lines of code. 13.5 million is roughly 47 % of 29 million. Thus, if both figures are correct, almosthalf the source code leaked out.However, another calculation can be made. The leaked source takes up 650 MB of disk space.The complete source takes up 50 GB of disk space. Thus, again assuming that both figures arecorrect, only slightly more than one percent got out. Which calculation is better? With Microsoft's official figures public, it is possible to calculate the percentage of source codeand possible to calculate the percentage of disk space. Theses percentages differ considerably.The question which calculation is best doesn't matter that much. Having 47 % of the source codeis nothing to sneeze at, even if it just 1 % of all files. Windows NT 4 numbers What everyone seems to have missed in trying to work out the actual percentage is that thenumbers reported for Windows NT 4 do not make sense. Many ignored the Windows NT sourcecode simply because Window NT 4 itself is considered old news.However, a brief look at the numbers reported for Windows NT 4 leads to a startling conclusion… Windows NT 4 source code size paradox: leaked source is larger than full source? One pair of number being reported for the size of the leaked Windows NT 4 source code is95,103 files and 28 million lines - but Microsoft tells us that the full source code for Windows NT 4is “just” 16.5 million lines of code, so that would be 170 % of the source code.Some media has reported these numbers repeatedly, apparently without anyone noticing or wondering about the obvious impossibility.There are two explanations for this paradox: either the distribution contains more than just thesource code for Windows NT 4 or the numbers are wrong. Possibly both. What is a line of code? A simple explanation for this paradox is that the two numbers do not count the same thing. A lineof code is not always a line of code. Just how you count the lines does matter, and matters a lot  .It is possible that the reported count of 28 million lines of code includes empty lines and commentlines, whereas Microsoft's count of 16.5 million lines number does not. If so, because an all linescount  and a Microsoft count  are not the same thing, and the two numbers are not directlycomparable.Thus, the reported 28 million lines could actually be less than the reported 16.5 million lines thatWindows NT 4 is made of.This is confusing. The only certainty is this: uncertainty about just what is being counted throwsall reported numbers into doubt. Another 15 % explanation So, another explanation for the 15 % statement is that the source code for Windows NT 2000 is13.5 lines of code if you count all empty lines and comment lines, but --assuming Microsoft's 15 %was correctly calculated - only 4.35 million lines of code when counted Microsoft's way. IMPORTANCE Having corrected, explained, calculated and doubted the numbers, I'll now say this: none of thesenumbers means much. The issue is not what percentage got out, but what  got out.The real observation is that what got out is not just any part, but an important part  of Windows,and you do not even need to read the leaked code to figure that out… what MainWin does MainSoft's MainWin product allows developers to create Unix versions of their existing Windowsprograms. There are all kinds of technicalities, but the basic idea behind the MainWin product isvery simple: MainWin  pretends to be Windows.MainSoft has incorporated considerable parts of the Windows code into its MainWin product. In avery real sense, large parts of the MainWin product do not just pretend to be Windows, but are Windows. WISE In support of the MainWin product, Microsoft provided MainSoft with a license in its WindowsInterface Source Environment (WISE) program.The WISE license provides source code access to the very core of Windows, the basis the rest of Windows is built on. The WISE program is so exclusive that it is not listed on Microsoft SharedSource Licensing Programs page. What is provided under the WISE license is so essential, thatonly a few companies ever got one. That fact alone already indicates the value Microsoft placeson this particular source code license.The source that leaked is part of what MainSoft got under that rather exclusive WISE license, andwhat it got is the hottest part of Windows. If the leaked code is indeed 47 % of Windows, it mayvery well be more than 50 % of Microsoft's most jealously guarded Windows secrets. Cracker threat Many commentators have suggested that the availability of the source code is a boon to crackersand virus writers. I do agree with that, but I also believe that many have overstated the extent andmisrepresented the nature of the effect.Keep in mind that virus writers have been quite successful so far without access to the sourcecode. The availability of source code does not make it  possible to find programming mistakes thatcan be exploited, it only makes it easier  .Still, crackers are likely to study the code in search for programming mistakes. A temporaryincrease in the number of new exploits as these are found is not impossible. It is a cause for concern, but not a reason to panic. Many of the defects in Windows 2000 Service Pack 1 havealready been fixed in subsequent Service Packs. First exploit The first potential exploit based on the code was reported to SecurityTracker by “gta”, a white hathacker, who points out a programming defect in the source for Internet Explorer 5 and explainshow this could be exploited by creating particular pictures. This specific defect had already beendiscovered by Microsoft during an internal audit and has already been fixed in Internet Explorer 6Service Pack 1, released on 30 August 2002. Conspiracy theories There are conspiracy theories that Microsoft leaked this source on purposes. BetaNews's reportthat it wasn't Microsoft, but MainSoft that somehow leaked the code did not put an end to those.Small details like that do not deter a good conspiracy theorist.I have been watching Microsoft for most of its existence, and I do not believe Microsoft wantedthis to happen. I believe that Microsoft management is seriously embarrassed by and is veryunhappy about it all.I do not believe that that th
e public distribution of old Windows source code impacts the schedulefor Windows "Longhorn" either. Longhorn slips will be caused by the usual reasons. WHAT TO DOWhat can Microsoft do There is only so much Microsoft can still do about it. Microsoft will of course continue to provide updates and fixes for current Windows versions, andwill continue development of Windows Longhorn, the next version of Windows.Microsoft is investigating the matter, and will certainly try to prevent a repeat occurrence.The genie is out of the bottle; the distributed source code is public now. Windows was never  Open Source , but it is Opened Source now. That is an issue for the whole industry that Microsoftwill have to deal with.One practical thing Microsoft can do is identify what current source corresponds to the leakedsource and give it a higher priority in its ongoing Secure Computing initiative.That is not the only thing Microsoft can do. A more radical response to would be to offer freeupgrades away from Windows NT and Windows 2000. What developers should do I strongly advise software developers to resist the temptation to look at the source code. If youare a developer, do not even download it. You should not possess a copy.Once you have looked at the source, you are irrevocably contaminated  . I am not a lawyer, butyou don't have to be a lawyer to understand that if you ever look at the source code and later create something very similar, you may have a hard time proving that what you did is not directlyor indirectly derived from that source.Copyright violation may be a complex topic in the Internet age, but it's only the beginning. If it isknown that you may have viewed the Windows source code you are much more likely to findyourself charged with trade secret violation and software patent infringement.So here's the advice from a Windows internals expert: Do not look at it. Do not download it. Avoidall contact with it. Treat it as an infectious disease.If you believe that you have a specific problem that could be solved with access to source code,contact Microsoft or one of its licensed partners with your specific request.If you are just interested in learning about how a system like Windows works by studying thesource, download either the Windows CE 3.0 source from the Microsoft web site. The mostinteresting source package Microsoft makes available as a free download is the Shared SourceCLI (SSCLI), also known as Rotor. What system managers and users should do User of older versions of Internet Explorer should upgrade to the latest version, a free downloadfrom the Microsoft web site. System Managers and Users of Windows NT 4 and Windows 2000 systems in particular shouldtake pro-active action by ensuring that their systems have the latest free Service Packs or upgrade to a newer version of Windows - Windows XP and Windows 2003 are recommended for clients and servers respectively.Microsoft provides tools that make keeping up to date relatively easy. Internet Explorer users canvisit the Windows Update to check for any updates their system might need, simply by choosingthe “Windows Update” item on the “Tool” menu.Windows 2000 Service Pack 3 and later includes the Windows Automatic Update Client that willdownload critical patches automatically. This is not available for Windows NT 4. Windows NT wasreleased in 1996, more than seven years ago. Microsoft is retiring support for Windows NT 4 andusers are recommended to upgrade their systems to a more recent version of Windows.And oh, do make regular backups and do use an antivirus program with automatic updates.

Copyright (c) 2004 by Tamura Jones

へぇ…2000年に MS-DOS 6のソースコードがリークされたんだ・ω・
Windows 2000のコードの何パーセントが漏れたかについて、NTのも含まれてるし、コメントが全ソースの行数に含まれていないかもしれないことについて言及されてたり

おすすめ

コメントを残す

メールアドレスが公開されることはありません。 が付いている欄は必須項目です