Hunt for source of Windows leak goes on

Investigations have been continuing into how source code for Microsoft's Windows operating system made its way onto the internet last week.

Microsoft acknowledged on Thursday that a portion of the Windows 2000 and Windows NT 4 source code databases had been leaked. On Friday, Microsoft partner Mainsoft confirmed that it was investigating whether it played a role in the release, after a technology-discussion website revealed that an error report in the code includes the corporate email address for a Mainsoft employee.

The companies have had a source-code licensing agreement since 1994 that allows Mainsoft to access and distribute Windows operating system source code. Mainsoft's technology allowed Microsoft's Internet Explorer, Outlook and Media Player to be ported to Sun Microsystems and Hewlett-Packard versions of Unix.

The error report - or core file - included with the leaked Windows code was possibly created when a popular Unix text editor, vi, crashed.

"The core file is generated whenever a program crashes in any Unix operating system," said Chris Wysopal, vice president of research and development for computer security company @Stake. "The core file takes the memory image at the time of the crash."

Details of the core file were first posted by BetaNews and confirmed by silicon.com sister site CNET News.com.

Mainsoft, which has about 80 employees worldwide, didn't confirm the connection on Friday, but said in an email message that it was investigating the matter.

"Mainsoft takes Microsoft's and all our customers' security matters seriously, and we recognise the gravity of the situation," the company said. "We will cooperate fully with Microsoft and all authorities in their investigation."

Although the core file points to Mainsoft as the apparent source of the leaked code, it does not suggest the means by which the code was exposed. The computer where the source code was stored could have been compromised by an online attacker; the machine could have been disposed of or sold without erasing the drive; or there are other possibilities.

Officials at Mainsoft's home office in San Jose, California, said they first learned of the possible connection on Friday morning. Investigation into the matter is being handled out of the company's development office in Israel. "We have a really good relationship with Microsoft," a representative said.

Microsoft also wouldn't comment on the connection between the source code and Mainsoft.

"We are in the process of an investigation that started yesterday and are working with the appropriate law enforcement officials," Microsoft spokesman Tom Pilla said.

Pilla added that Microsoft is treating the issue as a theft of intellectual property, not as a security breach. So far, the company has found no reason to suspect that the code came from within the Microsoft or from one of the company's developers, he said.

Microsoft zealously guards the source code to the various versions of its Windows operating system, sharing it only with universities and government agencies that sign agreements not to release the code. While working versions of Microsoft's operating system have occasionally leaked to the internet, actual source code leaks have been rare. In October 2000, an intruder penetrated Microsoft's network and may have had access to the source code.

Although Microsoft chairman Bill Gates has publicly bragged about the security of Windows, even Microsoft fears the release of its code. In testimony during the Microsoft antitrust trial, Jim Allchin, the company’s senior vice president for Windows, said opening up the company's source code could be devastating for the operating system's security.

"The more [that] creators of viruses know about how antivirus mechanisms in Windows operating systems work, the easier it will be to create viruses or disable or destroy those mechanisms," Allchin testified during a May 2002 antitrust trial.

Allchin made the statements while defending the company against legal remedies supported by nine states in its antitrust case that would have compelled Microsoft to give away the source code to Internet Explorer.

Robert Lemos and Ina Fried write for CNET News.com. Matt Hines contributed to this report.