Forgot your password?
typodupeerror
This discussion has been archived. No new comments can be posted.

Windows 2000 & Windows NT 4 Source Code Leaks

Comments Filter:
  • it's true (Score:5, Insightful)

    by sperling (524821) * on Thursday February 12, 2004 @05:43PM (#8262299) Homepage
    A quick peek around indeed shows something named Windows.Source.Code.w2k.nt4.wxp.tar circulating, but this had to happen sooner or later, considering the number of institutions [microsoft.com] with access to the source. Wonder how long it'll take before a torrent of new worms using newly discovered security holes tear up the net.

    I for one would love to peek around in this, more out of curiosity than any desire to actually do something useful with it.

    • by Anonymous Coward on Thursday February 12, 2004 @05:48PM (#8262419)
      This pretty much destroy's any argument that Windows is more secure because "the bad guys" can't look at the source code. And yet it won't get the positive aspect of "the good guys" reviewing the source code for bugs as it is illegal to make a copy of the code without a license to do so.
    • by Anonymous Coward on Thursday February 12, 2004 @05:49PM (#8262431)
      I wonder how long till hackers go in and fix some of the bugs. That's the real danger to microsoft, if the bugs were fixed people wouldn't have to upgrade.
    • Re:it's true (Score:5, Interesting)

      by Strudelkugel (594414) on Thursday February 12, 2004 @05:54PM (#8262561)

      Seems a bit of a stretch to thing 'soft would have given all of these organizations the complete source tree. If they did, then I am far more amazed the source wasn't leaked a long time ago. It's a bit hard to believe 'soft licensed the entire build tree to anyone.

      Makes a pretty good headline, though.

    • Re:it's true (Score:5, Insightful)

      by MenTaLguY (5483) on Thursday February 12, 2004 @05:54PM (#8262569) Homepage

      I for one would love to peek around in this, more out of curiosity than any desire to actually do something useful with it.


      I hope you weren't planning on ever contributing to any Open Source projects after doing that. If it's later demonstrated that you had access to the W2K source and contributed vaguely similar code (even by accident) to a project, it could have severe repercussions for that project.


      I doubt Microsoft would leak it deliberately, but this does open the door to a whole SCO-esque can of worms from now on.

      • Re:it's true (Score:5, Insightful)

        by sperling (524821) * on Thursday February 12, 2004 @05:59PM (#8262673) Homepage
        And that's exactly why I won't even consider downloading this. I make a living as a programmer, and if I have access to this source Microsoft, with the resources they posess, could make the rest of my professional life a nightmare.
        As much as I'd love to peek around in this, I won't risk it.
      • MOD PARENT UP (Score:5, Interesting)

        by nickos (91443) on Thursday February 12, 2004 @06:03PM (#8262726)
        For the same reasons that Microsoft warned its IE developers to stay clear of Mozilla, open source coders should avoid even seeing this.

        That said, I'd love to get hold of the dll code that does the equivalent of a window manager in X. How cool would it be to swap out a dll on the Windows box at work and have a completely custom windowing environment?
      • Re:it's true (Score:5, Insightful)

        by El (94934) on Thursday February 12, 2004 @06:04PM (#8262761)
        So, if any Micro$oft employees have ever looked at Linux kernel source, they are no longer allowed to work on Windows 'cause now they are tainted? Either the sword cuts both ways, or not at all.
        • Re:it's true (Score:5, Insightful)

          by weileong (241069) on Thursday February 12, 2004 @06:09PM (#8262859)
          Either the sword cuts both ways

          You're assuming the law will be applied fairly and evenly.

        • Re:it's true (Score:5, Interesting)

          by LinuxGeek (6139) <djand.nc@NOsPaM.gmail.com> on Thursday February 12, 2004 @06:13PM (#8262937)
          So, if any Micro$oft employees have ever looked at Linux kernel source, they are no longer allowed to work on Windows 'cause now they are tainted? Either the sword cuts both ways, or not at all.

          In Microsoft's closed source world it would have been tough to know if someone had included code that was similar to something they had seen in the Linux ( or any other opensource) codetree. It will be interesting, if this windows code release (escape?) proves true, if any suspicious code is found.
      • by ackthpt (218170) * on Thursday February 12, 2004 @06:05PM (#8262784) Homepage Journal
        10 * BEGIN
        100 GOSUB 7000 ; * Load stuff
        110 GOSUB 900 ; * Show windows logo
        120 GOSUB 20000 ; * Prompt for operator login
        130 GOSUB 32000 ; * Fill half of memory with DLL's
        140 GOSUB 16000 ; * Time waster loop
        .
        .
        .

      • by Anonymous Coward on Thursday February 12, 2004 @06:06PM (#8262793)
        Imagine if somewhere hidden in the bowels of the Windows2000 source an intrepid SCO intern finds a sliver of SCO-owned Unix code. Then all hell would break loose...
      • That is a MYTH (Score:5, Insightful)

        by FreeUser (11483) on Thursday February 12, 2004 @06:07PM (#8262821)
        I hope you weren't planning on ever contributing to any Open Source projects after doing that. If it's later demonstrated that you had access to the W2K source and contributed vaguely similar code (even by accident) to a project, it could have severe repercussions for that project.

        IANAL but I do read Groklaw, and from what I understand copyright restricts the act of copying (duplicating). You can study someone's implimentation of something as much as you like, then go impliment something similiar yourself. As long as you do not copy the code verbatim you are not in violation of copyright law.

        Otherwise, no student would be able to code having once looked at examples in a text book ... the textbook author would own all of your code.

        The problem is, of course, proving one implimented the code oneself and did not in fact crib the whole thing from someone elses code, and the greater the similiarity (for code of sufficient complexity ... trivial code will generally be similiar regardless) the more difficult that is.

        In any event, it is a myth that, simply by looking at, or even studying, one set of code one is somehow "tainted" and unable to contribute to another, competing project, be it free or proprietary. To violate copyright law one must copy, not just receive inspiration from.
        • by tepples (727027) <tepples@g m a il.com> on Thursday February 12, 2004 @06:17PM (#8262982) Homepage Journal

          As long as you do not copy the code verbatim you are not in violation of copyright law.

          Copying of nonliteral elements is actionable infringement. That's why many reverse engineering firms have two separate teams: one to describe a piece of copyrighted code and another to implement it.

          In any event, it is a myth that, simply by looking at, or even studying, one set of code one is somehow "tainted" and unable to contribute to another, competing project, be it free or proprietary. To violate copyright law one must copy, not just receive inspiration from.

          Try telling that to the estate of George Harrison, who lost in Bright Tunes v. Harrisongs. It's possible to copy without knowing you're copying, and it's still infringement.

        • Re:That is a MYTH (Score:5, Insightful)

          by Bootsy Collins (549938) on Thursday February 12, 2004 @06:19PM (#8263005)

          > I hope you weren't planning on ever contributing
          > to any Open Source projects after doing that. If
          > it's later demonstrated that you had access to
          > the W2K source and contributed vaguely similar
          > code (even by accident) to a project, it could
          > have severe repercussions for that project.

          IANAL but I do read Groklaw, and from what I understand copyright restricts the act of copying (duplicating). You can study someone's implimentation of something as much as you like, then go impliment something similiar yourself. As long as you do not copy the code verbatim you are not in violation of copyright law.

          What you're saying about copyright is correct; but that probably isn't what MS would come after you (and your open source project) for. It'd be patent and trade secret violations.

          That said, I don't know whether the unauthorized release of code would invalidate subsequent trade secret claims. On one hand, it seems crazy to lose trade secret protections because of an illegal or unauthorized act; OTOH, it seems crazy to call something a secret that, well, isn't. Maybe someone who is a lawyer can discuss.

        • Re:That is a MYTH (Score:5, Informative)

          by AKAImBatman (238306) <akaimbatman@g[ ]l.com ['mai' in gap]> on Thursday February 12, 2004 @06:21PM (#8263053) Homepage Journal
          The idea of being "tainted" is actually from licenses that have "trade secret" clauses. Once you sign a license like that, you *are* tainted. That being said, it's a very difficult clause to enforce. Contracts that prevent someone from working in the field for which they are educated and experienced have often been found unenforceable by courts.

          (IANAL and this is not legal advice. Go talk to PJ. At least she's a paralegal.)

        • by Derek (1525) on Thursday February 12, 2004 @06:27PM (#8263154) Journal
          "IANAL but I do read Groklaw"

          It was only a matter of time before people started saying this....

          -Derek

    • Re:it's true (Score:5, Interesting)

      by Marillion (33728) <ericbardes AT gmail DOT com> on Thursday February 12, 2004 @05:57PM (#8262632)
      Sure the source code will make it easier to find exploits, but I've believed for a few years that "institutional hackers" those who have long ago reversed compiled Windows into something suitable for writting worms. How else does the Code Red author decide, "Hey! I found this buffer overflow routine in the unicode support for URLs in the IIS Indexing Server"?

      There are probably paranoid governments who have teams who do this just this kind of work just to make sure those fabled NSA back doors in either are or aren't windows.

    • by uradu (10768) on Thursday February 12, 2004 @05:58PM (#8262646)
      > I for one would love to peek around in this, more out of curiosity

      Morbid curiosity perhaps. Considering the amount of backward compatibility in there, and the generations of tools and code frameworks used over the past decade and longer, I would expect the Windows code to be a BLOODY MESS. In fact it would probably be amusing to just grep for comments--"what does the next line do?!" or "what the h3ll were we thinking?!"
      • by caluml (551744) <<gro.mulac.erehseogmaps> <ta> <todhsals>> on Thursday February 12, 2004 @06:22PM (#8263056) Homepage
        fw calum $ grep -ir " shit " /usr/src/linux/* | wc -l
        15
        fw calum $ grep -ir " fuck" /usr/src/linux/* | wc -l
        40
        fw calum $ grep -ir " crap" /usr/src/linux/* | wc -l
        98

        Should I have been doing this on the company firewall? Probably not.
      • by bonch (38532) on Thursday February 12, 2004 @06:29PM (#8263184)
        "#43 Posted by psneddon on 13 Feb 2004 - 01:09
        Just my opinion / thoughts.

        1) The software that builds and compiles Windows is very complex I doubt anyone could turn the source into a working system easily. Maybee it would be possible to compile certain parts. Plus even if you could it would take hours if not days to go through the process.

        2) I don't see how this will let anyone find any obvious flaws, microsoft have software that does this all the time. I'm not saying its not a security risk but its not as simple as the journalists make out - as always.

        3) This exact same scare happened about 7 years ago, I remember they were selling the source to NT4 at a local market on CD, doubt it was the real source code."
    • by G27 Radio (78394) on Thursday February 12, 2004 @06:01PM (#8262708)
      The Windows code hasn't had nearly as much peer review as open source OS's so I won't be suprised if this leads to a ton of exploits. The big problem here is that this source will be available to any black-hat that wants it--they obviously aren't going to be concerned about the legalities of obtaining leaked source code. But the businesses that use Windows aren't going to be able to audit the code for security leaks unless they obtain it illegally (or sign some agreements with Microsoft and shell out bundles of cash.)

      • by cmowire (254489) on Thursday February 12, 2004 @06:07PM (#8262826) Homepage
        That is exactly my thoughts.

        The interesting part is the difference between Win2k and Linux. In both cases now, the black hats have access to the source code. However, there are more white hats who have access to the Linux codebase, which will make for some interesting long-term implications.

        This also has the potential to solve the NSAKEY contriversy once and for all and provide some interesting insights into how Windows works. I'm wondering if, through the use of countries with more flexible copyright systems, it would be possible to document interesting attributes and then pass them back to WINE and other open-source folk.
    • Re:it's true (Score:5, Interesting)

      by Anonymous Coward on Thursday February 12, 2004 @06:20PM (#8263021)
      It was a quiet nice evening couple years ago. Someone pointed me on IRC to 2 links on some unnamed (I won't tell) microsoft.com server. 2 huge .tar.gzs, totalling couple gigabytes. The Windows XP source code.

      The links circulated very fast and the servers started slowing and slowing down and then they died. The first ones did manage to get all the stuff. I envied them because I managed to get only couple megabytes. :-(

      It seemed real. Very real. Someone had broken into their development servers, stuffed the stuff to the web servers and escaped with it all.

      There was some small mention about it on the Slashdot too but I couldn't find it right now. It seems the Microsoft was able to really sweep that one under the carpet. I wonder how.

      There are people around with self compiled Windows XP copies, trust me. I envy them. I would gladly remove some features and tweak couple edges I am not now allowed to. Even though it would be a HUGE task.

      So the now leaked source codes to NT/2k are mostly just boring and obsolete.
    • by Zork the Almighty (599344) on Thursday February 12, 2004 @06:22PM (#8263066) Journal
      What the hell, it's just one big .vbs file!
  • Open Source (Score:5, Funny)

    by The_Rippa (181699) * on Thursday February 12, 2004 @05:43PM (#8262300)
    Now will everyone stop bitching about Windows not being open source?!
  • by momerath2003 (606823) * on Thursday February 12, 2004 @05:43PM (#8262304) Journal
    "The server is too busy at the moment. Please try again later."

    Later isn't going to work, since the server was down even before it hit the Slashdot front page. I empathize with their server.

    I did, however, managed to grab the news blurb (but not the, at that point, 214 comments) from the intermittent front page:

    Neowin has learned of shocking and potentially devastating news. It would appear that two packages are circulating on the internet, one being the source code to Windows 2000, and the other being the source code to Windows NT. At this time, it is hard to establish whether or not full code has leaked, and this will undoubtedly remain the situation until an attempt is made to compile them. Microsoft are currently unavailable for comment surrounding this leak so we have no official response from them at the time of writing.


    This leak is a shock not only to Neowin, but to the wider IT industry. The ramifications of this leak are far reaching and devastating. This reporter does not wish to be sensationalist, but the number of industries and critical systems that are based around these technologies that could be damaged by new exploits found in this source code is something that doesn't bare thinking about.

    We ask that for the wider benefit of the IT community that members and readers support Microsoft by forwarding anything they know about the leak to the Microsoft's Anti-Piracy department.

    Please do not post any links/screenshots/hints or anything to do with the source code outbreak. Discussion is allowed but we will not condone people spreading this source code.


    Torrent, anyone? ;) (not like I would have any reason to want to have several lines of bug-infested code, as who knows to where the bugs might spread in my system)
  • What now? (Score:5, Funny)

    by Rosyna (80334) on Thursday February 12, 2004 @05:44PM (#8262332) Homepage
    Are people deeply involved with OSS going to start fixing bugs in Win 2k? Might be fun and a dagger in MS's heart.

    "We fix bugs in 24 to 40 hours, much faster than OSS."
  • by Fluk3 (742259) on Thursday February 12, 2004 @05:45PM (#8262343)
    There's plenty of worthless spam on the internet already.
  • by timdorr (213400) on Thursday February 12, 2004 @05:45PM (#8262354) Homepage
    Full file listing with sizes: http://heim.ifi.uio.no/~mortehu/files.txt [ifi.uio.no] I suggest mirroring ;)
  • by viper21 (16860) <`moc.yrdnuofqi' `ta' `ttocs'> on Thursday February 12, 2004 @05:46PM (#8262371) Homepage
    Microsoft just needed a push in the right direction, right?

    -S
  • by ackthpt (218170) * on Thursday February 12, 2004 @05:46PM (#8262375) Homepage Journal
    On a related note, Microsoft is reporting the number of bugs in Linux to have surged in recent weeks, thus proving Intellectual Property theft.

    Seriously, the previous article [slashdot.org] lambasting open source for being vulnerable is nothing when compared to eyes backed with malicious intent poring over Windows source code for new exploits. So much for security through ignorance.

  • Fortune (Score:5, Funny)

    by Tom Rothamel (16) on Thursday February 12, 2004 @05:46PM (#8262383) Homepage
    The funny thing is the fortune that appeared in the appropriate slashbox when I first saw this article.

    "Never trust an operating system you don't have sources for. ;-)
    -- Unknown source"
  • Mirror With Comments (Score:5, Informative)

    by RPoet (20693) on Thursday February 12, 2004 @05:46PM (#8262386) Journal
    Mirror with comments [student.uib.no].

    Hope it's all just a bluff.
  • Code (Score:5, Funny)

    by daeley (126313) * on Thursday February 12, 2004 @05:46PM (#8262396) Homepage
    ...Windows 2000 and Windows NT source code has been leaked to the internet.

    The Internet, however, being a polite sort of fellow and completely undesirous of the undoubtedly horrible ramifications of having such a beastie running around loose, gently replaced the source code and gave Windows a friendly pat on the head.
  • by AuMatar (183847) on Thursday February 12, 2004 @05:47PM (#8262405)
    Do NOT read that code if you ever wish to program for an open source OS, ever. Doing so will make you tainted- you open the project up to allegations of copyright infringement. Unless you never want to contribute a single line to Linux, *BSD, etc, checking out that code is a bad idea. Its almost a surprise MS didn't "leak" Win 95 or 3.1 years ago to catch open source developers like this.
    • by TekPolitik (147802) on Thursday February 12, 2004 @05:56PM (#8262595) Journal
      Do NOT read that code if you ever wish to program for an open source OS, ever...

      Of course those of us who are also lawyers can safely read other peoples' code, because we know exactly what to do to avoid infringing. It is possible to extract knowledge from the code without breaching copyright, but...

      Getting a copy of the code at all is a breach of copyright.

  • error.h (Score:5, Funny)

    by sarice (26064) on Thursday February 12, 2004 @05:47PM (#8262410)
    We all know the real valuable stuff is in error.h.
    So, what does it say?
  • Not good (Score:5, Insightful)

    by savagedome (742194) on Thursday February 12, 2004 @05:48PM (#8262422)
    This is not good. Windows is designed primarily with 'security by obscurity' in mind. The security holes indeed show up every often and we have worms making it to the gazillion windows boxes before the patch does. Get ready for a deluge of worms/virri. Another bad week/month for sysadmins.

  • If this is true... (Score:5, Insightful)

    by thesolo (131008) * <slap@fighttheriaa.org> on Thursday February 12, 2004 @05:49PM (#8262451) Homepage
    I haven't been able to even get to Neowin, it's been slashdotted since before this story even made it to "The Mysterious Future" here on /., but think about what this means if this is actually true. The potential vulnerabilities. All the trade secrets Microsoft put in there. Hell, IE 5 was released with Windows 2000, so if this is full source, it means IE 5 and the trident engine are in there as well.

    If this is true, today may be the day that everything changes.
  • by zellyn (692627) on Thursday February 12, 2004 @05:50PM (#8262484) Homepage
    ReactOS [reactos.com] have announced they have hit all upcoming milestones and consider their project "feature complete".
  • The comparator (Score:5, Interesting)

    by fava (513118) on Thursday February 12, 2004 @05:51PM (#8262489)
    I wonder how long it will be until someone runs the comparator in it?
  • by FattMattP (86246) on Thursday February 12, 2004 @05:51PM (#8262504) Homepage
    I found the source code here. [demon.co.uk]
  • tin foil hat (Score:5, Insightful)

    by wildcard023 (184139) on Thursday February 12, 2004 @05:52PM (#8262515) Homepage
    Ok so here's MS's plan.

    Step 1) Leak their source
    Step 2) Sue Onen Source developers down the road because obviously they have studied the MS leaked source.
    Step 3) ... Ya, I'm sure you know what goes here.

    Ok but seriously, I'm not touching it. The last thing I need is Microsoft saying that I somehow owe something to them.

    Jerks.

    --
    Mike
  • by ThogScully (589935) <neilsd@neilschelly.com> on Thursday February 12, 2004 @05:54PM (#8262575) Homepage
    In the last article on the /. home page, we have W. Russell Jones talking about all the insecurity of having source available in open source projects.

    I'm afraid we've reach a massive failure here in security by obscurity, but time will tell. If this is true and if there are lots of security holes discovered, I find it hard to believe even a company of Microsoft's size can respond quickly enough to keep the outbreaks down. This threat is why open source is better than what W. Russell Jones made it out to be. The threat of security failing because of leaking source just isn't there with open source.
    -N
  • by Animats (122034) on Thursday February 12, 2004 @05:56PM (#8262591) Homepage
    What the NT kernel does is well understood. The object code is widely available, and key parts, like file system formats, have been reverse engineered. There's plenty of documentation. A few major development shops have access to the source anyway. If you're into kernel architecture, it might be interesting, but otherwise, so what?
  • by Soul-Burn666 (574119) on Thursday February 12, 2004 @05:56PM (#8262611) Journal
    It's only reasonable that software with so many holes will leak!
  • It's not a problem. (Score:5, Interesting)

    by ggruschow (78300) on Thursday February 12, 2004 @06:01PM (#8262705)
    I've seen a fair chunk of the NT kernel code, legally, under NDA. The NDA bars me from revealing any details, but it doesn't prevent me from saying that, if I were MS, I wouldn't worry about anything aside from sheer embarassment.. However, I have to admit that getting something of that hulking size operating solidly is pretty respectable.

    On the plus side, some of the comments are fairly humorous, especially when you note who wrote them and look up where they are today.

  • Someone PLEASE... (Score:5, Interesting)

    by RyanFenton (230700) on Thursday February 12, 2004 @06:06PM (#8262797)

    As someone mentioned, this would be fascinating to just read the comments. Would it be possible for someone to strip out all the code, leaving only the comments for each file, minus comment lines that ARE code? It would be GREAT just to read the "intention" and "questions" living in that code and be able to associate each with a filename. Purely for entertainment value. It would also be neat to compare comment-to-code ratio in areas of MS code. :^)

    Ryan Fenton
  • So... (Score:5, Insightful)

    by El (94934) on Thursday February 12, 2004 @06:07PM (#8262829)
    My question is, has anybody managed to get this steaming pile of manure to compile? Seems like one would need to do that and then compare the binaries (ignoring any timestamping) before assuming this is authentic.
  • by C A S S I E L (16009) on Thursday February 12, 2004 @06:10PM (#8262880) Homepage
    Neowin.net is reporting that Windows 2000 and Windows NT source code has been leaked to the internet.

    The server is currently slashdotted, but I managed to download the first few lines of the Windows 2000 codebase. Here they are:

    10 REM Windows 2000 Operating System
    20 REM (C) Microsoft Corporation
    30 REM Note: TO DO: fix up security stuff
    40 REM :
    50 REM :wq
    60 REM exit^M^M quit ^C
  • Pffft... (Score:5, Funny)

    by TheSpoom (715771) * <slashdot&uberm00,net> on Thursday February 12, 2004 @06:11PM (#8262902) Homepage Journal
    The Win2K Source [baltimoremd.com] was released a while ago.
  • by metroid composite (710698) on Thursday February 12, 2004 @06:18PM (#8262992) Homepage Journal
    #1.3 Reply by cowabunga on 13 Feb 2004 - 02:16

    About when is it time to buy som Microsoft stock? In an hour when it plummets and then sell tomorrow when its back up after they find out its all bull

    Maybe someone trying to make some money this way or MS is agressivly pushing their customers over to XP

    Worth mirroring I thought.
  • by Anonymous Coward on Thursday February 12, 2004 @06:25PM (#8263111)
    WINEHQ: Early today, a developer who wished to remain anonymous contribued an astonishing amount of source code to the WINE project. Some initial testing performed by WINE core developers revealed that WINE's compatibility with Microsoft Windows applications releasted for Windows NT and Windows 2000 had perfect compatibility, even down to some annoying and well-known bugs that have plagued certain Microsoft DLLs distributed with Microsoft's operating systems.

    "This will really make it possible for non-Windows users to run more applications than ever using WINE on alternate operating systems like Linux," said one develper we spoke with. ;)
  • by bobdotorg (598873) on Thursday February 12, 2004 @06:25PM (#8263113)
    I would be the most poetically ironic event ever if it turns out that it was a MS Win security hole that allowed a hacker to enter a server and steal the code.

    Doubly ironic if it was a hole that MS has known about for months and not bothered to patch.

    Triply ironic if someone finds said hole, patches it, and ships patched source back to MS.
  • Code leaks not new (Score:5, Informative)

    by Jim Hall (2985) on Thursday February 12, 2004 @06:27PM (#8263147) Homepage

    Code leaks from Microsoft are not new. Check this article [cioupdate.com] at CIO Update about a code leak a year ago: (emphasis mine)

    Microsoft Corp. said it is tracing a key piece of code from its Windows Server 2003 software that was leaked onto the Internet, triggering concerns about piracy problems ahead of the company's scheduled product release later this month. The volume-licensing key in question allows for unlimited installations of Microsoft's Windows Server 2003 server operating system, the next upgrade from Windows NT that is slated for release on April 24.

    However, this seems only to be a partial leak, not comparable to this complete (if it's real) source code leak.

  • by Anonymous Coward on Thursday February 12, 2004 @06:27PM (#8263155)
    Blimey. We got wind of this around lunchtime GMT, and within half an hour two zip files mysteriously got downloaded to - ahem - servers some collegues and I have access to (no, I had no involvement in the download and have no idea of the source). We took a look, us being extremely sceptical of the claims, and ended up spending a few hours grepping the Win2K sources.

    If this is a wind up, someone or people spent a long old time faking it. Microsoft notices and email addresses all over the place. They don't like the AIX compiler one little bit. Hardly any mention of Linux, GPL or GNU.

    Actually quite a professional bunch of source files by all accounts. Appears to be using standard GNU Makefiles though. Yes, the 'f' word appears, as does the 's' word. Apparently Office 2k is broken in some respect that Win2k needed a tweak or some description.

    Plenty of mentions of Internet Explorer, although I wouldn't like to say that we found 'IE' in the code, but then we aren't C experts at all. It does mention IE6 and Windows ME, so can't be all that old either. Does mention buffer overflows a fair bit, also plenty of 'hackhack' and 'bugbug' notes laying around.

    In fact, nothing particularly spectacular found at all. We took a look, got bored, and went back to our normal work. Honest boss!

    And no, we didn't try to compile it. We felt it was genuine enough though - not that we really cared. We did however note that if this lot is proven to be the real deal, Microsoft are going to be landed with one hell of a lot of security alerts for 2k/NT over the next six months.

    Yours merely curious...

User hostile.

Working...