Windows goes open source....

[FlyingPenguin]

http://slashdot.org/articles/04/02/12/2 ... 09&tid=187

PeterHammer writes "Neowin.net is reporting that Windows 2000 and Windows NT source code has been leaked to the internet. More on this as we hear it."

[Pugsley]

from what i heard ist only one CD... out of how many i dont know.

[TheSovereign]

the microsoft private api's are now exposed
PREPARE FOR THE WAVE OF VIRII WORMS AND TROJANS TO FOLLOW

[PreDatoR]

Thats what i was exactly thinking last night when i saw this on the news. Now all the assholes will really be targeting windows systems.

[TruckStuff]

The Register had a good point about this: Virus writers seems to have done pretty well on their own without the source code. What are the odds that they are going to pour over 13.5 million lines of code when they can just continue doing things the way they always have?

[TheSovereign]

they dont need to pour over it
they can just search for api's
the api's are direct windows control

Advanced Programming Interface or something like that
it uses built in windows shortcuts to do things
so now PRIVATE ms only api's are now exposed
god knows what they will do with that.....think about how powerfull those macro worms are and they only use api's for macros

[glassoftea]

Wow,

What a good time for MS to "Speed Up" Longhorn and shove it down our throats......me think something strange this way comes......

[FlyingPenguin]

Longhorn is still the NT engine under the hood.

It would take DECADES to write that complex an OS from scratch. There's code in XP dating back to NT 3.x days.

THAT'S why they keep having to patch stupid buffer overrun exploits. A lot of that is programming from the early days (although some of it is sloppy modern programming too). Back when memory was limited, and people weren't nefarious, so you wrote your code tight and small and didn't build in any error checking.

[TruckStuff]

Originally posted by TheSovereign
they dont need to pour over it
they can just search for api's
the api's are direct windows control

Advanced Programming Interface or something like that
it uses built in windows shortcuts to do things
so now PRIVATE ms only api's are now exposed
god knows what they will do with that.....think about how powerfull those macro worms are and they only use api's for macros

You're assuming that there are any APIs in the leaked code. Besides, I'm betting most programmers are lazy like me: why spend lots of time on something that may/may not produce any results when I can simply go about my normal routine and achieve the same results?

[donk]

Looks like we have our first exploit..

http://www.securitytracker.com/alerts/2 ... 09067.html

A vulnerability was reported in Microsoft Internet Explorer (IE) version 5. A remote user can execute arbitrary code on the target system.

It is reported that a remote user can create a specially crafted bitmap file that, when loaded by IE, will trigger an integer overflow and execute arbitrary code.

The author states that this flaw was found by reviewing the recently leaked Microsoft Windows source code. The flaw reportedly resides in 'win2k/private/inet/mshtml/src/site/download/imgbmp.cxx'.

The report indicates that IE 5 is affected but that IE 6 is not affected.

Good thing nobody runs IE 5 anymore ...

[FlyingPenguin]

A suprising number of people still use IE 5. I found that out when I went through the logs of my web server a few months ago.

Don't forget that there's still a 30% install base of Win98 users out there, then there's the WinME & Win2K users. Most people with Win98/ME have never bothered to upgrade to IE6. If you're on a dialup its an impractical update.

[eGoCeNTRoNiX]

The building I work in has a couple of OC3s (call center) and they have 500 computers all with IE 5.5 joy..