Microsoft: Shared source not to blame for leak

Microsoft is continuing its investigation into the leak of some of the closely guarded code underlying its Windows 2000 and...

Microsoft is continuing its investigation into the leak of some of the closely guarded code underlying its Windows 2000 and Windows NT products as a partner company responded to allegations that it was the source of the leak.

As computer security experts offered differing opinions on the source and severity of the leak, Microsoft declined to comment on its investigation, but did say its Shared Source Initiative program was not to blame.

Microsoft has provided partner company Mainsoft with access to its source code for several years, which uses the code to enhance graphics for Unix-based Cad/Cam applications.

One example of a reference to Mainsoft is in a file named "download.cpp". It contains a statement that the API (Application Program Interface) is not yet implemented by Mainsoft and that it needs an extra check on Unix. Other files also contain similar statements, for use by developers, mixed in with the computer code.

Mainsoft said it would co-operate with the inquiry into the source code leak.

Microsoft's Pilla declined to comment on the Mainsoft link, but said the company is not part of Microsoft's Shared Source Initiative.

Experts cautioned not to jump to conclusions and that a mention of Mainsoft in the code does not mean the company is the source of the leak.

"The code could have been edited and it does not prove that they are the leak," said Ken Dunham, director of malicious code at iDefense.

While examining the leaked code, iDefense found that it was likely to have been leaked as early as mid-2001. Somebody subsequently tampered with it before it was spread on the internet and the leak became public last week.

Microsoft  insisted last week that its investigation has shown the code leak was not the result of any breach of its corporate network or internal security, nor is it related to the Shared Source Initiative.

Microsoft has called in the FBI and has warned that its source code is copyright protected and protected as a trade secret.

"As such, it is illegal to post it, make it available to others, download it or use it. Microsoft will take all appropriate legal actions to protect its intellectual property," the company said.

Paul Roberts and Joris Evers write for IDG News Service

Read more on IT risk management