Question on Microsoft Windows Source Code Leak

The Windows source code was put onto the Internet the other day and is apparently bieng used by hackers. My question is if we can expect Microsoft to come out with a patch to protect against this (if this is possible). I checked the windows update page and found nothing new.

You need to download their security-patch patch.

In fairness, Microsoft has good reason to be a little unorganized. First, they inadvertently outsourced their webmaster to Pakistan, rather than India. Also, Microsoft's attorneys got mixed up and blackmailed Microsoft's security department, rather than a public school district.

If all the Windodws XP computers are destroyed, people can always move back to the buggier Windows Millennium.

This is a rather interesting situation. In a good software product knowledge of the source *should* not be of any help for a hacker.
Reality is another matter and the first reports about the sources seem to indicate dire bugs and security issues.

It was Microsoft, who always said that Open Source is a security risk ("Security by obscurity"). I guess the first thing updated will be their marketing campaign.

The poster on full disclosure seems to be a jerk (sorry, but see for yourself), however he has a point. He found a way to create an overflow in IE 5.x and Outlook Express with a manipulated bitmap.

http://lists.netsys.com/pipermail/full-disclosure/2004-February/017364.html


Guess it's true: Windows with a firewall :

On www.zdnet.com/zdnn theere's an article. Somebody said that the whole of Windows source code is close to 40 Gigabytes.

A 220Mb zip file that, when extracted, expands to 660Mb is nothing by comparison.

It's not going to help hackers.

Anything found from the source can't be used in court.

The hackers can't do MS a favor and fix the buggy bloaty code and give it back to them...

This is no different than stealing an encyclopedia and looking up human skeletal structure. (of course, the encyclopedia maker would keep said encyclopedias under strict guard, inaccessible to all...)

Closed source is bollocks anyway. It gives the unscrupuled the means to be as sloppy as they want, with nobody to check up on them.

It's a myth that open source leads to hacker heaven, not when there are controls in place. Otherwise we'd have heard tons of stories from corporate america who rely on Linux and got hacked...