> A Microsoft spokesperson told The Register: "We are investigating and will take appropriate action to help keep customers protected."
Nothing quite like security through obscurity. :)
The source code for Windows XP and other elderly Microsoft operating systems appears to have leaked online as the mega-corp's Ignite developer shindig came to an end. Heck, there's no physical swag for attendees nowadays so how about a big ol' source dump? The source of the alleged code leak is unclear; a torrent for the …
Since XP and Windows 10 share a large common code base this leak might be very helpful to intelligence agencies and hackers hunting zero-days.
Many parts of Windows haven't been touched in ages since things keep being bolted onto the Windows NT codebase. Some parts may even go back to the 1980's, as the Windows Message loop was present in the character-based Windows 1.0.
Intelligence agencies almost certainly have the code already. Even MVPs were given access to a fair bit of the code in years gone by. However, I'd be surprised if much of the code is still present unchanged in Win10. There are two reasons for this.
Firstly, C++ has changed significantly over this period and MSVC has followed those changes. Also, Microsoft's own static checking tools have evolved. I doubt the XP source code would get through the build process today.
Secondly, what the code is trying to do, in terms of protocols like SSL and SMB, also changes if you give them long enough. Even if you set out to be completely backwards compatible, you are going to end up changing pretty much every line of the implementation over a two-decade period because the "same" code has to support the newer protocols and increasingly treat the older protocol as a special case rather than the main event.
There's certainly no way the message pump will have survived from Win1. That was a co-operative multi-tasking system that obsessed over swapping segments in and out of the active stack frame. The "modern" (NT and beyond) message pump divides its responsibilities between the OS/device layer and a delivery layer, where one instance of the delivery layer runs in each UI thread on the system. The latter hasn't changed much in 30 years, but it has had several accessibility and hooking mechanisms added (and removed) over that time, and it also has to co-operate with "new" environments like .NET.
So, no, the worry here for Microsoft is not that anything of value has been leaked, it is that anything at all has leaked. Presumably the XP code is guarded in much the same way that its successors is guarded, so if there is a hole in the wall ...
You say that, but doing a Windows Explorer extensions year ago, the Win2000 source from the TPB helped a lot getting it all working on WinXP and Win7. If you looked at the callstacks from Win7 and Win2000 they were the same bar the very top which had classes called things like async helper. The assembler at the bottom of Win7 looked very much like the compiled Win2000 source. This Windows Explorer had a of Win95/98 references and had at least at one point been to run on Win9x and NT.
In closed source especially, you don't touch old source without good economic reason. Crappy C/C++ it may have been (same WINE code is way better) it worked and had been through a lot of field testing. Didn't see any tests, but maybe there weren't in that leak, or I didn't bump into them. It's a Pandora's box and since it was claimed by some to be written in Win7, but seams very unlikely from what I saw.
Being backward compatibility one strong points of Windows, the fact that ABIs are quite stable is not a surprise - especially it has to be compatible at the binary level since you don't recompiled source code for each release. But the code inside a function can be quite different.
In any large project anyway you can't rewrite old sources every time without a good reason to do so. Even open source projects aren't developed by people paid nothing and with an unlimited number of them.
The Win7 callstack was the same as Win2k including bits not via COM interfaces. The Win7 assembler I looked at was what you expect from the Win2k source. Sure they could of rewritten it to be that similar, but bet they didn't. They just stuck some async stuff in as it sucked on multi core. Why spend the money and risk breaking stuff? Spend money in shiny stuff users notice. It was clear the code had already been through a good few versions of Windows.
Active open source projects gets fiddled with just to make code nicer. Less caring about breaking stuff as it's all also open and can be fixed. (In fact I wish some guys would care more about breaking things...) Also it's to be looked at, so people try not be sloppy.
OLne wonders what the source of this is. Some ex MS employee rediscovered it in a backup of a home computer somewhere? A tech looking at old tapes of stuff and as a Linux fanboi decided to release it?
If it was someone who had acces to current code and a grievance surely they would release that instead?
Yes there will be common code between this and Windows 10, particularly in the aged code around 8 and 16 bit support that is probably still in there. AN perhaps it is time for MS to do a proper clear out of the all the old detrius that even refernces anything less than 32 bit.
A shame really... you can pimp them out pretty well these days. I've got a Master 128 sat in front of me with USB support to run disk images, a 4GB CF IDE flash card, a GOTEK floppy drive emulator (runs images as if they were physical discs), and a RGB->SCART->HDMI box. And a Pi Zero that runs various co-processor images as if they were the real thing.
There's also a bunch of awful conspiracy theory crap, a copy of "Revolution OS", and a bunch of other not-source-code stuff in the archive. Because the windows source is totally related to how covid19 is spread by 5g towers. Or something. Apparently.
....errr... i mean... so I'm told - I'd obviously never download such a thing
If one was downloading the torrent, I'd suggest skipping the 'media' directory.
...hypothetically speaking, of course...
It's not just old games. Some other (albeit obscure) software of the same vintage hasn't been updated for later operating systems so requires XP to run, and also old hardware (and not always obscure either) often doesn't get driver updates for later operating systems. I feel the best course of action with these situations is to ensure that the computers (if physical) are air-gapped and have restricted physical access so that who can do what on them is locked down to essential needs only. Obviously then they are no use for network or internet based usage, but unfortunately any old software or hardware that requires that will just have to be junked if the risks are perceived to be too high to take.
Unfortunately machines that run XP are starting to fail, hard disks are not that hard to replace but if the Bios dies you can kick that machine goodbye.
Virtual XP on Windows 7 pro and Enterprise or a virtual machine of XP in Windows 10 can run it but you do need a powerful machine.
What's that? How to run Virtual XP on Windows 10?
The MS tool to image an XP OS (non-EFI) as a file for a VM on Win10 makes a file that works fine on the stock Linux VM, which seems like a similar application. Worked to image my 2002 to 2016 laptop and run it in the Linux VM. Actually works on an external USB HDD, which is handy.
The prior NT 4-Win2k leak was only partial as far as the Win2k/NT5.0 source tree went. It might make an interesting MSc thesis to track some of that source tree from NT 4.x to NT 5.1.sp1.
And perhaps Microsoft should minimise the potential damage by issuing a statement like the one AT&T's successors eventually released on the Unix Research 8, 9, and 10 source trees:
Alcatel-Lucent USA Inc. (“ALU-USA”), on behalf of itself and Nokia Bell Laboratories agrees, to the extent of its ability to do so, that it will not assert its copyright rights with respect to any non-commercial copying, distribution, performance, display or creation of derivative works of Research Unix®1 Editions 8, 9, and 10.
etc, thus freeing it for security research and general hobbyist experimentation.
I recall a several years ago another tech and I were at a large printer that was being worked on, my co worker stated to the printer tech that the sound pattern the disk was making was the same as his XP system (during reboot), the printer tech confirmed it was XP under the hood. I'd expect there are other XP imbedded systems out there that this source code leak will make more susceptible to exploits.
Use this to add the missing functionality and compatibility so that folks can enjoy the good old days of Office 2003, Media Player Classic, Opera (Presto) and the like with a highly ergonomic and easy-to-understand UI. Why? 4GB of RAM should have been enough. Modern software is not of any higher quality where it really matters - resource efficiency and reliability.
Office 2003 seems to work fine under WINE, which is handier than a VM. Office XP/2002 mysteriously is almost impossible to install on WINE.
4G of RAM? The NT4.0 Enterprise could use more RAM than XP, which was 4G max, and either 2G or 2.5 G for an application depending on BOOT.INI settings. MS disabled PAE.
Then Intel made the Atom, deliberately crippled to 2G of external RAM, so even some win 10 systems were shipped with 32 bit Win10 on 64 bit Atoms.
Biting the hand that feeds IT © 1998–2021