Various media outlets are reporting that the source code for the legacy operating systems Windows XP and Windows Server 2003 have leaked online.
According to reports, the source code for both operating systems is being shared via torrents on file-sharing sites.
And, according to The Verge, it really *is* what it claims to be: Microsoft’s source code for good ol’ Windows XP and Windows Server 2003.
Now the good news is that most organisations aren’t using these operating systems anymore. Microsoft sounded the death knell on Windows XP back in 2014, and stopped releasing security patches.
(To be pedantic, Microsoft stopped releasing Windows XP security patches *until* 2017 when they raced out a fix for the “ETERNALBLUE” exploit that was most infamously used by the WannaCry ransomware. But that was very much an exceptional situation.)
But that’s not to say that Windows XP is entirely dead. For instance, last year the UK Government confirmed that 2,300 NHS computers were still running Windows XP, and no doubt there are other organisations out there working with older computers, running operating systems that are never being patched.
The public release of operating source code potentially opens opportunities for hackers to uncover security holes in the software that they might try to exploit. In some cases these same vulnerabilities *might* still exist in more modern versions of the operating system too.
As ever, my recommendation is to run a modern version of your operating system – whether it is a flavour of Windows or not – and keep it updated with security patches.
There’s an associated danger, however, with the news that Microsoft’s source code has leaked out. Lots of people are probably curious and tempted – using their high speed broadband connections – to download it in all its 42.9 GB glory.
The risk is that high demand could perk the interest of cybercriminals, who might plant poisoned versions of the torrent on file-sharing sites in the hope that users might download it and could accidentally infect themselves with malware.
It would be pretty galling to be hit by cryptomining code or have your files scrambled by ransomware just because you were curious about Microsoft’s source code.
There’s one other word of caution. It is reported that some of the torrents don’t just contain source code, but also material (files and movies) related to nonsensical Bill Gates conspiracy theories:
An odd thing, you might think, for someone to distribute alongside Microsoft’s source code.
Don’t believe everything you read on the internet, and always be cautious about what you choose to download and run on your PC.
h/t Images of torrent contents from @RoninDey on Twitter.
They have been leaked for over a decade. The Pirate Bay. If you ever owned a disk of it, or the ISO from Microsoft, you simply just have to extract it.
Lol iso is not source code. Nice try though.
hahah when you dont know what you talking about, shut up your stupid month
I think someone will make an OS based off of this
For the uneducated, what's the difference between source-code and the disk I get from MS?
It means, the way programmers and software engineers from Microsoft did to create the Windows System or how software its created, its a bunch of instructions in programming language such C and C++ that looks like that:
/* C program for Merge Sort */
#include <stdio.h>
#include <stdlib.h>
// Merges two subarrays of arr[].
// First subarray is arr[l..m]
// Second subarray is arr[m+1..r]
void merge(int arr[], int l, int m, int r)
{
int i, j, k;
int n1 = m – l + 1;
int n2 = r – m;
/* create temp arrays */
int L[n1], R[n2];
/* Copy data to temp arrays L[] and R[] */
for (i = 0; i < n1; i++)
L[i] = arr[l + i];
for (j = 0; j < n2; j++)
R[j] = arr[m + 1 + j];
/* Merge the temp arrays back into arr[l..r]*/
i = 0; // Initial index of first subarray
j = 0; // Initial index of second subarray
k = l; // Initial index of merged subarray
while (i < n1 && j < n2) {
if (L[i] <= R[j]) {
arr[k] = L[i];
i++;
}
else {
arr[k] = R[j];
j++;
}
k++;
}
/* Copy the remaining elements of L[], if there
are any */
while (i < n1) {
arr[k] = L[i];
i++;
k++;
}
/* Copy the remaining elements of R[], if there
are any */
while (j < n2) {
arr[k] = R[j];
j++;
k++;
}
}
/* l is for left index and r is right index of the
sub-array of arr to be sorted */
void mergeSort(int arr[], int l, int r)
{
if (l < r) {
// Same as (l+r)/2, but avoids overflow for
// large l and h
int m = l + (r – l) / 2;
// Sort first and second halves
mergeSort(arr, l, m);
mergeSort(arr, m + 1, r);
merge(arr, l, m, r);
}
}
/* UTILITY FUNCTIONS */
/* Function to print an array */
void printArray(int A[], int size)
{
int i;
for (i = 0; i < size; i++)
printf("%d ", A[i]);
printf("\n");
}
/* Driver program to test above functions */
int main()
{
int arr[] = { 12, 11, 13, 5, 6, 7 };
int arr_size = sizeof(arr) / sizeof(arr[0]);
printf("Given array is \n");
printArray(arr, arr_size);
mergeSort(arr, 0, arr_size – 1);
printf("\nSorted array is \n");
printArray(arr, arr_size);
return 0;
}
@Oliver
Someone feel free to correct me if im wrong but if you think of whats on the Windows disk as a car, then the source code is like the instructions to build the car from scratch.
Sure if you have the car you can try and take it apart and reverse engineer bits and pieces of it if you have the right knowledge and tools.
But its going to be a complex process that consumes a lot of time and resources and likely will never be 100% accurate.
However, if you have the instructions, it takes most of the effort out of it.
You can see exactly how every piece works and modify it all pretty easily.
It also generally makes it way easier to see flaws as you see directly how things operate instead having to play with different inputs and outputs and reading memory etc (Hence the concern when stuff like this is leaked. It just makes the bad guys job that much easier).
Spot on 😉
Well, as someone who is grown up with WINDOWS XP, and pursued a career in software engineering, it would be always interesting to know what kind of peace of code (in general) exist behind all of that fancy stuff in XP, lol