Login:
Password:
Lost Password?
Print this article  |  E-mail this article  |  Comment on this article

Windows Source Leak Traces Back to Mainsoft

By Nate Mook, BetaNews

February 13, 2004, 7:08 AM

EXCLUSIVE BetaNews has learned that Thursday's leak of the Windows 2000 source code originated not from Microsoft, but from long-time Redmond partner Mainsoft.

The leaked code includes 30,915 files and was apparently removed from a Linux computer used by Mainsoft for development purposes. Dated July 25, 2000, the source code represents Windows 2000 Service Pack 1.

Analysis indicates files within the leaked archive are only a subset of the Windows source code, which was licensed to Mainsoft for use in the company's MainWin product. MainWin utilizes the source to create native Unix versions of Windows applications.

Mainsoft says it has incorporated millions of lines of untouched Windows code into MainWin.

Clues to the source code's origin lie in a "core dump" file, which is left by the Linux operating system to record the memory a program is using when it crashes. Further investigation by BetaNews revealed the machine was likely used by Mainsoft's Director of Technology, Eyal Alaluf.

References to MainWin can also be found throughout the leaked source files, which do not compile into a usable form of Windows.

Prior to Microsoft's Shared Source Initiative launched in 2001, Mainsoft, which calls itself "the software porting company," was one of only two partners with access to the Windows source code under Microsoft's Windows Interface Source Environment (WISE) program.

The goal of WISE is to enable developers to write applications using Windows APIs and deploy them on Unix operating systems such as Linux.

Mainsoft extended its WISE agreement with Microsoft in March 2000 to include access to the Windows 2000 source. Microsoft subsequently employed Mainsoft to port Windows Media Player 6.3 and Internet Explorer to Unix.

Although the leak poses a serious threat to Microsoft's intellectual property, its limited scope is sure to help the company alleviate fears of potential disaster. Microsoft has opened an investigation with the FBI and says its internal security in Redmond was not affected.

Because Mainsoft used only select portions of the Windows source for MainWin, Microsoft may find itself more worried about the egg on its face than possible exposure of its flagship operating system; Windows 2000 served as the foundation for Windows XP and Windows Server 2003.

It is not clear at this point how the three and a half year-old source code escaped Mainsoft, but the company said it "will cooperate fully with Microsoft and all authorities in their investigation."

"Mainsoft has been a Microsoft partner since 1994, when we first entered a source code licensing agreement with Microsoft," a Mainsoft spokesperson told BetaNews. "Mainsoft takes Microsoft's and all our customers' security matters seriously, and we recognize the gravity of the situation. We are unable to issue any further statement or answer questions until we have more information."

Eric Steil and David Worthington contributed to this report.

Add a Comment (105 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By brandon079

posted Feb 26, 2004 - 2:08 AM

I was wondering did they stop this leak or is it about to be posted all over the internet? If it's about to be posted, then hackers will know how windows really works. There is going to be millions of lines of code stolen. Microsoft could get screwed like they screwed Macintosh in the early years. But like it happened before, it's for the good of all people. Because I'm sorry but I couldnt see myself ever using a macintosh exept for there few benifits, I.E. Graphics. But Dispite all of this, if the code is contolled, where did they find this code? Who or how many got a hold of this?

Score: 0

By Matt Groening

edited Mar 14, 2006 - 7:57 AM

I guess this would be a good place to show off my site since i already commented http://R.unKill.org

Score: 0

By BetaNews

posted Apr 24, 2004 - 1:52 AM

Hackers or gay

Score: 0

By boboki

posted Feb 21, 2004 - 10:50 PM

I am amazed that this is a argument thread.
The article is about windows source code leaked, and the thread is M$ vs. L|nux.
You guys are basically throwing snowballs. Hardcore linux guys are too bullheaded to ever admit that thier os is anything but superior to M$ in every way. Hardcore M$ people think the same.

M$ has the user and program base. They have a better desktop platform enviroment. Linux guys, stop all your b****ing and moaning and crying. M$ is still better as a standard desktop. Its user friendly, quick, and have a pletora or software avaliable. Linux GUI IS VERY SLOW and pretty ugly. Its not user friendly. Desktop enviorment is GUI btw... so all of you whiny linux b****es stfu. I don't care if you prefer a shell over a gui... YOU are not the majority.

Server side, linux outperforms windows in a lot of areas. However, linux again, is much harder to setup, and much slower to learn. Granted, done correctly, its faster, more secure, and more stable... But the beauty of windows and why it takes more popularity is that any jackass can grab a windows server and just by reading help files for 5-10 minutes get a working domain controller with dns and dhcp running. heh, samba is just a TAD harder to just pick up and make work.

What does all this mean? Sounds like I am saying windows is better than linux. Of course, if you actually read this far (linux guys only.. M$ people read everything looking for "features") than let me say that I prefer linux for server and windows for desktop.
I will be converting my Windows 2003 domain controller over soon to probably gentoo and doing a stage 1 build. I have found replacements for all my programs and services I ran in windows, but it was not easy. Yeah, linux has a bunch of really great programs, but they don't do anything SPECIAL.
I was really surprised how hard it was to find a simple bandwidth throttler for realtime throttle (not time based) on a site by site basis at the nic level for apache... whereas IIS has it built in.
Linux takes LONGER. Plain and simple. Like anything GOOD in life, there is more work involved, more learning, more searching, writing your own code. Overall its a better product when YOU want to control what YOU have.
Problem none of you seem to get, is that YOU are not the majority. Everyone else wants a easy to use up and running system NOW with minimal work to get it going and to use it. Linux is FAR from that stage, and I really hope it never gets there. I don't want AOL linux... so user friendly, I can't.

On a security basis... I will just say you are ALL wrong and ALL right.
Windows is insecure. Linux is insecure.
Anyone that says they ARE secure or can be made secure easily, IS PLAIN OUT WRONG. Too many backdoors and exploits are avaliable for BOTH systems for ANY of you to even start to say one is more secure than the other. If there is a hole, your not secure... and there are holes in both. It doesn't matter who has more holes, YOU ARE INSECURE.
On that I would like to point out that last year M$ only had 32 exploited exploits, Linux had over 140. What does that mean? It means that microsoft is catching more and more exploits themselves.
Linux has long been said to be the "godsend" of security, and its pretty good, but now that it is starting to become more mainstream, all those exploits that are not supposed to exist, and starting to exist. Linux is now in the same place microsoft was 6 years ago, just finding out how unsecure they really are. In linuxs credit, they are by far PWING microsofts security 6 years ago.
IE:
Linux now is like microsoft 6 years ago and as secure NOW than M$ is NOW. If that doesn't make sense.. oh well, its a complement to linux, but still a problem.

All in all, windows and linux both have too many problems for you guys to waste your time on argueing which is better. As it stands, they are both swiss cheese, and both have thier nitch.
I think someone would be SMART to not try and make thier program something that it is not.

Microsoft should not make its ferarri a truck, and linux should not make its armoured car a roadster.

Score: 0

By wnowak1

posted Feb 23, 2004 - 3:08 AM

Hi,
Some of the debates weren't so general.
You will find below arguments about viruses. Windows is the flagship OS for virus creators and it isn't because its the most popular. As you have stated, Linux is getting to be exploited more and more, but not with worms or viruses. Two main reasons for this is 1, the architecture of the operating system, (user permissions, etc), and 2, NO REGISTRY :).

On windows you have very clever viruses/worms, etc that diguise them selves as system processes, starting up w/ windows, hiding in the registry, and not being able to be terminated by a user ending the process.

In linux or any unix operating system for that matter, regular users can't execute apps that affect the system. (i.e you can't dos attack w/ ping as a simple example) Only root has permission to do this. Even if you execute something like this as root and try to infect another PC, it gets real difficult because a root user can kill a process very easily. It is easier to identify processes that are virus/worm related. Also, VERY EASY to delete something like that.

If you want security, then the BSD family is your choice.

Score: 0

By ingmars

posted Feb 22, 2004 - 1:53 PM

Hi Boboki,

I see that you try to be objective about the different OSs, however I'd like to add some points:

- Linux is more trustable
Since you have the source code, you can always look for backdors or anything like that by yourself. In contrast to that, Microsoft sotware can basically not be searched for hidden activities like that. You remember the thing about the NSA Key in Windows that enabled the possessor of this master key to decrypt anything crypted with the Windows crypting API? I think it was the CCC that discovered this.
This point is especially important for institutions like governments, police, etc. but also big companies do value this.

I'd also like to comment on your statement Linux be "much slower to learn" than Windows.
A time ago I have read a study about a comparision between a Desktop Linux distribution and Windows for absolute computer newbies, people who were not in contact with a computer before. The interesting thing about it was that, to my surprise, Linux (with KDE) turned out to be easier to learn than Windows.
Well, I know there are as much studies proving the opposit, but I think this one might really have some truth in it.
But to be honest, I think it's necessary to add that almost all people using a computer have expiriences with Windows, so they can self-evidently work more productively with Windows, cause they already know how things work. I just want to point out: The usability of Linux is not (much) worse than Windows' for newbie users that never used Windows.

Onother thing you said was: "Everyone else wants a easy to use up and running system NOW with minimal work to get it going and to use it"
One thing you forgot is "at minimal costs".
And that is what Linux is especially good at, since it's free (http://linuxiso.org/).
If it weren't possible to use Windows illegally without paying for it (by means of Warez etc), Linux would even be more popular.

Score: 0

By ravuri_ravi

posted Feb 19, 2004 - 1:47 AM

hey, i am new to betanews. i am enjouing and getting knowledge through your comments. Thanks.

Score: 0

By ioillusion

posted Feb 18, 2004 - 7:15 PM

If both of these operating systems were open source, I believe Windows would have some advantages over Linux. There are a few things I favor about the Windows operating system; 1) You can commercially redistribute software easily, 2) Software development can be accomplished faster with MS development products (this is essential in my line of work, companies need software written in the same day), 3) There are more commercial software packages available on the Windows platform. 4) The file system and hardware management is easier to administer.
I don't like however, the lack of open source products and projects available for Windows.

Score: 0

By ingmars

posted Feb 21, 2004 - 11:46 AM

> 1) You can commercially redistribute software easily,

Pardon? You can do it just as well under Linux!

> 2) Software development can be accomplished faster
> with MS development products (this is essential in
> my line of work, companies need software written in the same day),

You didn't ever do software development on Linux, did you?

> 3) There are more commercial software packages available on the Windows platform.

True.
But you need to be a bit more idealistic about this: What if more and more people started to use Linux?
Yes, right, the software companies would start making Linux software.

Hey, the world has to wake up!

So only if the market is big enough, the companies start caring about it.
That's why I don't help my colleagues with Windows problems anymore, I only do Linux support. Well, some of them use Linux exclusively now.

> 4) The file system and hardware management is easier to administer.

File system is easier to administer? I don't think so. Please base your statements on valid arguments!

Windows has easier hardware management... True. But only because the hardware companies are not yet shipping Linux drivers along with their products.

bye
Ingmar

Score: 0

By wnowak1

posted Feb 19, 2004 - 9:59 AM

My personal preference for developing (in my case mainly php and C) is under linux.

I like the bash shell alot. Windows' CMD is crap. I don't like using IDE's either.

Score: 0

By theye

posted Feb 16, 2004 - 4:37 PM

Congratulations Betanews and Nate Mook for being mentioned in an article on cnn.com. "Profanity, partner's name hidden in leaked Microsoft code".

Score: 0

By Herby

posted Feb 16, 2004 - 4:27 AM

In reply to Mr normangerman. Linux is not so great for a Desktop system. Microsoft has brilliant product, but when it comes to licences it sucks. Do you think US military uses Microsoft systems to control their smart bombs...? NOT!

Score: 0

By rjdohnert

posted Feb 13, 2004 - 2:06 PM

Has Microsoft looked to see if maybe someone in Mainsoft did this intentionally?

Score: 0

By dzjepp

posted Feb 13, 2004 - 10:54 AM

People have confirmed that it is about 300mb unzipped. While the full source-code is like 40gb. So it is not the full source by any stretch of the imagination.

Score: 0

By fewt

posted Feb 13, 2004 - 12:04 PM

It is not possible that the actual full source code is that large. If it were, the base OS would require 30 DVD's to install since source code is TEXT. Maybe their entire repository of versions of source, with all necessities to build a complete OS is that large, but I would guess that a source snapshot based on 35 million lines of code not exceeding 80 characters per line would be roughly 2-2.5GB of text which should compress to about 240MB.

Score: 0

By wnowak1

posted Feb 16, 2004 - 5:07 PM

its more like 627 mb uncompressed 28782 files and compressed is 203 mb.

Score: 0

By fewt

posted Feb 16, 2004 - 5:37 PM

Was just a guess. :-)

Score: 0

By wnowak1

posted Feb 17, 2004 - 12:20 AM

heh, you were close on the compression side :)

Score: 0

By fewt

posted Feb 13, 2004 - 12:05 PM

Also note I would guess that at least 10% of those 35+ million lines are likely 1-4 tabs and a } lol

Score: 0

By wnowak1

posted Feb 16, 2004 - 5:08 PM

/*
* dont forget
* the
* comments
* :)

Score: 0

By w2tndsrc

posted Feb 19, 2004 - 4:28 PM

Hi, can you give me u e-mail, pls

Score: 0

By wnowak1

posted Feb 19, 2004 - 5:49 PM

Hi,
what do you want my email for?

Say whatever you have to say here :)

Score: 0

By w2tndsrc

posted Feb 20, 2004 - 2:20 AM

maybe u now where I can download this source ???

Score: 0

By wnowak1

posted Feb 20, 2004 - 4:55 PM

lol

and what are you going to do with it when you get it? Probably nothing since you have to ask where to get it. The people that are going to do something with it already have it.

Score: 0

By ingmars

posted Feb 13, 2004 - 8:24 AM

Not only because of this, but because of a whole lot of reasons I have finally come to the decisision to install Linux as the only operating systems on my PC, as well as on the PC of my father.
I think the time is due for an operating system change.

Score: 0

By ioillusion

posted Feb 18, 2004 - 7:24 PM

I would like to know how many of the die hard linux people are posting to this form from a Windows system.

Score: 0

By jdube

posted Feb 15, 2004 - 1:08 AM

Well, I looked at Linux; I even built a machine just for it so I oculd learn it. But I have been raised on Windows. I was learned NetAdmin stuff when DOS 6.22/Win 3.11 FWG and Novell Netware 3.12 comprised a school network. And I have grown with Windows since then, starting with NT 4.0 and all the way up to server 2003. I currently own a consulting firm/store where we specialize in Windows service. I and my 3 employess are all at least 2000 certified. I have not done my XP certification yet as business has been slow and costs an awefull lot. But anyways, we run a network (obviously) comprised of a 2003 Standard Edition server and 8 XP Professional clients. I have thus far been lucky and had no major security issues. But the crux of what I was talking abotu initially, I was thinking of converting the desktops to Linux, and maybe the server. But I do have ALOT of Windows based software that is proprietary. I had trouble getting Wine to work for me, and Office Crossover wouldn't setup menus correctly, and when it did, about 75% of the software I had to run didn't work correctly. The other issue I had was cross compatability with Windows. I was trying to get Lycrois Desktop/LX Update 3 to authenticate to the Windows Server and had no luck (even following a tutorial on how to do it). So here's my dilema: I have 4 machines setup for Linux use right now, I want 1 as a server and 3 clients, BUT I want to be able to authenticate to both the Windows and the Linux servers... if anyone can show me how or point me at a tutorial I would love it!

Thanks,
Justin

Score: 0

By slentz

posted Feb 19, 2004 - 10:10 AM

I you need linux to login to windows domain use Services for Unix from Microsoft. It is free!!! I used a the domain server and setsup the NIS server on the windows server using the domain server for users and passwords.

Score: 0

By wnowak1

posted Feb 16, 2004 - 5:14 PM

my suggestion to you is if you're going to learn linux, learn it the right way. Avoid lycoris and the like since those are not "true" linuxes. If you need GUI^1000 then stick w/ windows.

My recommendation is to use slackware since it is the most unix-like O.S. They use the kernels released on kernel.org and use standards. Other distros (redhat) nibble things from development kernels and patch into stable kernels causing havoc later.

debian is good too better than most actually.

And lets not forget FreeBSD

Score: 0

By threedaysdwn

posted Feb 13, 2004 - 9:49 AM

You're worried about security, and you're going to install Linux?
ROFL

Seriously dude. Linux is the swiss-cheese of OS security.

NT and BSD are orders of magnitude more reliable.

Score: 0

By Crusader01A

posted Feb 15, 2004 - 6:17 AM

>You're worried about security, and you're going to install >Linux?
>ROFL

>Seriously dude. Linux is the swiss-cheese of OS security.

>NT and BSD are orders of magnitude more reliable.

Man what PLANET are you from!!!!
What ever you are smoking I want some.

Score: 0

By FailedCRC

posted Feb 14, 2004 - 12:42 PM

seriously dude, don't spout rubbish. they're each as secure as the user.

Score: 0

By Crusader01A

posted Feb 15, 2004 - 6:22 AM

>seriously dude, don't spout rubbish. they're each as secure >as the user.

Just a few days ago i installed a win 2000 box for a customer plain win 2000 all updates NOTHING non mickey $haft.

Ran a reg program on it had 220 reg errors on fresh install.
Then did a virus scan found a virus had also come with the package as a feature, I then checked for key loggers and such sure enough I found 5 all from the mickey $haft fresh install.

Could NOT follow it so did exact same install on a toitally different machine same exact results.

This is a secure system????

Score: 0

By Niro

posted Feb 16, 2004 - 1:37 PM

LOL...yea ok...maybe it's time to stop downloading your OS from newsgroups and actually go buy it...or a more reliable w@r3z release.
LOL...you out of the millions who installed it found a virus and a 5 key capture programs in "official" MS software....yea ok, nice try.

Score: 0

By unoengborg

posted Feb 13, 2004 - 3:29 PM

It was a long time since I used BSD so I'm not up to speed on what security features it offers nowdays. But if you think windows NT/2k and to some extent windows XP is a clearly worse choise than Linux.

In the latest Linux kernel you can have can have things like mandatory access control, as well as security level based controls. You know the stuff you always see in science fiction movies where the computer tells the godlike hero hacker "You are now at level 1".

This kind of security means that if one service is compromized, only files needed by that service is at risk
e.g. if your apache web server was hit by a worm, only files that apache was allowed to write to could be changed. And of course a good admin would probably not allow apache to write to that many files.

There is no way to escalate security, as the concept of a root user having full access to everything no longer applies.

Score: 0

By al451

posted Feb 13, 2004 - 3:27 PM

BSD, yes, OK. NT? NT?? NT?????
HAHAHAHAHAHAHAHAHAHAHA!

Score: 0

By swiftnet

posted Feb 13, 2004 - 1:50 PM

Ignorance is bliss...

The Windows code was leaked out by someone with access to the machine and root privileges. It was a log file, ya' know those silly little things we administrators use on every OS. Logs contain sensitive info, so you must be root to access them.

Comparing security of a windows box to a linux box is difficult. A Windows box comes with next to nothing, a Linux Distro comes with 100's (or thousands) of applications. The Linux security alerts are for the various packages and rarely the kernel. Windows has dozens of security alerts on Windows alone. Loadup your Windows box with 100's of apps and you'll have a garage door size opening of security flaws.
If you strip a linux distro down to the same amount of apps as a standard Windows install, you'll have very few security alerts.
By design, Windows is a security nightmare, scan your system for viruses and spyware - you'll probably find something. I gave up on MS in late 2000. MS has 87000+ viruses because it is so easy to infect. To illustrate the ease of damaging Windows - write a batch file to delete a directory with no prompts, drop it into the Windows directory. Write yourself an email that will execute that file when you click on the link. That little batch file will not be detected by AV or Spyware, yet can totally screw your system. All these steps can be easily automated.

Try the same in *nix and it won't work, unless you do everything as root, in which case you should go back pencil and paper.

IE on Unix is a waste of time, FireFox is better than IE in performance, security and stability, even on Windows. Konqueror is similar to IE only becuase they are both browsers. IE is a security nightmare, other browsers are not nearly as susceptible. Next version of Windows will be amazing, according to MS. Longhorn will be Secure and change the way we use computers. I've heard this in 1994, 1999, 2001, and now in 2004. I don't believe MS anymore.

Score: 0

By wnowak1

posted Feb 16, 2004 - 5:19 PM

"Comparing security of a windows box to a linux box is difficult."

You can start by saying that Linux doesn't active x problems, no spyware, adware, keyloggers, worms, and millions of viruses.

Score: 0

By Acidfx

posted Feb 14, 2004 - 12:54 PM

You say windows has x amount of viruses because it is so easy to infect... hahahahahahaahahahaha... do you really think that's why most viruses are for windows.... come on buddy... think for 1 second.... if you were a virus programmer and wanted to infect the most ammount of computers possible... would you go with linux or windows??? WINDOWS of course!!! 95% of the world runs under Microsoft..... so therefore that is why a smart virus programmer would target windows!....

Score: 0

By bdesth

posted Feb 14, 2004 - 4:13 PM

Pardon ? "95% of the world runs under Microsoft." ? Chapter and verse, please !

95% of *home* and small office computers runs MS Windows. That's not 95% of the computer in the world.

Please stop saying stupidities. Virus writers mainly target Windows because
1/ it's the worst swiss-cheese OS in the world AND
2/ there are a lot of Windows user AND
3/ a whole lot of them are clueless enough to run potentially dangerous things on their computers (don't blame or flame them for it, they usually have to *work* with this pitiful OS without knowing anything about computers...).

Score: 0

By Acidfx

posted Feb 16, 2004 - 11:00 AM

hahahahahahaha... yes ...95% of home computers... which is where viruses can be major problems and distributors...

that 95% really pissed you off didn't it? ... hahaha.. you just disregarded the rest of my whole message.... windows machines where stupid people can pass on viruses are far more predominant!! I couldn't care less what you think... it's fact... it is much rarer that a person is going to be using a Linux box and not realize that a virus is in their email box and send it to all their friends... or whatever...

the fact is virus writers WRITE VIRUES because WINDOWS is EVERYWHERE...

oh just for your knowledge..
OS with the most exploits= Linux (sure the whole argument of more services running plays a factor..)
OS that gets the biggest hype if Exploit found= Windows (Microsoft).. because there machines are far more predominant in the world!!!

Score: 0

By wnowak1

posted Feb 16, 2004 - 5:24 PM

hey einstein, to have a virus cause havoc on a linux machine, it has to be exectued by a user with root permissions. Unless you're an idiot, you do not work under root. SO HENCE, writing a virus for linux is inpractical and difficult.

Score: 0

By wnowak1

posted Feb 20, 2004 - 8:44 PM

also. In linux you have daemons,services and a clear list of everything running. I haven't seen and probably won't see a virus that attaches itself to the system at startup and disguise itself from the root in a way viruses do in windows.

Score: 0

By Baggio

posted Feb 16, 2004 - 2:19 AM

I don't know that we're going to agree to any of this, but let examine your claims. I can't go head-to-head with you on item 1, because you have your beliefs and I have mine. You can make Windows every bit as secure as alternative OS's, and the SID based rights makes more sense than the group based rights on a *nix platform.

On item 2, there are a lot of Windows users... no arguement.

On item 3, a whole lot of them are clueless enough to run potentially dangerous things on their computers... again, no arguement.

However, items 2 and 3 by themselves do not support the claim that Windows is any less secure. If the table was turned, and conditions 2 and 3 were met for the Linux platform, virus writters would be targeting that platform. Security has little to do with it at all. The most prevalent viruses now days are social viruses. Stupid people doing stupid things. They show up on the Windows platform only because of the shear numbers.

Score: 0

By rizla99

posted Feb 13, 2004 - 4:36 PM

All i can say without falling over laughing at your lame a** comments is - root administrator same diff. However if you want to start the delete directories game: Try it under a non ninety s***e version of windows, what you say won't work as fully as you think. However on your loverly Linux box logged in as equivalent to Administrator (root) cd / rm -rf * - LOL like to see you recover from that
;-)

Its horses for courses. I have four windows box and four linux boxes - i like em both and hate them them both for different reasons.

Do yourselves a favour if you have to log onto a computer be it windows or Linux or BSD or Whatever don't logon as the superuser. Its kinda key to it all.

Score: 0

By flamoid

posted Feb 14, 2004 - 3:06 AM

you calling yourself an admin? ... I got bunch of Linux machines under my control and I can assure you that "rm -rf *" on "/" will do nothing on each of them. Hell, root can't even change passwd/shadow/group directly ... has only read access to system binaries and the list would follow ... get yourself some books and start learning finaly ... you ain't anywhere close to being an admin son ... it's YOUR lame a** comments that actually make someone laugh dude ... your type of "admin" is the threat to Linux based servers ... just to give you a quick hint, start looking for ACL/RC/MAC stuff on Linux ... you'll be blown away what this can do ... and if you find yourself lost in understanding the mentioned, then I suggest you stick with your "Blue Death" boxes ...

it really is a waste of time talking here ...

Score: 0

By Baggio

posted Feb 13, 2004 - 3:28 PM

...and yet ignorant you remain...

Score: 0

By flamoid

posted Feb 13, 2004 - 12:52 PM

LOL ... dude .. Linux is what you make it ... ever heard of OpenWall, PaX, LIDS, RSBAC, MEDUSA, ACL, MAC, RC, CAP and tons of other security tools ? guess not ... NT and security ? come on ;)

Score: 0

By fewt

posted Feb 13, 2004 - 10:33 AM

"Seriously dude. Linux is the swiss-cheese of OS security."

LOL! That was good, I needed a laugh this morn.

Thanks!

Score: 0

By Nytol

posted Feb 13, 2004 - 9:29 AM

ingmars you Fool. This leak occured because someone obviously broke into a Linux Operating System using some unknown Vulnerability in Linux. Did you read the article!

Score: 0

By threedaysdwn

posted Feb 13, 2004 - 9:47 AM

That was the first thing I thought when reading this article :P

Score: 0

By fewt

posted Feb 13, 2004 - 10:35 AM

Somebody obviously worked on a team that had access to that system, or the system was managed by someone that didn't know how to do their job. Why don't we wait before the facts before we start playing the blame game.

Score: 0

By SystemX

posted Feb 13, 2004 - 8:54 AM

Well enjoy the benefits of no top online gaming, Vi and unzipping tar's then.

ps I love linux but the above is true.

Score: 0

By Crusader01A

posted Feb 15, 2004 - 6:32 AM

>Well enjoy the benefits of no top online gaming, Vi and >unzipping tar's then.

You'd waste a linux box for games?

Why??

Use a whimp-doze box for games.
Save the Linux box for REAL stuff.

Score: 0

By scott_R

posted Feb 13, 2004 - 11:17 AM

>>Well enjoy the benefits of no top online gaming, Vi and unzipping tar's then.

>>ps I love linux but the above is true.

Linux does fine with the "top" online games. It's the lower budget ones where there's less incentive/resources to port that Linux suffers with. The "popular this month" games mostly, which you can agree is a different breed.

Also, there's nothing wrong with vi, it's just a little disconcerting to people that are used to Windows. That said, there are plenty of wysiwyg editors for Linux. Gedit probsbly isn't the best example, but it's a lot better than Notepad (what isn't?).

You can always unzip tars if you feel like it, but there are plenty of GUI's for that as well. The "problem" with Linux isn't that it's limited, like you imply. The problem is, there is often so much software included in a typical distribution that people tend to feel overwhelmed. In windows, you get one editor, and you'd better like it or download another one. In Linux, your distro might come with a dozen of them, ranging from too simple, to the monsters like emacs.

Same with the security problem. "Swiss cheese" is appropriate, if you take the numbers as a reflection of Linux's overall security. There are dozens of security alerts a day.

However, when taken in context, it's not nearly as bad as Windows. First, you have to remove the alerts that are duplicates. Redhat and Suse, for example, might issue an alert for the same piece of software. That's not two bugs, that's two alerts from two different companies, about the same bug.

Second, there is a lot of software that, like I stated above, duplicates the efforts of others. If vi has an exploit, and emacs has an exploit, that doesn't make your system twice as insecure, as you'll typically prefer one over the other. Unlike a lot of "integrated" windows programs, there's no code lurking in the bckground, just because the program is on your hard drive.

Lastly, read articles like this properly. There is no indication that the Linux machine was compromised, as has been suggested. There is a core dump file, which is to be expected when trying to find ways to get Unix/Windows to work together, which is Mainsoft's line of business. However, given the duties of this machine, why would it be connected to the internet, or even a main network?

It wouldn't be. A problem in this machine could screw up the routing on the branch, and interfere with other things as well. Less likely, but possible, a bug or inadvertant virus could spread all over the place if it were. No, this machine would likely be on an isolated network, probably at MS's behest as well, considering their code is on it.

So, my guess is that somebody was busy sharing the code for whatever reason, or that the person developing the software took some work home with them, and stuck it on their home PC. The core dump might be a telling sign that somebody just did a quick backup of files, not really checking to see what they got. This, along with the networking question, puts the security breach right in the hands of very few people, and the chunk of code in question should make it easy to figure out who's responsible.

Score: 0

By npl

posted Feb 13, 2004 - 7:23 PM

> In windows, you get one editor, and you'd better like it or download another one. In Linux, your distro might come with a dozen of them, ranging from too simple, to the monsters like emacs.

Have you actually counted the editors that come with an out-of-the-box install of Windows2k/XP?

Score: 0

By scott_R

posted Feb 14, 2004 - 7:04 PM

Honestly, no. How many are there, and how do they compare to other free ones?

Score: 0

By NULLedge

posted Feb 17, 2004 - 3:49 AM

dos' edit, notepad, wordpad? i count three i guess. do i get a prize?

Score: 0

By fewt

posted Feb 17, 2004 - 11:41 AM

You missed copy con: and edlin, so I'll gladly take it in your place. :-P lol

Score: 0

By scott_R

posted Feb 18, 2004 - 3:11 PM

You have to be truely determined to use copy con: and edlin as editors (or have the ultimate in crippled systems). :)

As for notepad, dos edit, and wordpad, I was thinking about those as I wrote my post, but as they all offer pretty much the same lack of options, I didn't bother to list them. I'm a little disappointed by the responses, I was hoping (from npl's post) that MS had finally broken down and tossed in something better.

As a final note on vi, as long as you take a couple minutes (if that) to learn how to open, close, save, and quit, the rest is just icing on the cake. vi includes a tutorial, and sometimes people see all the options available and are overwhelmed by them, instead of seeing them in the proper light.

Score: 0

By fewt

posted Feb 18, 2004 - 3:49 PM

copy con: and edlin were the only dos editors back in my day.. (lol)

Score: 0

By errderr

posted Feb 13, 2004 - 9:14 AM

I guess I'll have to throw away all my copies of Quake III and the various Unreal Tournaments I own. They all seem to include Linux installers, but according to you, I'm imagining things.

Score: 0

By Baggio

posted Feb 13, 2004 - 3:25 PM

If that's what you want to play... that isn't a very convincing arguement for me. Besides Loki realy convinced me that linux gaming is a real and profitable venture... *rolleyes*

Score: 0

By errderr

posted Feb 13, 2004 - 5:27 PM

In fact, that is all I play. Which was why I commented. And those games are among the most popular. And in case you hadn't noticed, despite the fact that Loki went belly-up, Linux installers are still being created. Interesting how your jibe has a tinge of jive, isn't it? Maybe you should roll your little ol' eyes back and do a little homework.

Score: 0

By Baggio

posted Feb 16, 2004 - 3:10 AM

Just because Linux installers are being created doesn't put Linux gaming on the same footing. Linux is in catch-up mode. SDL for instance, while getting better, is still not a match for DirectX development.

NPD Techworld seems to be the source for POS sales tracking and their press releases are regarded as the word on game sales. I found the press release on gamerspulse (http://www.gamerspulse.c...le=article&sid=4127), but I've also seen it quoted on IGN and other gaming sites. For the week ending Jan. 24, 2004 the following were the top selling PC games:

1 Call Of Duty - Activision $45
2 MS Age Of Mythology - Microsoft $34
3 The Sims Deluxe - Electronic Arts $18
4 The Sims: Makin' Magic Expansion Pack - Electronic Arts $30
5 MS Zoo Tycoon: Complete Collection - Microsoft $28
6 The Sims Double Deluxe - Electronic Arts $38
7 The Sims: Unleashed Expansion Pack - Electronic Arts $28
8 The Sims: Vacation Expansion Pack - Electronic Arts $18
9 MS Flight Simulator 2004: Century Of Flight - Microsoft $51
10 Lord of the Rings: Return Of The King - Electronic Arts $24

As it would turn out, although you may like those games that you play, they aren't the top selling games. How many of these also play on Linux?

1 Call of Duty has linux server binaries
2 MS Age of Mythology... ha! I'm not even going to do a search. :)
3-4 Sims, I saw the Sims for sale at a lot of Linux sites, but checking the system requirements on EA's website specifically says it needs Windows. Is a Linux version distributed under a different publisher?
5 MS Zoo Tycoon. Nope
6-8 Sims again... I didn't look all these up, but I suspect they have the same fate as 3 and 4
9 MS Flight Simulator 2004. Nada
10 Lord of the Rings: Return Of The King, again, according to EA's website, this is Windows only.

Based on what I could actually verify, Linux is not anything close to a gaming platform.

Score: 0

By errderr

posted Feb 16, 2004 - 10:20 AM

I never claimed they were on the same footing. I was merely pointing out that to say there is no gaming is unfair. But to be honest, Unreal Tournament actually plays better for me under Linux than it does Windows.

Most of the games you listed are much newer than the ones I listed. The ones I listed were also at the top of the charts at one time. It doesn't mean they aren't still popular, though. It's only natural that once a game's been out for a period of time, the majority of people who are going to buy it have already gotten it.

FYI, Mandrake has a Linux gaming distribution that plays the Sims games, so going by your list, a good handful are actually available.

Score: 0

By errderr

posted Feb 16, 2004 - 10:23 AM

I meant to add this to the last paragraph...

I don't believe the Sims that's available with Mandrake is anything native. I think it uses WineX to run, but it runs well from what I understand. I'm not into the Sims, so I haven't kept up with that. Perhaps it's available for more Linux distributions at this point.

Score: 0

By Chilling_Silence

posted Feb 13, 2004 - 7:51 AM

Microsoft subsequently employed Mainsoft to port Windows Media Player 6.3 and Internet Explorer to Unix

Why the hell would you want that? Thats just stupid! There are perfectly good Native browsers to Unix without bringing the IE bugs along...

Score: 0

By threedaysdwn

posted Feb 13, 2004 - 9:47 AM

Funny. I thought the most popular Linux browser was the self-proclaimed IE clone, Konqueror.

Don't you think that's funny?

Score: 0

By espectro

posted Feb 13, 2004 - 11:50 AM

Learn your facts before making a fool of yourself pal

First, the most popular browser on linux is mozilla.
Second, Konqueror isn't a "self-proclaimed ie clone"

Score: 0

By radiophonic

posted Feb 13, 2004 - 10:30 AM

There is certainly no need for IE to be ported to a Linux/Unix platform. It is more than likely hearsay as it would not benefit Microsoft in any.

As far as Konqueror being a clone of IE; this is incorrect. The differences between the browsers are substantial. The KDE browser is based on Mozilla's codebase and rendering engine. It allows you to browse in tabbed windows instead of having multiple windows. It also has numerous privacy options that IE does not have, eg. popup blocking (I havent seen a popup add in over a year), finer tuned control of cookies and images and, better control of sessions. These things make this for a much more pleasent experience on the web. Try for yourself, pick up a copy of Mozilla.

As far as this being a security exploit in an OS that's "riddled with holes", your argument is ambiguous. Who makes the system insecure? Right, the administrator. Which systems are insecure? Typically, default installations of Windows, -some- Linux distros, *BSD or, even Mac OS. The list goes on. No one OS is more secure than the other, however, if you're looking at statistical breakdowns, Windows is the swiss-cheese of OS's.

It's all egg on the face of the person who's job it is to secure the machine. To argue who's OS is better is a bit like chasing your tail.

Score: 0

By MacOSXAddict

posted Feb 13, 2004 - 1:01 PM

Actually you are incorect in your assesment of BSD and MacOSX,. Both are very secure in comparison to the others you mention in their basic vanilla installed state. It is when you go into the OS and start opening thigs up that are the problems. Speaking for Mac OSX there have been only a handfull of "Security" patches this year, compared to the uncountable amount for windows. It is that fact that has Micro$oft trying to get to a point where they only relese updates once a month, that way they can push false numbers to the general public about How Often and How Many patches in a year...

Bob

Score: 0

By jhboricua

posted Feb 13, 2004 - 11:14 AM

Please get your facts right. Konqueror is NOT based on Mozilla code at all and its rendering engine is not based on the gecko engine by Mozilla either but on KDE's team own khtml engine. It renders pages way faster than Mozilla's gecko engine but it is still not totally W3C compliant on some areas. This is the same rendering engine Apple picked for its Safari browser.

Score: 0

By DrPizza

posted Feb 13, 2004 - 11:04 AM

Um, IE 4.x and 5.x were available for Solaris (and HPUX IIRC) for a number of years. MS no longer distribute it, but a reference to it can be found here: http://www.microsoft.com/unix/ie/default.asp

Score: 0

By Ripme

posted Feb 13, 2004 - 2:44 PM

First let me just state that the only reason why Microsoft OS seems so damm vulnerable is because its so popular. Lets face it when there's a will there's a way. Assuming if microsoft does goes down and Linux becomes popular I can almost bet you all you Linux fans would be whining how vulnerable Linux is once these crackers start tearing it up. Nobody cares about Linux, it is a third rate operating system. Even Panther is more popular than this Windows wannabe as even Apple had to update its operating system because of vulnerabilities. I would rather have Windows than Linux because as confident as you Linux users are Linux is not invincible, I guarantee you none of them would know who to handle a worm or vulnerability.

Score: 0

By knightmare

posted Feb 14, 2004 - 8:54 PM

"I guarantee you none of them would know who to handle a worm or vulnerability."

Ripme...

We would fix it, ya dope.

Score: 0

By oululife

posted Feb 13, 2004 - 3:34 PM

Good point.
Third rate OS is Linux, indeed?
Well I like Windows, but prefer Linux.
Linux does what I want. More importantly, it does no more than I want.
No popups
No spyware
No adware
And, to me the most important. I don't have to accept in an EULA that I can have my OS 'improved' whenever Microsoft sees fit to cover the laws of a country 8,000Km away, in whose political function I have no say.

Browsing with konqueror on SuSE 9 professional. Connedt by WiFi. What's the problem?

Score: 0

By Baggio

posted Feb 16, 2004 - 3:16 AM

I like how you just argued for Microsoft's case of the Browser is the OS... :)

There is more to the OS than the browser; in Microsoft's case, it is how you access everything from files to webpages, but that only constitutes shell aspects. It's like saying your OS is KDE, Gnome, or even WindowMaker.

Score: 0

By Baggio

posted Feb 16, 2004 - 3:27 AM

I just realized the subject line was why you were making the comments you did, so I'll retract my comment. :)

To the issue of "Why would you want IE on Linux?", I think it goes back to standardizing. IE can't be changed to be more compliant without breaking web pages that are already out there. Browsers written for *nix don't render the same way as IE. The solution is then to port IE over. The pages may not be strictly W3C compliant, but they would render the same on Windows as they would on the other systems.

Score: 0

By Ripme

posted Feb 13, 2004 - 2:44 PM

First let me just state that the only reason why Microsoft OS seems so damm vulnerable is because its so popular. Lets face it when there's a will there's a way. Assuming if microsoft does goes down and Linux becomes popular I can almost bet you all you Linux fans would be whining how vulnerable Linux is once these crackers start tearing it up. Nobody cares about Linux, it is a third rate operating system. Even Panther is more popular than this Windows wannabe as even Apple had to update its operating system because of vulnerabilities. I would rather have Windows than Linux because as confident as you Linux users are Linux is not invincible, I guarantee you none of them would know who to handle a worm or vulnerability.

Score: 0

By M3wThr33

posted Feb 14, 2004 - 5:31 AM

Last I checked we depended on MS to fix their own errors. Assuming the open-source OS came to power, any flaws would easily be taken care of.

Score: 0

By Baggio

posted Feb 16, 2004 - 3:22 AM

And those people making those patches perform all the tests needed to make sure those changes don't break 1000's of applications that may have been written dependant on certain behavior. Bug fixing isn't as simple as just posting a fix. Time and money is invested in the testing of those fixes at Microsoft. OSS pressure to ship those fixes more quickly means that those fixes are allowed less time to bake, and might even be problematic. Just because a patch is made available to plug some security vulnerability in some Linux service, doesn't mean that the patch will work perfectly for everyone and all their programs. The same is true of Windows.

Score: 0

By normangerman

posted Feb 13, 2004 - 6:04 PM

I agree. Windows is SO much better than that stupid, wannabe Windows, dubbed "Linux". Linux and Apple are always copying Windows's suer interface. And while I like both Internet Explorer and Netscape 7.1, I would never choose any software I either don't like or I know is not secure. Windows IS secure, but it is constantly tageted by the hackers, probably Apple or Linux supporters.

Score: 0

By krimzn

posted Feb 14, 2004 - 3:48 PM

Please understand that LINUX is not a gui, and the CLI is nothing like the CLI that windows uses, so there is no way for LINUX to be a windows "clone", KDE and GNOME try and look like windows to some exstent, but they are not "linux"... In fact they run on almost ANY unix system, and can even be run on a windows system with extra supporting software.

Score: 0

By geodrive

posted Feb 14, 2004 - 9:07 AM

Normangerman: GUI is just graphics...

Score: 0

By normangerman

posted Feb 16, 2004 - 12:09 AM

GUI? That's old. Just wait until longhorn!. That will kick any OS, either Apple and Linux. When you enter Apple or Linux, you are present with a blank desktop, with nowhere to go. It's nothing for first time users. When you enter Windows, it tells you what to do
There. And all you linux supporters, which are the only ones who pay out Windows, stop winging because Linux is absoulte s***!

Score: 0

By ophis

posted Feb 16, 2004 - 5:38 AM

Very interesting thread indeed... shows what kind of users M$ are targeting primarily: gaming freaks and interactive couch potatoes who are clueless with an empty desktop! Must be nice to be that infantile... I do have to use computers for WORK...

Score: 0

By user unknown

posted Feb 14, 2004 - 1:10 AM

Don't mix up linux and linux.
Linux is much more than an X11-Desktop.
And I'm glad it is.
Did you ever browse through win2k - services? Small textboxes where you have to scroll by hand to a long, long, never ending line.

I'm sorry that KDE and GNOME are trying to be more similar to Windows, but you you know, where Windows itself found the idea of a graphical desktop?

And where the aqua-look is comming from?

There are dozen of desktop-systems for Linux, not only KDE and GNOME.
And my interest in the desktop is decreasing in 10 minutes, when I start working with the system.
It's only interesting for the time, you need to show it on TV (and it's only working 10 min, if it is windows :)

Last but not least: If you like to change it, you get the source of all those linux-desktops.

How do you avoid starting windows in GUI mode (to configure some services with APPROPRIATE tools)?

Welcome to the bazar!

Score: 0

By renegade75

posted Feb 13, 2004 - 11:17 PM

Also, you just contradicted yourself. You said you use Internet Explorer, then in the next sentence you said you refuse to use software known to be insecure. Well, Internet Explorer is the most insecure piece of software I've ever seen (more than Windows).

I mean think about it, how do you create so manay administrator exploits in a web browser? Buffer overflows are the only way I can think of. After the 50th overflow bug you'd think they'd take a hint. No, they just keep adding more buffer overflows.

Score: 0

By jaypatrick

posted Feb 18, 2004 - 10:48 PM

nope, IIS is the most insecure piece of software ever written :-)

Score: 0

By Microshaft

posted Feb 13, 2004 - 11:10 PM

normangerman,
When you were born the doctors must have forgotten to throw you out, how have you existed for this long, well your probably 13 or something

Score: 0