Windows, Source Code, and Security
Sunday, February 15, 2004
The unauthorized release of some Windows source code this week has left people once again concerned about the security of the world's most widely used operating system. John Markoff of the New York Times, for example, references
security experts who say that “having even relatively small parts of the blueprints for Microsoft's Windows 2000 and Windows NT operating system as easily available reference material for potential vandals and troublemakers could complicate the company's already difficult task in securing its software”. The leaked Windows code apparently escaped from one of the third parties to whom Microsoft had licensed the source. Exactly how Microsoft is to blame for this isn’t clear, since the pressure on the company to make its source available has been intense, especially from governments. The more people who have source access, the more incidents like this we can expect.
I’m puzzled, though. Hasn’t the open source community been telling us for years that having source code available makes software more
secure? The rationale here is that thorough review by the good guys will find security holes before the bad guys can exploit them. I’ve never bought this argument for a couple of reasons. First, how realistic is it to expect that lots of unpaid open source developers will spend their free time going over other people’s code looking for security holes? The incentives are terrifically unbalanced: bad guys get the perverse satisfaction of seeing their exploit wreak worldwide havoc, complete with running coverage on CNN, while the good guys get nothing more than a quiet pat on the back from a few peers for plugging a potential hole. Which group is likely to put more effort into looking for security problems?
More important, I don’t buy the argument that making source code available improves security because the evidence doesn’t support it. As I argued in Opinari #6
last year, open source doesn’t appear to be any more secure than proprietary software. Having parts of the Windows source available on the Internet won’t help make it more secure because, no matter what open source advocates claim, letting attackers have access to source isn’t a good thing.