|
Win2k\NT4 Source Code Leak (pg. 2)
|
View this Thread in Original format
| OLDoMiNiON |
| quote: | | then you guys forget that these "important" machines are all behind firewalls and that these "important" companies are not at danger like you seem to put it. |
Yeah, you're correct in some respects. But i'm not really thinking about worms, with respect to large companies. I was thinking more along the lines of buissiness exec's with high level VLan access via laptops, or even desktop PCs. These people have little, to no expertese in windows, thus being volnerable from hacking attemps.
This is infact, it seems, the way in which the code leaked in the first place. The nimbda virus made its way onto such a PC, and when "removed", left behind not only it's tell-tale .eml files (zeroed in size, upon "removal"), but also the "backdoor" created by the virus in the first place. Someone simply port scanned the PC, connected up, and had a nice browse through their files ;)
Having atleast some of the windows source code in the open makes exploits a little easier to find, and much quicker to exploit.
| quote: | | note: i work at a provincial police org. and we haven't been bothered once by any of the worms and trojans this last year... |
Neither have i on my desktop.. a simple software firewall is enough. However, i think you overestimate the average buissiness' internet awareness. Sure, the securtiy conscious bussiness' might get away with it.. but all it takes is a few managers with root access, and lousy security, and things have the potential to go wrong, no? |
|
|
| whiskers |
| quote: | | Fourthly, for Microsoft to have this code paraded in public is hugely embarrassing. Not least because the code is littered with profanity and might show that many Microsoft programmers do not do a very good job. |
http://news.bbc.co.uk/2/hi/technology/3485545.stm |
|
|
| KilldaDJ |
| time to get red hat or mandrake... :D |
|
|
| ahlamalek |
a proper security practice involves firewalls between some sensitive VLANs. Not allowing people with their laptop connect at home on the net then come at work connect to the company's network, etc etc etc there's so many things you can do to proprely secure a network.
Why should manager have root access!?! thats playing with fire. its their fault if they get screwed.
Anyways, thats a long ass discussion and I still don't see why people are bitching at microsoft when qualified security people know that linux/unix isn't better if not worse. |
|
|
| St_Andrew |
| quote: | Originally posted by ahlamalek
Anyways, thats a long ass discussion and I still don't see why people are bitching at microsoft when qualified security people know that linux/unix isn't better if not worse. |
that's not true, there are far less security problems with linux than with windows.... |
|
|
| robin |
| the rar files are only 200 mb total (the version i've seen dunno if there are any other, i doubt it) while the total source code is well over 40gb (thats waht the news said here anyway) so if the are unlucky this is totally useless (which might be good for us, might not be good for us) |
|
|
| ahlamalek |
| quote: | Originally posted by St_Andrew
that's not true, there are far less security problems with linux than with windows.... |
hahaha whatever man ;) |
|
|
| ahlamalek |
| quote: | Originally posted by robin
the rar files are only 200 mb total (the version i've seen dunno if there are any other, i doubt it) while the total source code is well over 40gb (thats waht the news said here anyway) so if the are unlucky this is totally useless (which might be good for us, might not be good for us) |
Windows 2000 stands at 40 million lines of code, XP should be around that size too...
40 million lines of text could fit in a 200 rar file, but i
guess a load of libraries would be missing, making that 40 Gigs the news report is talking about. |
|
|
| Durafei |
| quote: | Originally posted by ahlamalek
Windows 2000 stands at 40 million lines of code, XP should be around that size too...
40 million lines of text could fit in a 200 rar file, but i
guess a load of libraries would be missing, making that 40 Gigs the news report is talking about. |
I think 40gigs is bull. Windows 2000 is not even that complicated a system compared to some others (IBM DB2 comes to mind) and I know from a good source that DB2 is around 3 million lines of code.
Lastly, I doubt this code will lead to any new security issues. It's very difficult to work on someone else's code, especially when large chunks are written in assembly. It would take at least a year for a single developer to learn what's going on. By that time MS is likely to fix some of the issues that that developer has found. |
|
|
| St_Andrew |
| quote: | Originally posted by Durafei
I think 40gigs is bull. Windows 2000 is not even that complicated a system compared to some others (IBM DB2 comes to mind) and I know from a good source that DB2 is around 3 million lines of code.
Lastly, I doubt this code will lead to any new security issues. It's very difficult to work on someone else's code, especially when large chunks are written in assembly. It would take at least a year for a single developer to learn what's going on. By that time MS is likely to fix some of the issues that that developer has found. |
yeah, shouldn't the source code size be smaller than the actually compiled windows...? |
|
|
| ahlamalek |
I did some research
NT 3.51 - 6 million lines of code
NT 4.0 - 16 million lines of code
Windows 2000 ~ 35 million lines of code.
so far Linux 2.0 - 1.5 million lines of code
Isn't DB2 a database engine? |
|
|
| St_Andrew |
| quote: | Originally posted by ahlamalek
I did some research
NT 3.51 - 6 million lines of code
NT 4.0 - 16 million lines of code
Windows 2000 ~ 35 million lines of code.
so far Linux 2.0 - 1.5 million lines of code |
you'r wrong again :p
first of all, 2.0 is a very old kernel, the current kernel is 2.6! secound, you can't just compare the kernel with a whole operative system such as windows... i know debian 2.2 (not the most current version, about 2 years old) consists of 55million lines of code :)
source: http://people.debian.org/~jgb/debian-counting/ |
|
|
|
|
