Windows products, developed and distributed by the Microsoft Corporation, have been criticized by numerous hackers and security experts over the years for having too many vulnerabilities and too few patch releases in a timely fashion.
Criticisms against Windows products continue to emerge and to attract media attention. For example, in February 2004, security experts said that there was a release of partial source code for Windows 2000 as well as for Windows NT, but that the release would probably not cause a major change in the security of the Windows products. The leaked code included only about 15 million lines of the Windows 2000 operating system’s 35 million lines of source code—not enough for software pirates to create entire copies. That was the good news. The bad news was that the leak may have provided additional ammunition for crackers and virus writers to exploit Windows products. It is conceivable, noted some experts, that even with only 15 million lines of source code publicly available, an interested and tech-savvy third party could create and distribute his or her own patches for Windows products, a move likely prompting Microsoft Corp. product users to ask themselves whether they are more at risk by installing a third-party patch or waiting for Microsoft to distribute their “official” solution to the problem.
The publication of the source code leak came as the Microsoft Corporation was under scrutiny yet again by leading security companies complaining about Microsoft’s tardiness in fixing Windows security vulnerabilities. The critics said that Microsoft took more than six months to distribute a patch for a buffer overflow problem affecting applications using the ASN.1 protocol to exchange data with Windows (including security-related applications using SSL certificates and Kerberos encryption).
Hassell, J. The Three Most-Overdue Windows Fixes. [Online, December 2, 2004.] TechTarget Website. http://searchwindowssecurity.techtarget.com/columnItem/ 0,294698,sid45_gci1030144,00.html; Richm. Windows Leak: Security Problems of Open Source, Without the Benefits. [Online, February 17, 2004.] Free Republic Website. http://www .freerepublic.com/focus/f-news/1079771/posts.