Say "No, Thanks" to Offers of Illegal MS Source Code

As a reminder to our readers, we are repeating the same advice we published in 2000, the last time Microsoft's source code was compromised. Don't look at it or you could contaminate yourself legally.

The Wall Street Journal reported today [October 27, 2000 -- Ed.] that Microsoft and the FBI are investigating an intrusion in which unknown attackers had access to Microsoft source code for three months. Although nothing purporting to be Microsoft source code copied in the intrusion has surfaced yet, any such code poses a legal risk to people who read it and to any free software project that accepts contributions from those people.

"Anybody who wishes to be involved in free software should have nothing to do with anything claiming to be Microsoft source code released without license or in any informal way," said Eben Moglen, general counsel of the Free Software Foundation and professor of law and legal history at Columbia University. Microsoft, he said, would be in a position to seek damages from anyone trafficking in misappropriated trade secrets, which can include merely reading the Microsoft code and then contributing to a free project.

If offered any code that implements Microsoft-like APIs, or uses Microsoft's file formats or protocols, the FSF will go beyond its normal legal paperwork to make sure that the contributor has not had contact with Microsoft's proprietary information. "We would certainly take additional measures to prove the absence of any relationship between developers and Microsoft's trade secrets," Moglen said.

Free software developers are already careful to keep themselves insulated from any contact with proprietary information. Jeremy Allison, one of the lead developers on the Samba project, said that his response to one anonymous offer of Windows NT source code was, "You're offering to end my career. Thanks but no thanks." And the Samba team, he said, will refuse to work with anyone who has seen Microsoft's proprietary code. "Anything we do has to be completely legal," he said. "There are plenty of people who can work on it who haven't seen Microsoft source code." His advice to anyone planning to write free software in the future is, "Stay away from [proprietary Microsoft source code] at all costs."

News reports blamed the Microsoft intrusion on aTrojan Horse program that installs when a Windows user opens an e-mail attachment in Microsoft Outlook.

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Another good reason to steer clear

Anonymous's picture

Besides... why introduce bad code into good projects? ;-) Please do us all a favour and keep Linux free of BSOD code.

Re: Say

Anonymous's picture

This could be a Microsoft invention, with the sole purpose of
having an excuse to sue the " Free software movement' and
possibly stop it, because it is a threat to microsoft monopoly!!
Think about it !!!!

Great advice

Anonymous's picture

Thanks for publishing such great advice. This is clearly the responsible approach that needs to be well understood by members of our community. Personally, I would not be surprised to learn that this "leak" was done intentionally in order to serve as "bait" to those that would risk compromising (knowingly or not) the integrity of some very important Free Software projects which deal with Windows compatibility. We shall see how this plays out....

Btw: that "News Reports" link doesn't actually resolve to anything useful.

Best

Adam Kosmin
WindowsRefund.net

Re: Great advice

frymaster's picture

my gut reaction to this advice is to cry "tinfoil hat". after all, even if the leaked source is viewed by an oss developer, redmond will still have to prove sufficient similarity in the source to get any satisfaction in court.

however... it's well known that microsoft forbids its developers from viewing any open code, most notably that which is under the gpl. maybe "the beast" has the right idea.

Re: Great advice

cig's picture

I personally agree, as a programer and as a FOSS fun.
For more info I suggest reading GROKLAW.
Does not give permanest answers, but its definetly worth reading (especially ppls comments).

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix