Sir Fredrick
Guest
linky link
As reported earlier this week by CNET News.com, a flaw in the zlib software-compression library could leave much of the systems based on the open-source operating system Linux open to attack.
On Thursday, researchers reported that at least nine of Microsoft's major applications--including Microsoft Office, Internet Explorer, DirectX, Messenger and Front Page--appear to incorporate borrowed code from the compression library and could be vulnerable to a similar attack.
...
Members of the open-source compression project, Gzip, have posted a list of nearly 600 applications that a detection program has flagged as using the zlib code. Nine Microsoft applications are included in the list: Microsoft DirectX 8, FrontPage, the next-generation Graphics Device Interface, InstallShield, Internet Explorer, Office, NetShow, Visual Studio and Messenger.
...
The license under which the zlib library is published on the Internet allows any company to use the code in any way it likes. Unlike the GNU General Public License, the library doesn't require that a company release its own source code in return.
Yet, the incident seemingly proves that Microsoft, despite dismissing open-source code publicly, has used software from others to create their own products.
This isn't the first time that Microsoft has included code from the open-source arena.
Some programmers have said that a technology, called the GS flag, which the software giant added to its newest compiler to prevent a common programming error, actually uses code from the open-source StackGuard project.
...
Evidence uncovered last summer points to the Windows operating system borrowing some networking utilities and possibly parts of the TCP/IP stack, the core software that allows networking and Internet connectivity, from the open-source Unix variant FreeBSD.
...
Microsoft has never denied that it would use open-source software, just that its programmers are prohibited from using code based on the GNU General Public License, which could force the company to publish its own source code.
...
For the library, the only license requirement is that a copyright notice be included in the program source-code, if released. Microsoft, which rarely releases source code, didn't need to include the string in the company's programs, but zlib creator Gailly wishes the giant gave credit.
"It bothers me that they removed the zlib copyright string from some binary versions," he said. In the future, he added, new versions of the library may include such a requirement.
As reported earlier this week by CNET News.com, a flaw in the zlib software-compression library could leave much of the systems based on the open-source operating system Linux open to attack.
On Thursday, researchers reported that at least nine of Microsoft's major applications--including Microsoft Office, Internet Explorer, DirectX, Messenger and Front Page--appear to incorporate borrowed code from the compression library and could be vulnerable to a similar attack.
...
Members of the open-source compression project, Gzip, have posted a list of nearly 600 applications that a detection program has flagged as using the zlib code. Nine Microsoft applications are included in the list: Microsoft DirectX 8, FrontPage, the next-generation Graphics Device Interface, InstallShield, Internet Explorer, Office, NetShow, Visual Studio and Messenger.
...
The license under which the zlib library is published on the Internet allows any company to use the code in any way it likes. Unlike the GNU General Public License, the library doesn't require that a company release its own source code in return.
Yet, the incident seemingly proves that Microsoft, despite dismissing open-source code publicly, has used software from others to create their own products.
This isn't the first time that Microsoft has included code from the open-source arena.
Some programmers have said that a technology, called the GS flag, which the software giant added to its newest compiler to prevent a common programming error, actually uses code from the open-source StackGuard project.
...
Evidence uncovered last summer points to the Windows operating system borrowing some networking utilities and possibly parts of the TCP/IP stack, the core software that allows networking and Internet connectivity, from the open-source Unix variant FreeBSD.
...
Microsoft has never denied that it would use open-source software, just that its programmers are prohibited from using code based on the GNU General Public License, which could force the company to publish its own source code.
...
For the library, the only license requirement is that a copyright notice be included in the program source-code, if released. Microsoft, which rarely releases source code, didn't need to include the string in the company's programs, but zlib creator Gailly wishes the giant gave credit.
"It bothers me that they removed the zlib copyright string from some binary versions," he said. In the future, he added, new versions of the library may include such a requirement.
