Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft, zlib, and Security Flaws

Posted by timothy on from the not-the-security-initiative-we-had-in-mind dept.

nakhla writes: "News.com is reporting that Microsoft's use of code from the open-source zlib library has led to possible security problems. The flaws in zlib were reported recently, and apply to several key Microsoft technologies, such as DirectX, Front Page, Install Shield, Office, and Internet Explorer. The article also mentions how this is not Microsoft's first use of open-source code in its software, but does point out that since zlib is not GPL'd they are under no obligation to release the source code to any of their products."

4 of 470 comments (clear)

  1. Darn! by sysrequest · · Score: 1, Flamebait
    "[...]but does point out that since zlib is not GPL'd they are under no obligation to release the source code to any of their products."


    Darn, and I thought they were caught with their pants down.

    But to me it still is interesting that a company that is trying to stomp every competitor, and is spreading so much FUD about any sort of free or open software is using it themselves. (We all knew that, I just thought I'd emphasize it again.)
  2. Slow, buggy M$... by IO+ERROR · · Score: 1, Flamebait

    Microsoft is still trying to determine which apps incorporated zlib code? My Linux box already has all its apps fixed. How long until M$ gets patches out? Weeks? Months?

    --
    How am I supposed to fit a pithy, relevant quote into 120 characters?
  3. Re:If we can't see MS's source by Mr+Windows · · Score: 2, Flamebait

    That's OK in principle, but how can anyone who looks at a piece of code know whether it really was written by MS or was GPLed with the serial number (erm, copyright notice) filed off? MS removed the copyright notice of zlib, according to the article, so it's not beyond them to do that with a piece of GPLed code. Not that I'd ever suggest that they'd do such a thing, but it's obviously very hard to check for plagarism (unless MS put all their code through turnitin!).

  4. Re:... pants on fire! by kz45 · · Score: 0, Flamebait

    then go to court to make them release all their software as Open Source.

    This statement proves that you hate MS products, solely on the basis of ideals (IE: Proporietary).

    Otherwise, why bother having the Microsoft source? They suck right?

    Just because microsoft used OSS in their operating system, doesn't make open source as a whole better. It makes the BSD stack better. this would have happened regardless of the license. (if it was any different, microsft probably would have just bought it).