Microsoft, meanwhile, has not disclosed how much of the source code was compromised. The company is cooperating in the FBI's investigation of the case. FBI officials did not return telephone calls seeking comment. Microsoft spokeswoman Stacy Drake said that the company is investigating the incident and that there is no indication of a breach in Microsoft's internal network.
The leak is one of many security embarrassments that Microsoft has suffered in the past several years. It also is the fourth major security-related problem the company has dealt with in February alone.
On Tuesday, Microsoft alerted customers to a vulnerability present in nearly all versions of its operating system that experts called one of the most serious threats to Internet security in years. That flaw, which would allow hackers to get inside people's computers, remotely control them and seize personal information, resides in an area that has been a fundamental part of Windows for several years.
"This latest flaw shows that we have to shift our attitudes in the way we look at security," said Ken Dunham, director of malicious code for Reston, Va.-based computer security company iDefense. "We can no longer assume that just because a system has been working for a long time that it ain't broken. The threat to security has always been the unknown, and that problem is only going to get worse with the release of this source code, not better."
Unlike open-source software like Linux, much of Windows's code is not open for public inspection. Linux users are encouraged to participate in an open, continuous cycle of modifications that its proponents say results in systems that are more secure and reliable than Windows.
Making the Windows code more public could help improve its security, but only if those who discover additional security holes give Microsoft time to fix the problems before going public with their findings, many security experts said.
But many programmers fear a legal reprisal from Microsoft if they admit to having seen the code, said Thor Larholm, senior security researcher at PivX Solutions, a Newport Beach, Calif.-based software developer.
Larholm said that programmers who write applications for Windows could be barred from doing so in the future if they are found to have viewed the secret source code. Several security researchers interviewed for this story said they could not risk poring over the code for flaws, though Larholm said malicious hackers would have no such inhibition.
"Everybody's major concern is if they get a copy of the source code you're not clean anymore," Larholm said. "Microsoft has a lawyer team from hell so nobody wants to mess up with them."
Computer experts said that the code may contain clues about who is responsible for the leak. Researchers found a file inside the code that contained the name and e-mail address of a top executive at Mainsoft Corp., a San Jose, Calif., company that has licensed Microsoft's source code since 1994.
Mainsoft released a statement saying it is cooperating with the FBI and Microsoft.
