Feeds

Open source IE, license MSOffice, says rebel States' pitch

Large fly appears in MS settlement ointment...

  • alert
  • submit to reddit

3 Big data security analytics techniques

When it comes down to it the nine US States still dissenting from the Microsoft settlement probably are just flinging themselves in front of a speeding train, but their stab at alternative remedies proposals, which was published on Friday, is both intriguing and a welcome contrast to the document cobbled-up in the smoke-filled rooms by Microsoft and the DoJ. Open source IE, for example? Good heavens...

The salient difference between this document and the previous is that the States have made a reasonable attempt at identifying previous abuses, anticipating future ones and, step-by-step, explaining how the remedies they're proposing would tackle them. It's a pretty big problem, so inevitably they've come up with something that is wholly unpalatable to Microsoft, and that therefore could never have been achieved via a negotiated settlement.

The DoJ document, on the other hand, lists the relatively few concessions that could be achieved to form a negotiated settlement, then makes a futile and unconvincing attempt to explain why these will solve all the problems and tame The Beast. There is at least intellectual merit in the nine States having tossed this approach and devised something with internal logic and coherence instead.

The baseline requirements of the States' document bear some resemblance to some of those in the proposed settlement. There's an unbundling requirement, plus uniform licensing terms and conditions for OEMs, for example. But then it gets interesting; how do you rebuild competition in the browser market when Microsoft now owns practically the lot? And how do you give non-Microsoft platforms the ability to compete again when Windows owns practically the lot?

The "secure facility" for inspection of code reappears. This one was determinedly resisted by Microsoft, and fell on the cutting room floor just before the settlement was agreed. Here, however, the States are proposing that the facility be used to keep producers of non-Microsoft middleware up to speed on integration and interoperability, and this dovetails nicely with their proposals for IE and Office.

Under the States' proposals Internet Explorer would be open sourced. "Microsoft shall disclose and license all source code for all Browser products and Browser functionality." It would also have to do this for future browser products at least 180 days in advance of the release of the products. If the States' attorneys understand open source, they don't entirely make this understanding clear in the document; but you can see the objective.

If Internet Explorer is out there, available for use by any developer who wants it, and if Microsoft is forced to disclose all hooks and APIs that link it to the OS, then a fairly substantial roadblock has been placed ahead of future attempts at integration/bunlding/commingling, and what's happened so far might be eroded a tad. But depending on what the States mean by open source, or indeed what the courts decide it's going to mean as far as IE is concerned, the move could have odd, and possibly unwelcome, results.

If IE was fully GPLed, and open source developers embraced it (that's a very big if, but it's possible), then IE would remain the de facto standard, Microsoft would be free to incorporate other developers' improvements and innovations in its own product, and the rival browsers that do currently exist could well be road-kill. Opera, for example, is presenting itself to ISPs as a 'third force' browser that isn't affiliated to either Microsoft or AOL, and you can see how that might appeal to companies not allied or affiliated to either Beast. But if these ISPs could 'own brand' an implementation of IE with no strings attached, then would they bother dealing with Opera?

Alternatively, if the States/courts came up with some kind of open source licence variation of their own, and/or adopted something less than full-scale GPL, IE might well code-fork to death. But maybe that's what they have in mind.

The Office requirements are similarly drastic, but in a different way. Microsoft would be required to continue porting to Apple platforms, so Steve never gets menaced again, and it would have to auction porting licences for Office. Note that these will be porting rights to competing operating systems, not to produce rival versions on Windows platforms, so you do kind of wonder who's likely to bite. It might conceivably make sense for somebody to offer an alternative version for Mac, if the Mac counts as competing rather than as having been covered already by Microsoft's own porting obligation, but what else? Anybody doing it would also have to be pushing an alternative, almost inevitably *nix, platform on the desktop, which would be a pretty big, initimidating, bet.

The Office licensing and associated disclosure would though make it easier for companies to produce effective competitors to Office, so maybe we could see Sun springing for a licence.

Sun itself can smile about the proposed Java distribution clauses. Microsoft would be mandated to distribute "a competitively performing Windows-compatible version of the Java runtime environment" with all of its operating systems for a period of ten years.

There are other instances of tightening and toughening. There's a potentially messy section on compliance with industry standards (trying to cover de facto standards makes it even messier), and there's a compliance committee and a special master. Nor is there a gagging clause, as was inserted in the agreed settlement. Au contraire: "Any findings or recommendations by the Special Master... are not prohibited hereunder from submission or admission in any subsequent action or proceeding..."

One last small, but significant indication that the States have been paying attention is the anti-breakware clause. "Microsoft shall not take any action that... will directly or indirectly, interfere with or degrade the performance or compatibility of any non-Microsoft Middleware." This, along with the compliance measures, have provided a whistle-blowing route for a string of companies over the past few years, if it had existed.

Ed Black of the Computer & Communications Industry Association (CCIA) welcomed the proposal, while saying that additional remedies would also be appropriate. "Unlike the Justice Department's capitulation to Microsoft, this is a serious effort to curb the illegal monopoly conduct of the company and restore competition to the software industry. Perhaps the most striking difference between the States' proposed remedy and the Microsoft/DoJ settlement is that the States' proposal was clearly drafted by prosecutors seeking to enforce the law, while the settlement was obviously crafted largely by Microsoft to provide a means of evading the law."

The US consumer groups who've been pitching in also welcomed it, saying in a statement that "these remedies would go a long way toward preventing Microsoft from interfering with the open architecture of the Internet that has promoted innovation and stimulated economic growth."

But now, what will the judge say? Given that Microsoft was almost entirely intransigent in the DoJ negotiations, there's virtually no scope for the States' proposals to be turned into an agreed settlement. If she doesn't toss out practically the lot of them, then Microsoft won't agree, and the war goes on. ®

Related link

States' proposed remedies

SANS - Survey on application security programs

More from The Register

next story
OpenBSD founder wants to bin buggy OpenSSL library, launches fork
One Heartbleed vuln was too many for Theo de Raadt
Got Windows 8.1 Update yet? Get ready for YET ANOTHER ONE – rumor
Leaker claims big release due this fall as Microsoft herds us into the CLOUD
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Ubuntu 14.04 LTS: Great changes, but sssh don't mention the...
Why HELLO Amazon! You weren't here last time
Patch iOS, OS X now: PDFs, JPEGs, URLs, web pages can pwn your kit
Plus: iThings and desktops at risk of NEW SSL attack flaw
Next Windows obsolescence panic is 450 days from … NOW!
The clock is ticking louder for Windows Server 2003 R2 users
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Red Hat to ship RHEL 7 release candidate with a taste of container tech
Grab 'near-final' version of next Enterprise Linux next week
Apple inaugurates free OS X beta program for world+dog
Prerelease software now open to anyone, not just developers – as long as you keep quiet
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.