MS preps all-new warez busting antitrust complying XP SP1

Spot the speed bumps...

  • alert
  • submit to reddit

Boost IT visibility and business value

Microsoft's 'Seattlement' Service Pack for Windows XP is to go into testing within the next few weeks, and will ship later this year. The company doesn't usually make a big marketing deal of Service Packs, but for legal compliance reasons WinXP SP1 is special, so it's been taking some journalists through what's in it, how it will work and how it will comply.

In order to meet the terms of the MS-DoJ antitrust settlement, Microsoft has to make it possible for PC manufacturers and users to be able to hide various pieces of middleware that are incorporated in XP. The dissenting states, as you're no doubt aware, have been pushing for more radical "rip 'em out" measures, but if the judge doesn't grant these and approves the MS-DoJ deal instead, XP SP1 is what you're going to get.

The software covered here is IE, Outlook Express, Messenger, Windows Media Player and Microsoft's Java Virtual Machine, and there will be four configuration options made available via a new control mechanism. You can have the Microsoft option, the original machine configuration (i.e. what the OEM decided it would ship you, but this is going to be most obviously applicable to new machines shipped by OEMs post-SP1 release), a non-Microsoft option that allows you to substitute non-Microsoft middleware, and custom configuration.

So far, so simple, but it gets interesting, if we pick a little at what Microsoft's Jim Cullinan has been telling people. Joe Wilcox from CNET, for example:

"If you have five different browsers on the PC and four of them are non-Microsoft, those four will appear there and you will have a choice to pick the default," Cullinan said. But software developers must write programs "so that they can register here" for the choices to appear. In the case where there is no third- party middleware installed, Microsoft software would appear in the list.

Unless we're gravely mistaken, this points to a characteristically Microsoft-ish implementation of the apparently simple task of shoving Microsoft software into the background somewhere and installing Navigator, Opera or Mozilla instead. "We're telling software developers how to register for this," Cullinan went on, so, in order to get themselves in on the grand middleware add/remove express, Microsoft's rivals are going to have to join what sounds rather like a Microsoft mini-developer program, participate in the SP1 beta and for all we know have the APIs related to the new control system disclosed to them. Does the new control system count as a new mini-UI, one wonders?

Gordon Bennett, as we say this side of the pond. And the apparent addition of some kind of new extra-special subset of and/or parallel structure to the add-remove system is just plain weird. For chrissake, you may wonder, why can't they just...? Or just...? We know we do.

It gets odder still, and more decidedly Microsoft-ish. The estimable Ted Bridis of AP has a nugget from Mr C that suggests a new tilting of the scales, as revenue-hungry PC manufacturers sit their oppressive bums on the one side.

"It also [writes Ted] could provide new revenue sources for hard-hit computer makers in a dour economy by encouraging software rivals to pay to distribute their own tools over Microsoft's wares." Cullinan explains: "These guys are going to pay OEMs (computer makers) to put it on there, and OEMs are going to take money or whatever it takes."

Isn't that clever? The OEMs ship Microsoft's middleware, which is then used by Microsoft to generate revenue opportunities for Microsoft. Microsoft does not pay them, because as all of this stuff is a part of the operating system, they have to pay Microsoft instead. But if they want to substitute alternative middleware, then here lies an opportunity for them to offset some of the cost of the MS Windows licence by demanding money from the suppliers of that middleware. We accept that they're obviously going to have to have a good reason for swapping out the MS middleware, and that this is likely to be money-related, but it's nice that Redmond is coming up with simple, direct ideas as to how this could work. Our friends in the Norse will be dead impressed, we feel sure.

Other highlights. SP1 will include USB 2.0 support, and Mira, Freestyle and Tablet PC support. It'll be about 40 megs, downloadable or for sale on CD for shipping costs, which will be sub-$10. It would, it occurs to us, make sense for the likes of Real, AOL and Sun to ship it, or at least the reconfiguration aspects of it, along with their own software, so we encourage them now to ask Microsoft if they can, and then tell us what the response is.

And one last thing readers who're no better than they should be should bear in mind about SP1. Microsoft is going to engineer it so that it won't work on a widely-warezed activation key, which as we recall escaped form a large friend of Microsoft beginning with D. It would appear that Microsoft does not intend application of SP1 to vape systems installed using that key, but simply to freeze them where they are, and to block their ability to use Windows Update. Microsoft has used service packs to disable installations it deemed pirated in the past, and we'd guess it's decided not to do this because it might hit legit systems by mistake, or generate adverse publicity from innocent victims.

Disabling Windows Update access does however up the ante, as it'll at least make it more difficult for readers who're no better than they should be to get hold of updates and patches. Long term it is also logical for Microsoft to try to make this impossible, not just difficult, so it's an area worth watching. And lastly, Microsoft is no doubt aware of considerably more compromised keys for XP than just the one, so we'd actually be surprised if it was just the D one that got nuked in SP1. You have been warned. (Well no, not you but this guy you know, OK?) ®

Related links:
Joe Wilcox on SP1
Ted Bridis on SP1

Application security programs and practises

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Do YOU work at Microsoft? Um. Are you SURE about that?
Nokia and marketing types first to get the bullet, says report
Microsoft takes on Chromebook with low-cost Windows laptops
Redmond's chief salesman: We're taking 'hard' decisions
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
EU dons gloves, pokes Google's deals with Android mobe makers
El Reg cops a squint at investigatory letters
Chrome browser has been DRAINING PC batteries for YEARS
Google is only now fixing ancient, energy-sapping bug
Big Blue Apple: IBM to sell iPads, iPhones to enterprises
iOS/2 gear loaded with apps for big biz ... uh oh BlackBerry
prev story


Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.