Feeds

MS preps all-new warez busting antitrust complying XP SP1

Spot the speed bumps...

  • alert
  • submit to reddit

Security for virtualized datacentres

Microsoft's 'Seattlement' Service Pack for Windows XP is to go into testing within the next few weeks, and will ship later this year. The company doesn't usually make a big marketing deal of Service Packs, but for legal compliance reasons WinXP SP1 is special, so it's been taking some journalists through what's in it, how it will work and how it will comply.

In order to meet the terms of the MS-DoJ antitrust settlement, Microsoft has to make it possible for PC manufacturers and users to be able to hide various pieces of middleware that are incorporated in XP. The dissenting states, as you're no doubt aware, have been pushing for more radical "rip 'em out" measures, but if the judge doesn't grant these and approves the MS-DoJ deal instead, XP SP1 is what you're going to get.

The software covered here is IE, Outlook Express, Messenger, Windows Media Player and Microsoft's Java Virtual Machine, and there will be four configuration options made available via a new control mechanism. You can have the Microsoft option, the original machine configuration (i.e. what the OEM decided it would ship you, but this is going to be most obviously applicable to new machines shipped by OEMs post-SP1 release), a non-Microsoft option that allows you to substitute non-Microsoft middleware, and custom configuration.

So far, so simple, but it gets interesting, if we pick a little at what Microsoft's Jim Cullinan has been telling people. Joe Wilcox from CNET, for example:

"If you have five different browsers on the PC and four of them are non-Microsoft, those four will appear there and you will have a choice to pick the default," Cullinan said. But software developers must write programs "so that they can register here" for the choices to appear. In the case where there is no third- party middleware installed, Microsoft software would appear in the list.

Unless we're gravely mistaken, this points to a characteristically Microsoft-ish implementation of the apparently simple task of shoving Microsoft software into the background somewhere and installing Navigator, Opera or Mozilla instead. "We're telling software developers how to register for this," Cullinan went on, so, in order to get themselves in on the grand middleware add/remove express, Microsoft's rivals are going to have to join what sounds rather like a Microsoft mini-developer program, participate in the SP1 beta and for all we know have the APIs related to the new control system disclosed to them. Does the new control system count as a new mini-UI, one wonders?

Gordon Bennett, as we say this side of the pond. And the apparent addition of some kind of new extra-special subset of and/or parallel structure to the add-remove system is just plain weird. For chrissake, you may wonder, why can't they just...? Or just...? We know we do.

It gets odder still, and more decidedly Microsoft-ish. The estimable Ted Bridis of AP has a nugget from Mr C that suggests a new tilting of the scales, as revenue-hungry PC manufacturers sit their oppressive bums on the one side.

"It also [writes Ted] could provide new revenue sources for hard-hit computer makers in a dour economy by encouraging software rivals to pay to distribute their own tools over Microsoft's wares." Cullinan explains: "These guys are going to pay OEMs (computer makers) to put it on there, and OEMs are going to take money or whatever it takes."

Isn't that clever? The OEMs ship Microsoft's middleware, which is then used by Microsoft to generate revenue opportunities for Microsoft. Microsoft does not pay them, because as all of this stuff is a part of the operating system, they have to pay Microsoft instead. But if they want to substitute alternative middleware, then here lies an opportunity for them to offset some of the cost of the MS Windows licence by demanding money from the suppliers of that middleware. We accept that they're obviously going to have to have a good reason for swapping out the MS middleware, and that this is likely to be money-related, but it's nice that Redmond is coming up with simple, direct ideas as to how this could work. Our friends in the Norse will be dead impressed, we feel sure.

Other highlights. SP1 will include USB 2.0 support, and Mira, Freestyle and Tablet PC support. It'll be about 40 megs, downloadable or for sale on CD for shipping costs, which will be sub-$10. It would, it occurs to us, make sense for the likes of Real, AOL and Sun to ship it, or at least the reconfiguration aspects of it, along with their own software, so we encourage them now to ask Microsoft if they can, and then tell us what the response is.

And one last thing readers who're no better than they should be should bear in mind about SP1. Microsoft is going to engineer it so that it won't work on a widely-warezed activation key, which as we recall escaped form a large friend of Microsoft beginning with D. It would appear that Microsoft does not intend application of SP1 to vape systems installed using that key, but simply to freeze them where they are, and to block their ability to use Windows Update. Microsoft has used service packs to disable installations it deemed pirated in the past, and we'd guess it's decided not to do this because it might hit legit systems by mistake, or generate adverse publicity from innocent victims.

Disabling Windows Update access does however up the ante, as it'll at least make it more difficult for readers who're no better than they should be to get hold of updates and patches. Long term it is also logical for Microsoft to try to make this impossible, not just difficult, so it's an area worth watching. And lastly, Microsoft is no doubt aware of considerably more compromised keys for XP than just the one, so we'd actually be surprised if it was just the D one that got nuked in SP1. You have been warned. (Well no, not you but this guy you know, OK?) ®

Related links:
Joe Wilcox on SP1
Ted Bridis on SP1

Website security in corporate America

More from The Register

next story
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
'Windows 9' LEAK: Microsoft's playing catchup with Linux
Multiple desktops and live tiles in restored Start button star in new vids
iOS 8 release: WebGL now runs everywhere. Hurrah for 3D graphics!
HTML 5's pretty neat ... when your browser supports it
'People have forgotten just how late the first iPhone arrived ...'
Plus: 'Google's IDEALISM is an injudicious justification for inappropriate biz practices'
Mathematica hits the Web
Wolfram embraces the cloud, promies private cloud cut of its number-cruncher
Mozilla shutters Labs, tells nobody it's been dead for five months
Staffer's blog reveals all as projects languish on GitHub
SUSE Linux owner Attachmate gobbled by Micro Focus for $2.3bn
Merger will lead to mainframe and COBOL powerhouse
iOS 8 Healthkit gets a bug SO Apple KILLS it. That's real healthcare!
Not fit for purpose on day of launch, says Cupertino
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.