Microsoft versus EC

Adequate response - but who remembers the question?

SANS - Survey on application security programs

Comment I went to a very interesting briefing with Microsoft last week, following up on the EC case documented here. Essentially, to comply with EC requirements the company has documented parts of its Windows Server code that were previously invisible to the outside world, and made this documentation available to its source code licensees.

But, does it really matter? The central question is supposed to be: "Has Microsoft done enough to convince the EC that it has provided an adequately documented code base to interested parties?"

From a developer's perspective, previously inaccessible elements of code are now as accessible to licensees, as code that was already available to MSDN subscribers. Documentation exists as Windows help files and is therefore as usable as other Windows help files, and the source is searchable and accessible through a simple but adequate browser-based system.

To say that these provisions are insufficient would be tantamount to saying that the Windows help system and the browser were inadequate mechanisms for text-based information access. Someone will have to spend the time to ensure that all the code is documented, and while they may identify weaknesses in the existing documentation, it is unlikely they will find too many gaps.

In other words, Microsoft’s efforts should be good enough for most developers that have the wherewithal to understand the code and, therefore, they are good enough for me.

There remain some open issues, notably around the licensing model itself - whether it is a workable framework for the competitors in the open source community, for example. Microsoft has made some efforts in this direction, but does stipulate that its code must remain private. Clearly, Microsoft is trying to balance openness with the need to protect its IP, but some may question whether it is going far enough.

Whatever the outcome, however, it becomes almost irrelevant, when compared to the real questions underlying the debate. Microsoft was instructed to open up its code to combat accusations of anti-competitive practices, and of abusing its pseudo-monopolistic position with desktops and departmental servers. The inordinately long and slow legal process links right back to the MS vs Netscape anti-trust cases in the US. The trouble is, whatever efforts Microsoft makes to open up its Windows Server code in the here and now, does not guarantee that confidence in the company’s desire to “"play fair" will be restored. Most importantly, however, the move won’t make a jot of difference to Microsoft's ability to compete.

There are a number of reasons for this. First, the scope is limited to Windows Server and doesn’t cover more current areas of direct competition – Microsoft Exchange, for example, has until recently locked out any direct connections with devices not running Microsoft software. Was this anti-competitive? You betcha. There are other examples – in the past we had C# and J# undermining C++ and Java, and today, Microsoft’s virtualisation engine should be subjected to far more scrutiny. In a bizarre twist, Microsoft itself is being prevented from developing features that should clearly be tied into the very heart of the operating system – anti-virus is one example, where these old legal battles are preventing legitimate innovation.

It’s the old adage: "if you want to get there, don’t start from here". The legal system is unable to keep up with a rapidly changing industry, so by the time anyone works out that company X is being uncompetitive to company Y, the world has already moved on and company Z has come from nowhere. In the midst of the browser wars, who expected such developments as Firefox or openoffice.org, or indeed Linux? There are plenty of other examples of where Microsoft doesn't have a monopoly, from gaming to Symbian.

Meanwhile, just as Bill Gates once predicted when talking about his fears, competition has come from left field, with the overvalued, industry darling, Google, establishing itself as a strong competitor and putting paid to the idea that Microsoft would take over the world. It seems laughable now, but there were plenty of people who believed it. Microsoft is the number three in the market, which is likely to see significant growth and innovation, and all bets are off as to who will dominate.

Meanwhile, Microsoft is using its position to push new technologies – Vista and Office 12 for example, or the small business suites from the likes of Navision and Great Plains – in ways that the EC may at some point in the future decide are anticompetitive. By then, however, it will be too late to do anything but follow through again with some ill-considered rearguard action.

Can anything be done at all? It is difficult to say, but the problem lies in the legislation, not the vendors. I would be looking at how software is imported into the EU, and considering import criteria on Microsoft that any new subsystems would require open interfaces that enable them to be swapped out and replaced with those of a competitor. The good news is, this is the way the world is going anyway, and Microsoft is following suit. No enterprise organisation will ever follow a floor to ceiling Microsoft model, and in the service based world, the historic walls between applications and software services are being forced open.

Microsoft knows that it is in its interest to open up a little if it wants to stay in the game. Technology constraints enabled Microsoft to get to where it was in the first place, but those constraints are no longer applicable. Even if Microsoft was anti-competitive in the past or abused its unique position, it is exceedingly unlikely that it would ever be able to do the same again, and any legal battle to rein it in or prevent it from doing so becomes less and less relevant.

Copyright © 2006 Macehiter Ward-Dutton

This article was originally published at IT-Analysis.com

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
NSA denies it knew about and USED Heartbleed encryption flaw for TWO YEARS
Agency forgets it exists to protect communications, not just spy on them
prev story


Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.