Feeds

Microsoft versus EC

Adequate response - but who remembers the question?

Protecting users from Firesheep and other Sidejacking attacks with SSL

Comment I went to a very interesting briefing with Microsoft last week, following up on the EC case documented here. Essentially, to comply with EC requirements the company has documented parts of its Windows Server code that were previously invisible to the outside world, and made this documentation available to its source code licensees.

But, does it really matter? The central question is supposed to be: "Has Microsoft done enough to convince the EC that it has provided an adequately documented code base to interested parties?"

From a developer's perspective, previously inaccessible elements of code are now as accessible to licensees, as code that was already available to MSDN subscribers. Documentation exists as Windows help files and is therefore as usable as other Windows help files, and the source is searchable and accessible through a simple but adequate browser-based system.

To say that these provisions are insufficient would be tantamount to saying that the Windows help system and the browser were inadequate mechanisms for text-based information access. Someone will have to spend the time to ensure that all the code is documented, and while they may identify weaknesses in the existing documentation, it is unlikely they will find too many gaps.

In other words, Microsoft’s efforts should be good enough for most developers that have the wherewithal to understand the code and, therefore, they are good enough for me.

There remain some open issues, notably around the licensing model itself - whether it is a workable framework for the competitors in the open source community, for example. Microsoft has made some efforts in this direction, but does stipulate that its code must remain private. Clearly, Microsoft is trying to balance openness with the need to protect its IP, but some may question whether it is going far enough.

Whatever the outcome, however, it becomes almost irrelevant, when compared to the real questions underlying the debate. Microsoft was instructed to open up its code to combat accusations of anti-competitive practices, and of abusing its pseudo-monopolistic position with desktops and departmental servers. The inordinately long and slow legal process links right back to the MS vs Netscape anti-trust cases in the US. The trouble is, whatever efforts Microsoft makes to open up its Windows Server code in the here and now, does not guarantee that confidence in the company’s desire to “"play fair" will be restored. Most importantly, however, the move won’t make a jot of difference to Microsoft's ability to compete.

There are a number of reasons for this. First, the scope is limited to Windows Server and doesn’t cover more current areas of direct competition – Microsoft Exchange, for example, has until recently locked out any direct connections with devices not running Microsoft software. Was this anti-competitive? You betcha. There are other examples – in the past we had C# and J# undermining C++ and Java, and today, Microsoft’s virtualisation engine should be subjected to far more scrutiny. In a bizarre twist, Microsoft itself is being prevented from developing features that should clearly be tied into the very heart of the operating system – anti-virus is one example, where these old legal battles are preventing legitimate innovation.

It’s the old adage: "if you want to get there, don’t start from here". The legal system is unable to keep up with a rapidly changing industry, so by the time anyone works out that company X is being uncompetitive to company Y, the world has already moved on and company Z has come from nowhere. In the midst of the browser wars, who expected such developments as Firefox or openoffice.org, or indeed Linux? There are plenty of other examples of where Microsoft doesn't have a monopoly, from gaming to Symbian.

Meanwhile, just as Bill Gates once predicted when talking about his fears, competition has come from left field, with the overvalued, industry darling, Google, establishing itself as a strong competitor and putting paid to the idea that Microsoft would take over the world. It seems laughable now, but there were plenty of people who believed it. Microsoft is the number three in the market, which is likely to see significant growth and innovation, and all bets are off as to who will dominate.

Meanwhile, Microsoft is using its position to push new technologies – Vista and Office 12 for example, or the small business suites from the likes of Navision and Great Plains – in ways that the EC may at some point in the future decide are anticompetitive. By then, however, it will be too late to do anything but follow through again with some ill-considered rearguard action.

Can anything be done at all? It is difficult to say, but the problem lies in the legislation, not the vendors. I would be looking at how software is imported into the EU, and considering import criteria on Microsoft that any new subsystems would require open interfaces that enable them to be swapped out and replaced with those of a competitor. The good news is, this is the way the world is going anyway, and Microsoft is following suit. No enterprise organisation will ever follow a floor to ceiling Microsoft model, and in the service based world, the historic walls between applications and software services are being forced open.

Microsoft knows that it is in its interest to open up a little if it wants to stay in the game. Technology constraints enabled Microsoft to get to where it was in the first place, but those constraints are no longer applicable. Even if Microsoft was anti-competitive in the past or abused its unique position, it is exceedingly unlikely that it would ever be able to do the same again, and any legal battle to rein it in or prevent it from doing so becomes less and less relevant.

Copyright © 2006 Macehiter Ward-Dutton

This article was originally published at IT-Analysis.com

The next step in data security

More from The Register

next story
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.