Past But Not ForgottenBy Matt Hines | Posted 2006-10-03 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
After several months of subtle jabs exchanged between Microsoft and vendors in the security applications space, it appears as if a formal antitrust fight over the software giant's business practices could be just around the corner.
In addition to its hold in the OS market, Microsoft's aggressive business practices and history with regulators could work against it in avoiding antitrust investigations over security, said Maxman, who previously represented U.K.-based software maker Silverware in an antitrust suit against Microsoft.
Other legal experts agreed that Microsoft's past battles with antitrust regulators in the United States and abroad will not be forgotten when those officials are presented with complaints from the software giant's security rivals.
On the same day McAfee railed against its partner's security efforts in Vista, Microsoft attorneys filed a new appeal over a multimillion-dollar fine the European Commission imposed on the company in July for failing to meet terms of its 2004 antitrust ruling against the firm.
"Everybody who finds themselves in Microsoft's way is going to complain, and because of the history, these companies will get more of a hearing than they might otherwise," said Bruce Abramson, an antitrust researcher and president of consulting firm Informationism, located in Cary, N.C.
"Based on the volume of issues being reported already, it seems unlikely that Microsoft will be able to appease everyone in the security industry, and at the same time there are regulators on both sides of the Atlantic who feel that Microsoft has treated the whole regulatory process with contempt; they will be receptive to these types of complaints."
Microsoft executives appear to view the notion of defending the firm's growing security interests as somewhat ironic, as one of the greatest criticisms leveled at the company's products over the years, specifically Windows, have involved the many vulnerabilities in the OS allowing for the propagation of computer viruses and other IT-based threats.
As the company moves Vista and its overarching security strategy forward, said Stephen Toulouse, Microsoft's security program manager, the software giant will remained focused on attempting to cut down on vulnerabilities and improving the computing experience for end users, many of whom are drowning in a sea of malware attacks that slow the performance of their PCs and attempt to steal their personal data.
"To the extent that people are concerned that there's tension [between Microsoft and its security partners], we want to point out the our first priority is always going to be protecting our customers, who have told us they want [Vista] to be more secure from engineering standpoint and to have more security features and functions onboard," Toulouse said.
"At the same time, we know that security is not a problem that we can solve by ourselves, and that our customers want choices, so we have been working very hard with our partners to help them build products that work well with Vista."
McAfee and Symantec have complained that among other issues, Microsoft is using PatchGuard to deny third-party software makers access to the 64-bit version of Vista's kernel, the software's fundamental building block code.
The Microsoft partners say the firm has fallen short on its promise to provide partners with the so-called development keys needed to build products that work as effectively as their existing applications, which are allowed to access the kernel in Windows XP and other iterations of the company's software.
Toulouse disputes the fact that the partners have not been given sufficient alternatives to accessing the Vista kernel, pointing out the fact that developers from both companies have been living and working in Microsoft's Redmond, Wash., headquarters, where he said they have been provided with full-time support for their product development efforts.
Blocking kernel access in 64-bit Vista was a security measure needed to counter emerging IT threats such as rootkit viruses, he said, and Microsoft's own products won't access the software's core for security monitoring purposes either.
Whether antitrust regulators are ready to accept the inclusion of comprehensive security features as a fundamental necessity to doing business in the operating system market is the question that will likely sit at the center of any litigation that will be heard over Microsoft's burgeoning security business, analysts said.
If the company is to succeed in its efforts to assuage fears that it is trying to take over the security applications market via its work with Vista, or otherwise, Microsoft will need to provide evidence that its future sales hinges on the addition of security features such as PatchGuard, that appear to put other companies at a disadvantage, according to Kieran Shanahan, a Raleigh, N.C.-based attorney who won a $89 million settlement against Microsoft in 2004 for violating North Carolina's antitrust laws.
"Hopefully they've learned from past encounters that a lot of people will be watching them, and that they will not be allowed to use their market position to cram additional products down customers' throats," Shanahan said.
"At the same time, they do have the right to try and integrate new technologies; if they can prove that they're only rolling security features into Vista to benefit customers, I'm not sure how regulators will view that as a questionable business practice."
Check out eWEEK.com's for Microsoft and Windows news, views and analysis.