EU And Microsoft Clash Over Vista Security

An anonymous reader wrote to mention coverage of further clashes between Microsoft and the EU, this time over security in Windows Vista. Microsoft is 'urging' the EU to allow all of the security elements of Vista to remain intact. The EU seems to be under the impression it's not asking for security to be lax; it just wants the software company to ensure a fair playing field for all businesses. From the Newsday article: "European Union officials warned Microsoft Corp. on Tuesday not to shut out rivals in the security software market as the company plans to launch its Windows Vista operating system with built-in protection from hackers and malicious programs. EU spokesman Jonathan Todd told reporters that the European Commission is "ready to give guidance to Microsoft" concerning Vista but added that it was up to the U.S. software maker 'to accept and implement its responsibilities as a near monopolist to ensure full compliance' with EU competition rules."

Here's a thought

[Desolator144]

How about they release a European version with no seucrity and we all sit back with some popcorn and watch as they all get hacked. Not that Microsoft security works or anything but least it makes hacking more challenging and slows em down a bit. I wish I lived in Europe because about a third of my computer repair jobs are caused by Norton.

Re:Here's a thought

I can't help but agree. I think they're taking this monopoly thing too far, while we're at it why don't we ban condoms and force kids to bareback since other, more creative forms of birth control aren't getting a fair shake?

Re:Here's a thought

[TransEurope]

Well, but there are more ten one company which produces condoms :D And the Anti-Baby-Pill is widely used for birth control in Europe. Especially in GB, D, F. Most of the girls i know are using "The Pill".

The solution

[SCHecklerX]

The solution to me seems to be the approach used in linux, bsd, whatever. Fully document the security APIs, or command-line tools to configure the security aspects. Let other vendors write their GUIs for controlling security, such as firewalling, using that API. Let people pick the tool that fits their needs best, while all providing the same type of security through the OS.

Re:The solution

[QuantumG]

It's not like the concept of an application firewall even exists on Linux. If you download random binaries you find on the internet and run them using root, or your regular user account, it is considered your own damn fault if said program contains a trojan which DDOSs someone or deletes everything in your home directory. Linux application security consists of "run it as 'nobody'" or "just don't do that." Clearly this is not a realistic option on Windows, where regular day to day usage of your computer includes exploring the massive catalog of software available on the Internet, and so an application firewall is a sensible precaution. Personally I see absolutely no reason why this should be a third party product. The operating system should enable the user to mediate and control what programs do for them.. that's one of the reasons we have operating systems (the other major one being to abstract and share the hardware). Just because Microsoft has been ignoring the need for this level of control for years doesn't mean that it should remain provided by third parties for ever. If they can do it better than Microsoft, and surely they can, then Microsoft should certainly be prohibited from interfering with them providing this software, and the third party security software developers really have nothing to worry about, do they?

Re:The solution

[walt-sjc]

Linux application security consists of "run it as 'nobody'" or "just don't do that."

You are ignoring SELinux.

Re:The solution

[QuantumG]

No, I'm not.

Re:The solution

Justify your response.

Re:The solution

[WhiteWolf666]

Not to mention AppArmor, which is far more fine-grained than any Microsoft notion of security.

Re:The solution

[swillden]

It's not like the concept of an application firewall even exists on Linux.

Sure it does. It's not difficult to firewall at an application level in Linux, and there is at least one tool (fireflier) that provides a nice GUI for managing such firewall rules.

Few people bother, because there's simply not much need, but it's not at all accurate to say that it doesn't exist.

Linux application security consists of "run it as 'nobody'" or "just don't do that."

Or run it in a chroot jail, or run it with fine-grained mandatory access controls from SELinux, or ...

Unix/Linux application security provides lots of different options. That they're more commonly used for securing Internet-facing services than for locking down random local apps acquired from untrusted sources is because there's little need, not because the security tools don't exist. I used to keep a chroot jail configured just to run random little apps. These days I run such stuff in a virtual machine instead, but that's just because I find it more convenient.

Re:The solution

[johansalk]

> "Clearly this is not a realistic option on Windows, where regular day to day usage of your computer includes exploring the massive catalog of software available on the Internet"

I would call the 15,000 packages or more on Debian repositories quite a massive catalog.

Re:The solution

[WhiteWolf666]

Let me quote some AppArmor literature. It's really vastly superior to Vista, in that AppArmor isn't a "hacked on" bandaid, but a fundamental hook into the lowest levels of the system; AppArmor has incredibly fine grained controls; and AppArmor is not terribly difficult to work with.

Security Through LSM: Linux Security Modules Interface
To achieve security (non-bypassability) mediation methods like AppArmor need to be inside the kernel. AppArmor originally was a kernel patch, but that imposes major problems for distribution and deployment, especially for enterprise users. To achieve kernel-grade security without requiring a kernel patch, Immunix Inc. (who developed AppArmor prior to Novell's acquisition) developed a feature for Linux 2.6 called LSM: Linux Security Modules interface. LSM provides a kernel API for modules that allows loadable modules to do effective access control mediation. Other participants in LSM development included the SELinux community, IBM, and assorted other open source community developers.
Mediation at layers other than the kernel, e.g. in libraries, leads to bypassability: if an attacker can induce arbitrary code execution in a confined application (e.g. buffer overflow) then they can cause the program to call the kernel directly instead of through the library, thus bypassing the mediation. Moreover, such mediation is best done deep inside the kernel, rather than by intercepting system calls
Transparancy Through Familiarity
To achieve transparency, AppArmor uses all-classical UNIX security semantics, but applies them to programs. An AppArmor policy specifies the set of POSIX.1e capabilities that a program can have, and specifies the set of files it can access. The POSIX.1e capabilities are specified by name. The files are specified by absolute path names, including embedding shell-syntax wild cards, followed by access modes (R, W, and X, with a bit of embellishment). So an AppArmor policy to confine ntpd (the network time protocol daemon) looks like this: /usr/sbin/ntpd {
#include
#include
#include
capability ipc_lock,
capability net_bind_service,
capability sys_time,
capability sys_chroot,
capability setuid, /etc/ntp.conf r, /etc/ntp/drift* rwl, /etc/ntp/keys r, /var/lib/ntp/drift rwl, /var/lib/ntp/var/run/ntp/ntpd.pid w, /var/lib/ntp/drift/ntp.drift r, /drift/ntp.drift rwl,
}
Keep in mind this stuff can be created from GUI.

From here, it would be relatively straightforward to hand-craft security policy for applications through a combination of expert knowledge and trial and error. However, that would be so tedious that the vast majority of developers and users would refuse to put in the work. To further improve transparency, AppArmor includes a "learning mode" to allow policy to be built by running the application and observing what it does. In learning mode, the rules are not actually enforced, but violations are logged, and process forking is tracked, so that the log of an application's execution builds up a characteristic description of the application's activities. AppArmor includes a log analysis program that scans the log, prompts the user with questions, and automatically creates a program profile. Learning mode and the log analyzer are also capable of incremental improvement of the profile if one already exists, but omits some necessary rules.

Application Security and System Security

An individual application can be secured using an individual profile, but how to secure a system? A vital question in securing any system is "against what threats?" We could profile all of the programs on the system, but that would be a lot of effort, and in most cases unnecessary. For instance, consider the network threat model: we wa

Re:The solution

[walt-sjc]

Then you don't understand it. I suggest you read the FAQ.

For example this gem: These goals include controlling raw access to data, protecting the integrity of the kernel, system software, system configuration information and system logs, confining the potential damage that can be caused through the exploitation of a flaw in a process that requires privileges, protecting privileged processes from executing malicious code, protecting the administrator role and domain from being entered without user authentication, preventing ordinary user processes from interfering with system processes or administrator processes, and protecting users and administrators from the exploitation of flaws in their browser by malicious mobile code.

Re:The solution

[WhiteWolf666]

Please ignore (or nega-bomb) this idiot.

Saying:
"Linux application security consists of "run it as 'nobody'" or "just don't do that."'

is similar, if not even less informed, than saying, "Windows application security consists of maintaining proper backups and running everything in a virtual machine".

Linux application security consists of a variety of kernel level APIs that can be controlled by admin-level userspace programs. Unlike Windows Security Center (which, as far as I can tell, consists of an ugly GUI and a couple minor "up-to-date" hooks into Spyware soft/Firewall soft/Anti-virus software), the Linux security APIs give you extensive control on a fine grained program-by-program, user-by-user and even thread-by-thread basis, far surpassing anything dreamed up and then cut from Longhorn, let alone the crap that made it into Vista.

See my other post for the AppArmor summary.

Re:The solution

Are you aware that such "fine grained" security API exists in Windows since at least 2000 ? And I wouldn't be surprised if NT4.00 also had it.

Re:The solution

[Vancorps]

Your knowledge of Windows security is just as ignorant. If security stopped with the Security Center which is just a tool users can check to see if something got turned off by accident then Microsoft would be going backrupt tomorrow. That's just way off base and ignores even basic file permissions. If you want all of the security features in one place then you open up the Security policy by running the mmc and either apply a template or modify the policies that the system is governed by. These policies also affect firewall rules and application level permissions. It's far more than you make it out to be.

You are correct about the ignorance of the parent poster however, that is equally as absurd.

Re:The solution

[howlingmadhowie]

it's not about that. the problem is that if microsoft includes security tools in its operating system, less third party tools would be bought. the industry which currently offers employment to many thousand people would be destroyed. microsoft would achieve this not because their products would necessarily be better (although they do have a home advantage), but because of their status as a monopoly. they do not have to conceal their apis, they just have to move into the new market.

Re:The solution

[xarak]

Doesn't resolve the fundamental problem of a hole in the core API.

However, agreed that the open source model provides two advantages:
  - quicker fixes to such problems (with X vendors concerned, even without community support this will be FAST
  - not necessarily the same APIs everywhere; let crackers crack 5% of the market. Wahey, wahoo! Anyone is going to be more motivated if they can take out 80% of the market. This is true in nature; diversity lives longest.

Re:The solution

Linux isn't ready for the desktop until you can do eveything in GUI and never type commands like... mcc... No, wait!

Re:The solution

[cyber-dragon.net]

Problem being most of that is rather easily bypassed due to poor implementation and the fact for a lot of applications to work the have to be run as administrator which overrides all these settings and allows access.

Poor security modeling at it's finest. Security only works if it is not so intrusive it still allows you to do what you need to do. At the point security interferes with usability it goes out the window because people will simply bypass or turn it off. Microsoft's "ok" windows are a perfect example. The same window with the same text appears so often users are trained to just hit the ok button to get rid of the annoying window. This in effect makes it so said window may as well not even pop up for all it's effectiveness in securing the system.

Any diatribe on "training the user" is a moot point as it is a fact this does not work and thus needs to be taken into consideration in implementing security. Both Linux and OS X manage to do this, allow third party security apps which are more common than built in, and do not sacrifice usability in the slightest. Microsoft is the ONLY one who cannot seem to grasp these concepts.

Re:The solution

[QuantumG]

and absolutely none of that will help you monitor and protect yourself from what arbitary code can do as your user.

Re:The solution

[Penguinisto]

"It's not like the concept of an application firewall even exists on Linux."

Oh, damn... guess I don't need this iptables thingy then...

/P

Re:The solution

[QuantumG]

network firewall != application firewall. Get a clue.

Re:The solution

[Vancorps]

I don't think anyone was saying their weren't problems with the model. But a comprehensive one does exist. The model works if employed properly which means playing with permissions. This is the job of a systems administrator such as myself. I have no problem running most software as a local user because I under how it works and how I can grant access to users without compromising the whole thing. It's far from perfect but it is a lot more than the parent poster made it out to be just the grand parent shorted security on Linux.

I guess I agree is not a "training the user" point but a training the admin point. I've not seen any platform properly deployed with an admin that had no training on the platform they were administering. Microsoft's biggest problem is trying to appease everyone, they grasp the concepts just fine but their policies of appeasing home users as well as corporate users with the same basic OS is what is getting in the way. It supposedly makes development easier since they can concentrate on one OS but in reality it adds complexity because you're trying to please everyone with the same OS even though their needs are inherently different.

Apple fails at this as well, if you ever try to do something with OS X that Apple didn't deam obvious then you're shell scripting your way out of the problem.

Re:The solution

[swillden]

nd absolutely none of that will help you monitor and protect yourself from what arbitary code can do as your user.

Huh? It absolutely does! On a fully locked-down SELinux system, the configuration would, by default, deny every application permission to read from or write to any files, use the network, etc. Specific applications would then be given permission to access/write to specific areas of the file tree or use specific other services that they are known to need. In that sort of environment, you could download and run a random app from the web, but it wouldn't actually be able to do anything until you specified what it was allowed to do. Properly-installed packages would have their permissions set during installation, so they're allowed to do the things they're supposed to do, but randomly-downloaded code would fall into the default category which allows them to do nothing.

On a more realistic system, the default would probably permit the app to read/write a scratch directory within the user's home directory, and if the app tried to step outside of those limits, the user would be prompted to ask if the app should be allowed to do what it's trying to do.

SELinux provides very fine-grained access control, at the application level and independent of user permisssions. Of course, that access control is in addition to, not in place of, the traditional Unix system of permissions and/or a filesystem-based ACL system.

Re:The solution

[Penguinisto]

Pardon me, Oh Holder Of All Clues, but you may want to look down upon this humble prole's post and read this:

"Iptables is also able to work on higher layers, such as the Application layer." (ref. below).

Ergo, it can be used as an application firewall. While most users won't go near doing so, it does work as such - you can even script it as such.

ref: as a quick insta-googled example

/P

Re:The solution

[cyber-dragon.net]

Wish I could mod you up... most well thought out comments on the matter I have seen in some time.
Does not change my mind granted, but you had some excellent points for me to consider ;)

Re:The solution

[drsmithy]

Problem being most of that is rather easily bypassed due to poor implementation and the fact for a lot of applications to work the have to be run as administrator which overrides all these settings and allows access.

Microsoft shares absolutely zero blame for applications (needlessly) require Administrator privileges to run.

Re:The solution

[walt-sjc]

It's clear he doesn't understand selinux, doesn't want to understand it, and refuses to believe facts when presented to him. That's fine, that's his right, just as it's his right to run windows and get malware. In fact, I fully support that.

European beer party

[edxwelch]

"When Microsoft failed to meet Commission requirements, the EU executive fined the company another 281 million euros (about $350 million) this summer. "

All I want to know is when we get our 2*281 million euros?
If you divide that by the population of Europe you get about 3 euros each, that's enough for at least a beer each.

Re:European beer party

[edxwelch]

by the way don't get too finicky about the maths in that calculation, it's probably wrong

Re:European beer party

In the Czech Republic 3 Euro is more like enough for SIX beers each...

Re:European beer party

Pivo prices must really have risen since I've last been there.. (6/7 years ago)

Re:European beer party

[edxwelch]

What size beer 300 ml?
There's a bar where I live in Spain where you can get a beer for 40c ;)

Re:European beer party

you'd be doing well to get a pint of Guinness these days for 3 euro.
they should throw a few quid more to the Irish as the beer prices are expensives

Re:European beer party

Microsoft Windows, free as in beer...

Re:European beer party

[kailoran]

Actually, if you wanted it really cheap, you could probably get a beer for around 20c in the Czech Republic.

Re:European beer party

Yeah, it sure is. There are about 440 million people in the EU after the expansion. That gives you only 1.27 EUR per person. But as long as you're drinking in Slovakia (about .40 EUR per beer), it's still about 3 beers each. :>

Come to think of it, it's probably more beer because of the expansion. I guess the other option would have been to go to somewhere such as Spain for .75 EUR beers for 360 million people. But that would be merely a disgraceful 2 beers each.

We still need to factor out the teetotalers to get any accuracy, but perhaps they would prefer other libations. Maybe a couple grams of Amsterdam's finest. It's truly amazing that Microsoft can finance such a large party. :)

Re:European beer party

[dogod]

amusing

that could be their new marketing slogan

Vista does do that..

[cybrthng]

You can use whatever firewall you want, both in software and hardware. You can use whatever virus scanner you want, both software and hardware. When vista pops up with the security center it doesn't even focus on Microsoft products - your first choice are compatible third party products.

So what is the point of all of this?

The other security implementations would be like asking Unix to allow replacement of Sudo, root and user permissions and replace it with a third party app that would just give you want you were wanting to begin with in the first place.

Re:Vista does do that..

[scuba0]

The question was "not to shut out rivals in the security software market" and you are saying, "it is possible to switch". Your argument is true in that way that people can change, but at that limitless knowledge that every Windows user seem to have that is a very far reach. To the people that are having trouble using Word or not even knowing there is a choice, is there really a choice? Back to the question, how do you solve the problem with the rivals or do you just throw them out of the window? I Would be happy not to need any anti-virus, encryptions and so on if I could but to leave that and trust Microsoft when they say secure and not having any rivals at that area is actually scaring me.

Re:Vista does do that..

[nsayer]

The other security implementations would be like asking Unix to allow replacement of Sudo

The irony here is delicious. sudo is, in fact, a third-party replacement for the su command. You may not think so because Linux distros have been including it for a long time, but of course Linux (or GNU/Linux, if you insist) != Unix(tm).

Re:Vista does do that..

[eldepeche]

The solution to that problem is open source evangelism and so on, not expensive and pointless intervention in the market. Remember "Windows XP: no media player edition"? No one bought it. How well is "Windows Vista: Not Even Pretending To Be Secure Edition" going to sell? You're not providing people with a choice, you're just punishing Microsoft.

Re:Vista does do that..

[WhiteWolf666]

No No No.

The other "security" implementations would be like asking Unix to allow admin userspace programs to access the Linux Kernel security interfaces, manipulating operating system controls on a real-time bases.

Which is exactly what the Linux Security Modules project did

The Linux Security Modules (LSM) project provides a lightweight, general purpose framework for access control. Contemporary computing environments are increasingly hostile. Adding enhanced access control models to the kernel improves host security and can help a server survive malicious attacks. Security research has provided many types of enhanced access controls effective for different environments. The LSM framework allows access control models to be implemented as loadable kernel modules.

RedHat/Fedora use SELinux. openSuSE uses AppArmor. You could invent your own Kernel Security software.

See the difference?

Re:Vista does do that..

[vadim_t]

Linux security is very customizable.

First of all, sudo is just a normal application, that can be replaced. Second, there's PAM, which allows you to plug pretty much anything into the security system. You can replace the mechanism for password entry, authenticate with a fingerprint or an USB flash drive, etc, and have it all automatically integrate with existent software -- you don't even need to patch tools like su and sudo to accept different authentication methods, as it's handled through PAM.

Same goes for firewalling, nothing stops you from building whatever UI you want to talk to netfilter. You can ignore iptables completely, which is just an userspace tool.

Then the kernel has a whole system of security hooks which is used by things like SELinux. New security models can be integrated.

Re:Vista does do that..

That's OK with me. Take the money and ru^H^H^H^H take it again :)

Re:Vista does do that..

[arose]

And if all that fails you are still free to hack the kernel appart and put it together around your product.

Re:Vista does do that..

[DaveWick79]

The underlying thought here is that some people think it is better that Windows not implement security features, based on that they would be in competition with products that provide those security features. This whole premise is absurd - to leave a necessary feature, especially a security feature, out of windows because it might step on someone else's toes.

What is Microsoft's other choice? Leave out security software and be roasted for leaving it out? What makes you think 3rd party vendors could provide security packages that are better than Microsoft's? You'd just end up with multiple patches and multiple serious problems down the road. What happens when Joe user installs patch 1 from Vendor A, then 6 months later switches to Vendor B and installs their patch 2? What a mess.

The comparison of MS Word being used because it comes bundled is not realistic at all. If Word is not bundled on a machine (which much of the time it is not unless the user specifically chooses to have it pre-installed), that user will still have to find a product to use and install it. How does that differ from having Word and not being happy with it - all he has to do is find a different product to use and install it.

I absolutely agree that I'd rather not have to use third party software to keep my system secure. If they indeed do a good job. As long as you have the option to turn the default built in tools off and install your tool of choice, I think MS has done their best job. They would be seriously amiss to just ignore the issue and count on the end user to implement their own software - much of the time it's not going to be done and the system will be left vulnerable.

Re:Vista does do that..

[JackieBrown]

Yeah. Maybe because it was difficult to even find a place to buy it at.

Re:Vista does do that..

[drsquare]

The question was "not to shut out rivals in the security software market"

So what? I don't want an operating system to be released without necessary components just so some third-party can make money off me. There shouldn't be any need for third-party add-ons, as far as I'm concerned virus checkers and firewalls are basic functionality.

Next Google will be suing Microsoft to not include an email program so gmail can make more money.

Re:Vista does do that..

[scuba0]

You are saying that Microsoft does not have a choice, thats because they have never needed to. Sure I'm pretty hard on that Microsoft will have to do something that isn't damaging the rival companys. But what I really don't like with Microsofts politics is that they have realised that their software is bad and now they are filling up that "hole" by implementing something that "might" fix the problem (if it is discovered) aka. anti-virus software. Microsoft has made treamendous upgrades in their basic security. But they still need to include new security features that check if the system has been compromised. If the same vendor that can't secure their software is going to handle the cleaning of the system, I'm pretty worried. The "choice" that you are talking about is just third-party software. To open a dialog with other parts how to make it better and not ignoring other security experts.

Re:Vista does do that..

[scuba0]

I'm not providing people with a choice because that is not by problem. EU has challanged Microsoft because it is [b]they[/b] who has to give that choice to people. Is that so hard to understand, or have you not read or understood what the charges from EU is?

Re:Vista does do that..

[scuba0]

Who is it that has made virus-software a demand on the market? Microsoft is after more than 10 years of needing third-party security software suddenly providing their own exactly the same solution as the third-parties. The problem is that Microsoft is not giving people or the rivals any choice. If you are worried about paying for the software, you actually already pay Microsoft for their security software so what is the different, you don't like to bills instead of one or what? No you are absolutely right, there should not be any need of "third-applications", as anti-virus, adware and such but tell that to Microsoft who is the only producer of systems that need it. I hope the last line was sarcastic cause "optional" software is not the same thing, and if you really want to now, you can use GMail with any client that can handle POP3/IMAPI. (GMail is a service not a software.)

Could we get any more vague?

[Sloppy]

What lame articles. Neither one says what the hell the thing being bundled is, other than "security" as though security could possibly be a product or module.

Ok, one of the articles made a brief mention of a firewall. Is all this noise about something as mundane as a software firewall?

Re:Could we get any more vague?

[scuba0]

Yeah, because I would never want to use a software firewall in the first place. Who would if they could, and if there is a hardwareoption the first thing I would do was to remove all traces of Windows "security" package... (But thats in a world where Microsoft actually allows me to remove their built-in so called "features".

I think i know what the EU means...

[d3m0nCr4t]

They don't want to make Vista less secure, they just want to avoid that MS starts to integrate more and more 'features' neatly tied together as so called 'security'. Eg. further integration of the MS firewall in Vista, possible integration of anti-virus software in Vista. Because MS is still walking the same path as before, and doing the same as before (Netscape, anyone ?). So it might be better to warn MS from the beginning, then to react when the damage has been done.

Re:I think i know what the EU means...

[kcornia]

Me, I think this is a knee jerk reaction to the complaining that security software companies have been doing lately. Your post sums it up, EU sees this as another potential "embrace and extend" scenario when they read the bitching by Symantec/McAfee, etc., and starts beating the drum.

To be honest, it seems like most of the features MS is trying to put in, while long overdue, aren't features that are meant to cut out security companies. They're meant to secure the OS like it should have been from the beginning. Cutting out the security companies is more of a byproduct IMO.

Re:I think i know what the EU means...

[DigitlDud]

What the EU wants is irrelavent. Microsoft added security features to the OS in response to customer feedback. I think users should have a greater say in what goes into the OS not governments.

Re:I think i know what the EU means...

[eldepeche]

Hear, hear! Mod parent up.

Re:I think i know what the EU means...

[MooUK]

However, the major security companies have already found ways to hack round all this to make their products work - and if they can, so can malicious people. So what's the point in having it? It just makes the security companies have to spend more money, increasing the cost to the user in most cases. That's about it.

Re:I think i know what the EU means...

[MooUK]

EU competition law is being broken. If the population of Europe wants those laws changed they can try to get something done. As it is, MS is breaking the law and is being punished for it.

Re:I think i know what the EU means...

[tokul]

I think users should have a greater say in what goes into the OS not governments.

Users can't control companies. If government does not restrict what companies can do, they will go only for own profits and ignore possible affects on users, environment or other companies.

Re:I think i know what the EU means...

[Danga]

I agree completely. Why the hell do people get pissed off when MS includes basic, handy tools such as the windows firewall? For the average user that is just fine for them. For other people who want more custimization and features there is ZoneAlarm, Kerio Personal Firewall, etc. I think it would be great to have more basic tools included with the OS so I can get simple tasks done but if those simple tools eventually just aren't enough I can still go buy a better featured product from another company. That is how it should be.

Re:I think i know what the EU means...

[Tim+C]

What the EU wants is eminently relevant, if MS are breaking or are in danger of breaking EU law.

Part of the cost of doing business in a particular market is abiding by the laws of that market. If the EU passed a law banning use of the colour green in operating systems, MS would have to obey or face the consequences, no matter how ridiculous the law may seem.

Re:I think i know what the EU means...

I agree with you completetly. The only reason anti-virus companies are even in business is due to the defects of the Windows OS security wise. Why is Microsoft not allowed to improve their own product? Sure it may cause other companies to loose business; but this is Microsoft's OS. If the consumer doesn't agree with the practices of Microsoft they can either buy a Mac or install linux. No one is forcing you to buy a computer with Windows only; sure that may be what the majority of computers are sold with but that's because it's what people are used to and want. The average joe could care less if Mcafee goes out of business; as long as his computer works as it should. I own a MacBook and have recomended it to many people; however most of them refuse to learn a new OS since they have been using Windows all their lives.

Re:I think i know what the EU means...

[dvice_null]

And who do you assume is selecting the individuals for these goverments you so much dislike? That's right, the users.

Re:I think i know what the EU means...

[howlingmadhowie]

no no no. the job of a government isn't to follow the whims of the people but to produce a just system where the minority (independent security software producters) is not oppressed by a tyrannical majority (microsoft).

Re:I think i know what the EU means...

[AceCaseOR]

EU competition law is being broken. If the population of Europe wants those laws changed they can try to get something done. As it is, MS is breaking the law and is being punished for it.

Well then. This now begs the question of what to do when laws meant to encourage competition hurt consumers by making software less secure. Frankly, I see no problem with Microsoft bundling a software firewall with Vista. I wouldn't connect any computer running any OS to the internet that wasn't running at an absolute minimum a software firewall (that includes OSX or Linux).

Now, if you want to, put ZoneAlarm for Vista on your computer, you still have to download it first. Now, you could download it on another computer, burn it to CD, and then sneakernet it over to your Vista machine. Personally, I'd rather just enable the Vista software firewall, download ZoneAlarm on the Vista machine, and then install it, and if the EU Comission thinks that doing things that way is "discouraging competition", then they've been spending too much time in hash bars.

Re:I think i know what the EU means...

[Teun]

What the EU wants is irrelavent. Microsoft added security features to the OS in response to customer feedback.

Wrong.

It might have been dissatisfaction of the users that finally persuaded MS to start working on security.
But we see this security is not superior code of the OS but it is a separate application.

And that's where the regulators have to step in, the market for applications should be free but MS is by means of it's monopoly on the OS and the bundeling of the securety features shutting out others.
This will result in permeating the MS monoculture with all it's inherent dangers.

That's what the EU is trying to adress.

And I hope they (the EU) have learned from the media player fiasco and insist that there should be a realistic price difference between the fully loaded offering vs. the 'light' version.

Re:I think i know what the EU means...

[falconwolf]

Personally, I'd rather just enable the Vista software firewall, download ZoneAlarm on the Vista machine, and then install it

From what I understand though Vista is such that you can't uninstall it's firewall and install ZoneAlarm and have it work. I use ZoneAlarm now and I love it, especially the controls it offers. Like being able to allow some websites to use cookies, javascript, and objects while blocking other websites from using them. I'm planning on getting a MacBook Pro when Apple releases one with the Merom, Core 2 Duo, cpu and I'm looking for a firewall for the Mac that gives me the same controls, I'd get ZoneAlarm if they offered it on the Mac but they don't.

Falcon

Re:I think i know what the EU means...

[DigitlDud]

No, EU competition law IS broken. Microsoft's competitors exploit the legal system for their own gains.

Re:I think i know what the EU means...

[Weedlekin]

Whereas the US system isn't broken because Microsoft exploit it for their own gains.

Re:I think i know what the EU means...

[Magada]

These ways are flaws, and not supposed to be there, and can be removed at Microsoft's leisure.
(or whim). These are the good guys, fer chrissakes! They can't rely on dirty hacks to do business.
From another, no less practical, point of view, whatever sinks its notional teeth into the kernel is in a privileged position wrt keeping everything else out.

Security should be inherent in the OS

[paladinwannabe2]

It's hard to say what should be inherent in the OS and what shouldn't. However, most forms of computer security should be inherent to the OS and not part of some third-party solution. For instance, I want my OS to be resistant to running arbitrary code and be able to give me control over and info about programs and processess are running on my computer. If I have to get third party support to do those things the OS is failing me.

Re:Security should be inherent in the OS

[Mancat]

I want my OS to be resistant to running arbitrary code

Arbitrary code? You mean unsigned code? So, what you want is DRM.

and be able to give me control over and info about programs and processess are running on my computer.

Hi, my name is Task Manager. I was born in 1993. Nice to meet you, sir. Also, meet my good friends tasklist.exe and taskkill.exe.

Re:Security should be inherent in the OS

[mrjb]

The current anti-virus business is mainly built on loose ground: (the lack of) security in the main OS that they support. As the OS gets more secure, the need for AV software greatly diminishes, and it is likely that some AV companies will go out of business as a result of it. At this moment, however, this hardly seems the problem yet, as most security issues are addressed by "patches" rather than real solutions: antivirus, anti-spyware, anti-whatnot, which when bundled with the OS would be unfair competition to Antivirus-software houses.

As said- Europe isn't demanding reduced security, but fair competition. But even when 'fair' competition is allowed and security keeps improving, the software houses that provide security solutions should seriously consider rethinking their strategy as they may become redundant and go out of business anyway.

So, seeing that the anti-virus business is in a lose-lose situation, I guess they concluded they might as well cry wolf. This isn't impressive- it's just money talking. So am I defending MS on this? No (of course not- this is slashdot). I think the AV business should be allowed to compete. I just don't think that it will make much of a difference, in this case.

Re:Security should be inherent in the OS

Hi, my name is trojan. I was born before Task Manager. I have my own Task Manager. You'll only see what i want you to see.

Re:Security should be inherent in the OS

[LocalH]

Arbitrary code != unsigned code. Arbitrary code simply means code that is not intentionally executed by the user. For example, a form of arbitrary code would be code inside of a data structure, which XPSP2 can already protect against (either utilizing hardware+software or software-only DEP).

Re:Security should be inherent in the OS

[eldepeche]

I think the AV business should be allowed to compete.

So, let them compete. With history as a guide, do you really think MS's AV software will be good enough to replace all AV products on the market?

I always marvel at the people who think the only way to preserve a free market is for the government to intervene in it.

Re:Security should be inherent in the OS

[roman_mir]

Arbitrary code? You mean unsigned code? So, what you want is DRM. - this statement does not follow from this statement - I want my OS to be resistant to running arbitrary code

Actually it is impossible to understand what exactly the GP means by I want my OS to be resistant to running arbitrary code, but if I had to guess he means that he does not want his/her computer to run some code covertly without authorization of some sort.

Regardless, of what the GP means, it looks like the parent is implying that DRM is inherently a 'bad' idea. (I use quotes around the word bad, because everything is relative and there is no one and only one bad and what is bad for some is good for others.) I beg to differ, I don't believe that DRM is bad as an idea, it has its own purpose and I have discussed the details of this earlier, so I don't want to get into it at this moment, but realize that DRM is just a tool.

Re:Security should be inherent in the OS

In other words, Windows doesn't have "inherent" security, but an immune system tacked on top of it. As long as there is an immune system with different components each with its own control panel, Windows will look to the EU like n pieces of software bundled together.

Re:Security should be inherent in the OS

[99BottlesOfBeerInMyF]

The current anti-virus business is mainly built on loose ground: (the lack of) security in the main OS that they support... So, seeing that the anti-virus business is in a lose-lose situation, I guess they concluded they might as well cry wolf.

You're missing part of the picture. First, MS has a monopoly on the desktop OS. Second, they allowed a market for these security products to develop. As a result, it is illegal for MS to bundle a firewall or anti-virus program, or otherwise illegally tie it to their monopoly OS.

The correct solution to this problem is one MS does not like. That is, instead of constantly taking them to court over each individual infraction of this sort, when they willfully disobey the law as part of their business plan, break the company up so it no longer has a monopoly to abuse.

Hear me out on this. If MS was divided into multiple companies, one for applications, and two for desktop OS's, and both of these latter companies are given full rights to the existing source code for Windows, then MS will no longer have a monopoly. They won't have to worry about including a firewall or antivirus or a Web browser or a media player. It will all be 100% legal. They will just have to worry about giving customers what they want, because they will be in competition with one another and with other OS providers. Their lock-in will be broken and the market can go back to behaving properly. MS shareholders will get their stock doubled or quintupled or whatever. Everyone will be happy, except the MS executives who have built a business model on breaking the law in a way that they will no longer be capable of.

This is probably what would have happened in the first place in the US, were our politicians not so easily bribed by MS's vast fortune. The EU is unlikely to do this for political reasons. MS is an American company first, and it is really the US's place to take this action. So long as Americans vote out all the corrupt scum that currently run our government and elect people who aren't corrupt, this solution is likely to come about. So remember, just vote for the person who isn't a crook on the next couple of ballots. I'll leave it to your judgement to figure out which candidate that is.

Re:Security should be inherent in the OS

[Petersko]

"So, let them compete. With history as a guide, do you really think MS's AV software will be good enough to replace all AV products on the market?"

Maybe not for every single user. However, it doesn't have to be the best product on the market - it just has to be good enough. If the large majority of users are successfully protected, then that'll do nicely from their standpoint. The "power" users who continuously surf free porn and pirate web sites will probably benefit from using the most secure protection possible. The others will get by just fine with the built-in product. And those are the customers the antivirus companies are terrified of losing.

I agree though. Let them compete. If it destroys the business of the Nortons of the world, well... their product pisses me off anyway.

Re:Security should be inherent in the OS

[MooUK]

The market is NOT free if the company providing the OS is adding security features that, oh so coincidentally, prevent companies other than themselves from providing security software.

Re:Security should be inherent in the OS

[Flyboy+Connor]

True, but consider this:

When I buy a car, I expect it to have tires. However, when I drive a lot through the snow, I might want special tires which make driving through snow easier. As it is now, I can simply buy those better tires and put them on my car.

The point that the EU wants to make is that if you buy Windows and you are not content with one of its features, you should be able to replace that. And the feature which they ask that for specifically is one that has been replaced by many third-party vendors because the product that Microsoft delivered sucked. What Microsoft tries to do with Vista is make this feature - security - integrated in the system in such a way that it cannot be replaced. And that is a deliberate move. From Microsoft's point of view, a move to get rid of some competitors. From the user's point of view, a move that gives them less choice and forces them to place their trust in a company on a very sensitive issue which that company has shown in the past not to take very serious.

Re:Security should be inherent in the OS

[Vancorps]

Let me know when a company does this and then your statement will be relevant. Complaining that current products don't work on Vista? Complaining AV broke when Microsoft released SP2 for XP? They didn't remove the ability for these companies to operate, they changed the way this worked and as a result they had to modify their code. This is par for the course, even happens with security products on Linux or any other platform. APIs change and especially Microsoft's case they need to change. No one is preventing security software companies from installing products, they are changing the way this happens and possibly negating the need for the existance of said security software. Since they exist because MS has traditionally had a security problem it only makes sense that they are scared when MS implements new technology that has the potentional of reducing the need for said 3rd party products. It's not a crime and breaks no laws even in the screwy EU. It is clear they just want to punish MS and will grasp any reason they can to do it. That's not to say that MS doesn't deserve it but let's not base decision on false-pretenses as that doesn't actually help anyone.

Re:Security should be inherent in the OS

[Vancorps]

Sorry, your analog seems apt but I don't think you understand what you're applying it too. Microsoft hasn't locked out security companies and 3rd party tools can and do exist to extend the functionality of Vista. What deliberate move by MS are you referring to? Closing a lot of the gaping holes in the previous OS? Punishing someone for improving their product really doesn't seem like a bright idea even if they do have a near monopoly. I think if fines are to be dulled out they should at least choose a valid reason and not just make up reasons that are completely absurd.

From a Microsoft point of view they are trying to improve their product so corporate customers remain happy and corporate customers have long known the risks associated with running Windows. The thing has had security problems in the past. It makes perfect and ethical business sense to close these holes. Sorry if the AV companies can no longer rely on the same exploits. Perhaps they will have to create proper installers now. Ever tried to remove the Mcafee security suite from a computer? It ain't easy.

Re:Security should be inherent in the OS

[NoOneInParticular]

I always marvel at the people who think the only way to preserve a free market is for the government to intervene in it.

Without government intervention, Standard Oil would be the only oil company in the United States, asking 10 bucks a gallon. You would still be paying AT&T both for local and non-local calls. Cable would also be controlled by a singly company. There would be three banks, that would determine the prices of their products collaboratively. You would have many networks, all controlled by Fox. General Electric would do all the engineering (having eaten up Honeywell and Schlumberger), Sony would control the entertainment industry, and Microsoft would be Microsoft.

Free market? Think not.

Re:Security should be inherent in the OS

[deathsquirrel]

I always marvel at the people who think the only way to preserve a free market is for the government to intervene in it.

I marvel at people that think there is any such thing as a market free of government. The rules established for trade by the government and the system of laws that enable a reasonably free society ARE the 'free market'. A market without infrastructure or rules isn't one I'd want to do business in...heck it's hard to even call 'me want, me bigger, you unconsicous' a market.

Re:Security should be inherent in the OS

[Flyboy+Connor]

The deliberate move is to integrate the security measures in such a way in the system that they cannot be removed, nor providing third-party vendors with the necessary APIs to interface with the system to provide alternatives.

It's like making a new model of a car with the tires welded to the wheel casings.

And about McAfee: I fucking hate it. What a load of user-unfriendly crap these guys are producing.

Re:Security should be inherent in the OS

[jZnat]

I don't think arbitrary means what you think it means...

Re:Security should be inherent in the OS

[Teun]

If I have to get third party support to do those things the OS is failing me.

Ignoring the semantics of 'arbitrary code' I would say even 1st. or 2nd. party support is wrong.

The code should by design be resistant to mallicious processes.

And untill such time the monopoly called MS should allow any one (company) to help the users to combat the inherent weaknesses in the OS.

A security monoculture by MS (or any one else!) would be a wreck waiting to happen.

Re:Security should be inherent in the OS

[Vancorps]

Not sure where you got your information on that. That is not what is happening with Vista at all. You can still shut-off the Vista firewall and use the McAfee firewall without any penalty. You can choose to disable the malware protection as well and choose to rely on Mcafee as well if you deemed it was necessary. So it's not like welding the tires or even just the rims. It's about standardizing the axle which is different on the newer model. This happens all the time.

Re:Security should be inherent in the OS

[drsmithy]

The code should by design be resistant to mallicious processes.

Can you objectively (ie: programmatically) define "malicious" ?

Re:Security should be inherent in the OS

[LocalH]

In the context of the original post, I believe it does.

Forcing the EU courts to back down

[Vandil+X]

It looks like Microsoft is simply using Vista as a way to force the EU to back down or be the ones responsible for EU nations to not have Vista when everyone else gets it.

This is a win-win for everyone, really:

1. Such a delayed release would be the ultimate proof of monopoly. Stifling an entire continent. Courts will churn. MS heads will roll.

2. Delayed EU Vista means at least part of the world's computer infrastructure will work when Vista's new DNS scheme allegely will break teh Interweb everywhere else. (I don't have the link... google it)

Re:Forcing the EU courts to back down

[The+Dalex]

Um, if the EU is refusing to allow Microsoft to sell their product, how is that Microsoft's fault? It sounds like the EU is the one doing the stifling, asking for a special version that complies with their regulations. I prefer to have a secure OS, myself, and the EU doesn't for some reason.

Re:Forcing the EU courts to back down

[6ULDV8]

If EU laws specify behavior, why should MS or any other business be allowed to circumvent those laws simply for commerce.

If you don't like the laws, change them. But for the EU to allow exceptions based on vendor wealth is silly.

As for the secure OS... How about MS fixes the root cause instead of offering add-ons for "protection money"?

Re:Forcing the EU courts to back down

[falconwolf]

I prefer to have a secure OS, myself, and the EU doesn't for some reason.

I want a secure OS myself, but I don't want anyone else to dictate to me how to make it secure. If the built in security doesn't meet what I am looking for I want to be able to install software that will give me the control I want. Right now I use ZoneAlarm on my PC, which is old, but I plan on getting as a replacement a MacBook Pro. Mac OS X has a built in firewall but it doesn't allow the level of control ZoneAlarm does on my PC so I am looking for another firewall for the Mac that will give me that control. I don't mind MS putting more security into Windows, actually I welcome it, but I want to control it and be able to install third party solutions if they work for me. Neither of these articles address that though and I don't know if it will be possible in Vista.

Falcon

Time For Exec Housecleaning Up In Redmond

The days of Microsoft execs bluffing down any who dared stand in their way are gone for good and Microsoft is stuck with a top level management team that only knows that one strategy.

EU enforcing competition rules, the Xbox 360 fiasco, and the continuing rise of Linux/open source - Microsoft needs something more than a bunch of attack dogs repeatedly banging their heads against a brick wall in Europe to deal with the huge amount of trouble the company is in these days.

Message to EU: STFU

[The+Living+Fractal]

Seriously, this is just plain stupid. An OS should be able to protect itself from malicious programs etc. If something or someone is preventing my OS from running the way it should be, or running at all, I sure as heck want the OS to be able to fix itself or prevent it from ever happening in the first place. I'd rather not have to wait for a third-party vendor's program to get updated etc.

Can someone tell me why nobody is going after Apple? It seems like the EU is persecuting Microsoft for trying to make a good product. Apple's OS sure doesn't leave a lot of room for antivirus/spyware companies to make products... Yet the EU isn't bitching and moaning about it, are they?

I'm tired of their whining. Microsoft, I hope you ignore them, by making your product more secure (as long as you aren't selling the security separate, BIG point there) you are in the right, and I hope you tell the EU to take a hike. Nobody I know is going to NOT buy your product because it's more secure.

TLF

Modularization

[theckhd]

This was brought up by someone in another discussion in a different context, but I think it applies equally well to Microsoft's current problems with the EU.

If they would simply modularize many of the components that come with Windows, they might wriggle out of a lot of legal troubles.

For example: I go to install Windows from scratch. On the installation screen, i get a list of components...
[x] Windows OS (base system, required)
[_] Internet Explorer
[_] Windows Security Center
[_] MS Firewall
[_] MS Antivirus
[_] MS Anti-Malware

etc.

I can check any of these things that i like, and they'll be included in the installation. For OEM installs, they could just include everything by default.

Most importantly, make them removable through Add/Remove Programs, so that if i decide at a later date that I no longer need a feature, i can uninstall it completely.

Suddenly a lot of the monopolistic legal troubles get much less worrisome for Redmond. EU worried about MS including Anti-Virus or Firewall? No problem, make them un-checked in the default install. Leave them on the disc, and make them freely available for download at the MS website to make it abundantly clear that they're a free service.

Not that I expect them to do any of this of course, but it would certainly help reduce the amount of resentment that many people feel towards them, even from their own users.

Re:Modularization

[pe1chl]

This seems reasonable, but are the Linux vendors taking this approach?

When I install SuSE Linux, it installs SuSE Firewall. When I want to uninstall it, a whole list of other items that "depend on" this SuSE Firewall pop up, hindering its removal.
The best thing I can do is "disable firewall", but it still remains installed (mostly a set of scripts to manipulate a very complex set of iptables rules that never gets loaded because it is disabled).

Also, are you sure "security" and "optional components" would remain limited to a list like that?
For example, one would like to see:
[ ] Only allow signed drivers to be used in the system

Re:Modularization

[Amendt]

"We are the borg, we will assimilate you" If only the EU could stand up to Steve's hurling of chairs. :)

Re:Modularization

[ptr2004]

Lets pick another example of lets say openoffice

Give an option of picking during install

[_] File Open Menu

[_] View Menu

[_] Tools Menu

Its all very easy to do in practice but no company wants to deal with customer complaints / bug reports when there a zillion permutations of said software

Re:Modularization

[Xiph1980]

I'm sorry but that's a false analogy. No-one would want to remove the file menu.
What you can do though is:

[x] OOo Calc
[x] OOo Write
[x] OOo Impress
[0] ASpell spell checker
+- [0] English
+- [0] Dutch
+- [0] French
+- [0] Italian

etc.
But then again, they already do that (apart from the aspell, you need to manually install that)...

Microsoft gives non of these options. They only provide 1 option at installation, which is on which partition you would like to install the OS.
If I want to exclude programs from my installation, or change stuff like the program files folder / drive, I need to fiddle with a deployment package, or with nLite.

Re:Modularization

[razor150]

You idea is a good idea, and if MS was smart they would do it. However, imo, they shouldn't have to. Out of the box and OS should be able to surf the internet, play music/videos, and be secure from hackers/viruses/spyware. Providing that functionalaity should be considered the reponsibility of the creator of the OS and not 3rd party vendors. If it isn't able to do that out of the box it isn't much use to me. IMO it should be considered the responsibility of the user of the OS to find software that better fits their needs or that is just better. The EU is to busy trying to protect software companies from the laziness or stupidity of Windows users. Even if people had the options you stated above 80 to 90% of Windows users would install everything on that list and never look for third party solutions anyways. Is that MS's fault or the consumers fault?

Re:Modularization

[DamnStupidElf]

For example: I go to install Windows from scratch. On the installation screen, i get a list of components...

This already exists in the unattended install (SIF) files in the [Components] section, you just have to know which components to turn off. You can find a list of all the components in the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Setup\Oc Manager\Subcomponents. We use this to not install games, MSN, and a few other odds and ends. It probably wouldn't be hard at all to just plug a GUI in front of the basic Windows installer (or before components are installed at least) that modifies the installer file. At the very least you can customize the installation CD to get rid of some garbage.

Re:Modularization

[jgmitchell]

[ ] Only allow signed drivers to be used in the system

That was an option last time I looked

Re:Modularization

[swillden]

The EU is making up the rules as they go along, so why should Microsoft make changes before the EU dictates exactly how they want Vista to look if they're going to get fined anyway?

Bah. The EU is not making up the rules as they go along -- the EU commission has clearly enunciated the principles. Microsoft insists on pretending not to understand the principles and on pushing the limits of whatever specific rules they force the EU to define. If Microsoft were to honestly try to facilitate interoperability the EU wouldn't have to define specific rules for every little issue, because the appropriate actions are really quite obvious.

Microsoft's approach is appropriate given that they do not want to be any more open than they're forced to be, but they certainly don't have any room to complain that the EU isn't telling them what they need to know.

Re:Modularization

[Coryoth]

When I install SuSE Linux, it installs SuSE Firewall. When I want to uninstall it, a whole list of other items that "depend on" this SuSE Firewall pop up, hindering its removal. The best thing I can do is "disable firewall", but it still remains installed (mostly a set of scripts to manipulate a very complex set of iptables rules that never gets loaded because it is disabled).

I think the important point here is that in many ways SuSE is closer to an OEM than it is to Microsoft. They don't exclusively build the vast majority of what goes into a SuSE system, rather they gather together and package a vast array of software from diverse sources that everyone else who wants to make a distribution has equal access to. Sure they may have proprietary add-ons, but you can (and many people have) produce a system that is largely identical to SuSE, simply with a few bits swapped out for something different. Because of that SuSE can't monopolise the market - at least not unless they start building the better chunk of their OS out of their own proprietary work, at which point it won't be much a "Linux" distribution anymore.

Look at it this way - imagine there is a third party that makes software that does X, and tomorrow SuSE starts packaging their own proprietary software to do X. The third party will have an easy enough time going to other Linux distributions and making a case for why they ought to include the third parties software with their standard distribution - and even if there were no other distributions in existence besides SuSE it would be (realatively speaking) easy enough to start one. If the third party felt strongly enough about this they could always do it themselves.

So yes, distributions bundle a lot of software. The point, however, is that there is an open market as to what gets bundled. If someone writes a better Linux office suite then they can lobby distributions to bundle that instead of OpenOffice. If no-one does, they can always bundle it themselves in their own distribution - if the office suite really is that much better then their distro will quickly gain a following. The hard part with Linux bundling is that a lot of the software that is currently bundled is free, and its hard for third parties that charge for software to compete with that. It doesn't mean it can't happen of course, you just need a different model: note that realplayer, and acrobat reader are bundled with some distributions.

Re:Modularization

[pe1chl]

My point is that the SuSE Firewall is a SuSE product, other products are available that do the same thing, yet you cannot uninstall it because other parts of the system have been coded as "depend on" SuSE firewall (and not "a firewall").

I know it is possible to remove it, but the same is true for Internet Explorer. You only need to know how, and you must have a real intention to go forward with it. It is not like you have a free choice to select the firewall you want (or decide to work without one, e.g. behind another firewall).

Of course, the situation is much better than with Windows. But it is not like "with Linux you are free to choose your own software and with Windows you are not". Especially for users without in-depth knowledge, the options are always somewhat limited.

Re:Modularization

[Coryoth]

I'm just saying that it is relatively easy to pick a version of Linux remarkably similar to SuSE that doesn't have SuSE firewall. Find me the opportunity to readily pick a version of Windows that doesn't have IE and I don't think I would be at all concerned about IE's integration into a version of Windows.

Re:Modularization

[NoOneInParticular]

You're mistaken. Take a look at the assertion you object to: "with Linux you are free to choose ... and with Windows you are not". And before that you come with an example of bundling in SuSe, one of many Linux distributions. You are free to choose SuSe, Fedora, Debian, Ubuntu, Knoppix, Mandriva, Slackware, LFS, Etcetrix, Etcetrix, Etcetrix. This freedom of choice invalidates whatever point you're trying to make here. To spell it out: bundling is okay, monopolistic bundling is not.

Re:Modularization

[linebackn]

And for those that recall what got them in trouble a while back with Windows Media Player could have easily been solved by adding:

[_] Windows Media Player

to the installer and add/remove screen. But what did they do? They they got all snotty and created "Windows Reduced Media Edition", a "special" version of Windows completely without WMP (not an option - just none).

Re:Modularization

[KDR_11k]

I don't think it'd be difficult for them to link those into the installation package system (you know, the thing you use to decide if you want to install Minesweeper) instead of automatically installing them but they are unwilling.

Re:Modularization

What if the OS is immune to malware? Do you include a box that says "make my computer vulnerable to viruses so that I can install Norton"?

Re:Modularization

[spongman]

and created "Windows Reduced Media Edition",

which sold exactly zero copies, retail. another astounding success for the EU commision?

Re:Modularization

[drsmithy]

If they would simply modularize many of the components that come with Windows, they might wriggle out of a lot of legal troubles.

Windows is already modular. What you want to do is make it *less* modular, by making it impossible for Windows developers to reuse code (since they will not be able to guarantee that a given module will be present in the system).

You don't see the problem.

[TransEurope]

When MS ships it's products with it's own security software
(antivirus, intrusion detection, ), the market will shrink
dramatically. No one of the competitioners would have a chance
to sell it's products to private ans small buisness customers.

And i think we all know what happens when there is no more
competition at the free market. The quality goes down the drain.

BTW. This would end in a monoculture of security-products
by MS, and monoculture makes the whole infrastructure
extremely vulnerable for real big or well organized attacks.

Re:You don't see the problem.

[neonprimetime]

Hackers must unite. When MS bundles in their own security, and users start not purchasing 3rd party protection, hackers must unite and start an all out war on Vista. Then we need a perfectly timed Associated Press article released that shows a correlation between the release of security bundled in Vista, the diminished use of 3rd party protection, and the increase in security breaches. Then we will win, right?

Re:You don't see the problem.

[djaj]

And if the "whole infrastructure [is] extremely vulnerable," third-party applications will be created to shore it up.

What's the problem again?

Re:You don't see the problem.

[KDR_11k]

That non-IE browsers and non-Outlook email clients are still way too rare?

Re:You don't see the problem.

[jank1887]

Problem: third party applications are prevented from working with the OS, to 'prevent weakening the built in security".

Re:You don't see the problem.

[databyss]

--- Begin Sarcasm ---
Right!

We need to have the EU sue apple and linux producers too for destroying the anti-spyware market in their areas too!

We have to make sure that every OS is insecure so that other companies can profit!

--- End Sarcasm ---

Look, I'm no fan of Microsoft, (I figure I'll be wholly on linux by the time Vista comes out) but you can't force the company to make an (more?) insecure operating system so that security companies can make their dime.

Re:You don't see the problem.

[djaj]

If you're referring to the concept that such applications would need to be signed in order to work, then I suppose one could perceive that as a problem. I happen to think that is a reasonable restriction.

If MS doesn't make the OS more secure, you'll be upset. If they do, but have to prevent access to certain code layers from unsigned third-party applications in order to do it, you'll be upset. So... what do you want?

Re:You don't see the problem.

[tolan-b]

It'd help if you actually understood the issue.

MS is stopping *any* 3rd party security code from running, signed or un-signed, within the kernel.

The anti-virus vendors are essentially having to hack Vista to get their code to work.

Re:You don't see the problem.

[Danga]

Besides security non IE browsers and non outlook email clients are almost indistinguishable to the average user. THAT is the reason for that problem. If I show my dad a webpage in Opera he most likely will not notice any difference from IE other than buttons are in different places. The same goes for outlook. Both of those are simple tools that perform simple tasks and do everything most users need.

Look at other areas where MS has a similar product included with the OS such as firewall, MS paint, windows media player, etc and you will see that products that perform better and are noticeably better to not just the power user but also the average user get LOTS of business such as ZoneAlarm firewall, Adobe photoshop, Cyberlink Power DVD player and Nullsoft WinAmp.

Bringing up how IE shows a reason that MS shouldn't bundle software is pretty much pointless because back in the day when IE and Netscape Navigator were the two main browsers Navigator ended up losing because IE was just as usable and at times even performed better (well speedier which equals better to the average user). IE is still the majority because it does everything the average user needs which is displaying webpages, woo big job to do there.

FireFox/Opera/etc are becoming more popular now both for security reasons that users are finally beginning to understand as well as they provide more functionality than just being a tool to display webpages and people are starting to see both benefits.

I say let MS bundle all the software they want, it usually is just software that provides BASIC functionality and anyone who wants better WILL go elsewhere keeping software companies in business. If you work for a company who makes software similar to what MS might be bundling with Vista instead of hoping the EU helps "protect" you why don't you just make your application so kickass and full of features that people will not want anything else?

Re:You don't see the problem.

[beckerist]

I'm not quite sure why the EU has it out for Microsoft. I understand the prevention of monopolies, but this is silly. Should automobile manufacturers not sell airbags with their cars, just so other companies can manufacture them? Granted, the auto industry does not have one clear leader, but it makes sense to me that proprietary software would best be secured by the people who wrote it... am I wrong?

Re:You don't see the problem.

[jt418-93]

the sad part is what ms is doing is how it should be. critical security services should be locked down.

i'd like to see a user way to add new things to the lock down / in list, but it would have to be non software doable. something that requires a real hand on the local kb to authenticate.

i say lock it down and tell everyone to piss off.

Re:You don't see the problem.

[amliebsch]

'd like to see a user way to add new things to the lock down / in list

Have you investigated the "Software Restrictions Policies" policy in the "Local Security Settings" management console?

Re:You don't see the problem.

If i publish a commercial OS, why do i have to *allow* other software publishers apps to run on my OS at all? Yes, it would make my OS unpopular. Yes, my market share would probably drop. Yes, i would make less money.

But if that's how i want to run my business, then who has the right to tell me otherwise? Buy a different ( or use an open ) OS if you don't like the software that will run on top of it...

Re:You don't see the problem.

But if that's how i want to run my business, then who has the right to tell me otherwise?

The law?

Re:You don't see the problem.

[Teun]

But if that's how i want to run my business, then who has the right to tell me otherwise?

The plain and simple reason is that MS can be (is) concidered a monopoly.
The legal demands on monopolies is (have to be) stronger than on smaller players.

Re:You don't see the problem.

[Kazoo+the+Clown]

Problem: third party applications are prevented from working with the OS, to "prevent weakening the built in security".

And coincidentally, to prevent strengthening the built in security. Nothing like keeping all your security eggs not just in one basket, but in one basket that you don't really have any control over.

Re:You don't see the problem.

[Kazoo+the+Clown]

the sad part is what ms is doing is how it should be. critical security services should be locked down.

Should be I suppose in the utopia where no critical security services ever have any flaws. Is that where you live? Must be nice. Unfortunately, in my universe, locked down security means all its flaws are locked down as well.

Re:You don't see the problem.

[Tod+DeBie]

The legal demands on monopolies is (have to be) stronger than on smaller players.

True, but that does not automatically make every restriction on a monopoly make sense. I am kind of upset that, not only do I have to buy Windows, then I also have to buy protection for it. It is perfectly reasonable for Microsoft to include appropriate protection in the product. The antivirus market was started by weaknesses in the operating systems. If the os vendors now close these weaknesses, we will all be better off. If it also means that Norton and the others end up going away, I will not shed a tear for them.

Re:You don't see the problem.

[lysergic.acid]

Ever hear of a false dichotomy? Requiring signed code isn't the only way to secure an operating system, and it's not a perfect solution itself, which also presents other issues, some of which have already been mentioned.

I don't think the cost to independent software development is really worth the "security" this method adds.

Re:You don't see the problem.

[lysergic.acid]

That's the whole argument genius: whether what the EU demands is really asking MS to make their OS less secure. They aren't asking MS to put security holes in their OS or implement poor security policies. They are simply requiring that MS not package their OS with an anti-virus program (something which is not a functional component of any operating system, but is rather a non-component application). An OS does not need to be packaged with an anti-virus to be secure. MS can simply put out more secure code in the first place and implement more intelligent security policies. An anti-virus packaged with the OS doesn't make the OS more inherently secure. The anti-virus is simply there is resolve inherent security flaws. It would actually allow MS to be more sloppy with their security settings and debugging process.

Your claim (and MS's) is basically like saying that not allowing MS to package the OS with Word would be forcing MS to build a less functional OS. Well, a Word process isn't an integral component to an operating system. MS can still sell an anti-virus package just as they do a word processing suite, but if they want to secure their OS, they should just be more careful about not creating as many security vulnerabilities and perhaps issuing patches in a more timely fashion.

Re:You don't see the problem.

[Petrushka]

We need to have the EU sue apple and linux producers too for destroying the anti-spyware market in their areas too!

Leaving aside the fact that neither Apple nor Linux has any kind of monopoly, they'd have no case against Linux, since most of the apps in your average Linux distribution are third-party anyway. If Microsoft were to follow a similar practice, e.g. by including AVG, Sophos, Kerio, ZoneAlarm, etc etc, in a default install, there'd be no case against them either.

Look, I'm no fan of Microsoft, ... but you can't force the company to make an (more?) insecure operating system so that security companies can make their dime.

The key word is "monopoly". Different rules apply to monopolies.

Re:You don't see the problem.

[drsmithy]

An OS does not need to be packaged with an anti-virus to be secure.

This statement is meaningless without a definition of "secure".

MS can simply put out more secure code in the first place and implement more intelligent security policies.

That still won't stop people deliberately executing malicious code, the #1 vector for all malicious code.

The anti-virus is simply there is resolve inherent security flaws.

No, the AV is there to stop ignorant users from shooting themselves in the foot when they run the latest virus and malware-laden version of Comet Cursor.

The purpose of an Anti-virus (and anti-malware) program is *not* to plug holes in OS security, it's to plug the great big security hole the end user opens up by sitting in front of the computer.

Well, a Word process isn't an integral component to an operating system.

This statement is meaningless without a definition of "operating system".

Re:You don't see the problem.

[AGMW]

I understand the prevention of monopolies, but this is silly. Should automobile manufacturers not sell airbags with their cars, just so other companies can manufacture them?

I _think_ the problem is that Vista actively prevents other companies from providing a substitute for the bundled applications, so even if someone wanted to run Norton or whatever, they couldn't. But I might be wrong on that!

but it makes sense to me that proprietary software would best be secured by the people who wrote it

If you are saying that they re-engineer their OS so that it cannot be hacked (or even so that it is difficult to be hacked!) then I'd agree with you, but if they are packaging some other tool (that they probably originally purchased from some other company!) to try and address the fact that their OS is full of holes then I'm not so convinced. Phrases such as "paper over the cracks" and "polishing a turd" spring to mind.

I'm not quite sure why the EU has it out for Microsoft.

Microsoft have been successful in part because they have made good business decisions, like buying competitors or pricing them out of the market. This is all good business from MS's point of view, but it can be seen as a bit sharp when viewed in the wider context of The Industry and it isn't surprising (at least to me!) that "The Industry" fights back in various ways, and one of those ways is to point out that MS's perfectly reasonable (IMHO) business decisions are actually anti-competitive and verging on the monopolistic and encouraging of a monoculture. A monoculture is NOT good for The Industry, but is VERY GOOD for MS (assuming they are the monoculture!), so they have to be reined in every now and then.

If MS could pull their horns in a bit they might piss people off a bit less.

Re:You don't see the problem.

[drsquare]

Microsoft also ships its own text editor, console program, paint program, defragmenter, disk formatter, screensavers, web browser, and many other utilities. So what's wrong with basic security software?

Maybe if Linux becomes popular they should be forced to release it without iptables.

Re:You don't see the problem.

[rtb61]

You can't be serious, Microsoft and secure, perhaps you should read and pay attention to clause 16 of their warranty.

16. DISCLAIMER OF WARRANTIES. The Limited Warranty that appears above is the only express warranty made to you and is provided in lieu of any other express warranties or similar obligations (if any) created by any advertising, documentation, packaging, or other communications. Except for the Limited Warranty and to the maximum extent permitted by applicable law, Microsoft and its suppliers provide the Software and support services (if any) AS IS AND WITH ALL FAULTS, and hereby disclaim all other warranties and conditions, whether express, implied or statutory, including, but not limited to, any (if any) implied warranties, duties or conditions of merchantability, of fitness for a particular purpose, of reliability or availability, of accuracy or completeness of responses, of results, of workmanlike effort, of lack of viruses, and of lack of negligence, all with regard to the Software, and the provision of or failure to provide support or other services, information, software, and related content through the Software or otherwise arising out of the use of the Software. ALSO, THERE IS NO WARRANTY OR CONDITION OF TITLE, QUIET ENJOYMENT, QUIET POSSESSION, CORRESPONDENCE TO DESCRIPTION OR NON-INFRINGEMENT WITH REGARD TO THE SOFTWARE.

Who in their right mind wants anti virus software from a company that cant gaurantee that the program is free of viruses or that they will even support it. Microsoft promises support for their software and then immediately take it away in the un-warranties.

So you want to know what I want, I want something very simple indeed, marketing that matches the warranty.

Re:You don't see the problem.

[lysergic.acid]

If you need a definition for those terms, look it up on wikipedia. We're not talking metaphysics here. An operating system's purpose is not to stop human stupidity. The definition of a secure operating system isn't an operating system that prevents users from acting like idiots.

There are plenty of non-PEBKAC virus vectors in all windows operating systems that MS should be focusing on rather than trying to compensate for intentional execution of malicious code. What good is an operating system that protects you from viral e-mail attachments when there exist exploits that allow attackers to take over your system remotely without you doing anything? That's like building a car with really advanced airbags but has a gastank that spontaneously explodes. You can prevent e-mail viruses from infecting your computer by exercising common sense. You can't prevent a remote attack exploiting a buffer overflow flaw in the system.

There are millions of ways to secure Vista other than packaging an anti-virus with it. These are the ways that Vista should be securing Vista because other companies can't. A MS anti-virus can still be sold separately just as Office is. This is all just common sense. Ofcourse if you rely on MS marketing speak instead of reasoning through the situation, you'd come to the conclusion that the EU wants MS to release an insecure OS...

Re:You don't see the problem.

[drsmithy]

If you need a definition for those terms, look it up on wikipedia.

That's a pretty pitiful attempt at a dodge.

An operating system's purpose is not to stop human stupidity.

There's a hell of a lot of people on Slashdot who seem to think it can, however.

The definition of a secure operating system isn't an operating system that prevents users from acting like idiots.

So what is the definition of a secure operating system ? What OSes meet it ? What OSes don't ?

What good is an operating system that protects you from viral e-mail attachments when there exist exploits that allow attackers to take over your system remotely without you doing anything?

What outstanding remote exploits of that nature are there in Windows ?

You can prevent e-mail viruses from infecting your computer by exercising common sense.

If it were that common, email-bourne viruses would never have amounted to more than a minor footnote in history.

There are millions of ways to secure Vista other than packaging an anti-virus with it. These are the ways that Vista should be securing Vista because other companies can't.

For example ?

Ofcourse if you rely on MS marketing speak instead of reasoning through the situation, you'd come to the conclusion that the EU wants MS to release an insecure OS...

Anyone "reasoning through the situation" will invariably arrive at the conclusion that anti-virus and anti-malware tools are an essential component for any OS aimed at the typically ignorant end user - or "idiot", as you would probably refer to them.

Re:You don't see the problem.

[lysergic.acid]

That's a pretty pitiful attempt at a dodge.

An operating system (OS) is a software program that manages the hardware and software resources of a computer. A key component of system software, the OS performs basic tasks, such as controlling and allocating memory, prioritizing the processing of instructions, controlling input and output devices, facilitating networking, and managing files.

...

Security
Security as it pertains to the operating system is the ability to authenticate users prior to access, categorize the level of access the user has, and limit access based on a policy placed by administration. Typically an operating system offers (hosts) various services to other network computers and users. These services are usually provided through ports or numbered access points beyond the operating systems network address. Typically services include offerings such as file sharing, print services, email, web sites, and file transfer protocols.

At the front line of security are hardware devices known as firewalls. At the operating system level there are various software firewalls. A software firewall is configured to allow or deny traffic to a service running on top of the operating system. Therefore one can install and be running an insecure service, such as telnet or ftp, and not have to be threatened by a security breach because the firewall would deny all traffic trying to connect to the service on that port.
-- Operating System, Wikipedia

Dodge? I simply asked you to inform yourself of the basic definitions of the discussion--something you should have already familiarized yourself with if you want to have a productive discussion. An anti-virus clearly plays no role in the purpose of an OS, nor is it a key component in building a secure OS--unless perhaps you have a different definition of an OS that you'd like to share?

There's a hell of a lot of people on Slashdot who seem to think it can, however.

Are you familiar with ARGUMENTUM AD NUMERAM? You can't seem to build a logically sound argument as to why not packaging an anti-virus with Vista would make the OS inherently less secure. OS X does not come with a pre-packaged AV, nor do most Linux distros, FreeBSD, NetBSD, Solaris, nor pretty much all other OSes. The fact that it is something that would be packaged along side the operating system suggests that it's not an integral part of the OS or OS security.

So what is the definition of a secure operating system ? What OSes meet it ? What OSes don't ?

There's no such thing as a perfectly secure OS, but there are relatively secure OS's--these are operating systems that are secure by design (rational security policies), have relatively few exploitable bugs (few system vulnerabilities), and have secure default configurations (easy to secure by the average user). This doesn't entail protecting the user from himself. If an AV detects a virus, then chances are the OS has already been infected. If anything, AV's encourage users to be stupid about what they download since they think the AV will pick up all viruses and they will be more likely to proceed downloading and executing suspicious attachments. You can't build a foolproof system, the trick is to educate the user so they don't act foolishly.

What outstanding remote exploits of that nature are there in Windows ?

http://www.google.com/search?q=windows+exploits http://attrition.org/security/advisory/ http://packetstormsecurity.org/alladvisories/advis ories/ ...or did you think e-mail attachments were the only threat to Windows? The constant stream of updates and patches tha

Re:You don't see the problem.

[drsmithy]

Security as it pertains to the operating system is the ability to authenticate users prior to access, categorize the level of access the user has, and limit access based on a policy placed by administration.

By this definition, Windows is "secure". Heck, by this definition, Windows is more secure than a typical unix, including OS X.

However, since you had previously indicated that you did *not* consider Windows "secure", then the only rational conclusion I could reach is that you weren't using that definition. Hence, I requested clarification.

An anti-virus clearly plays no role in the purpose of an OS, nor is it a key component in building a secure OS--unless perhaps you have a different definition of an OS that you'd like to share?

"[...] limit access based on a policy placed by administration."

An AV program limits access based on the policy of known malicious code.

You can't seem to build a logically sound argument [...]

I can't build a logically sound argument because the goalposts get shifted around with pretty much every post in a typical Slashdot thread.

For example, the biggest security hole in any system is the end user. Logically, then, any additional capabilities which serves to reduce both the size and potential impact of that hole make an OS more secure.

OS X does not come with a pre-packaged AV, nor do most Linux distros, FreeBSD, NetBSD, Solaris, nor pretty much all other OSes.

Nor do any of them share the combination of marketshare and user demographic that Windows does.

The fact that it is something that would be packaged along side the operating system suggests that it's not an integral part of the OS or OS security.

TCP/IP stacks used to be packaged along side the operating system. So did GUIs, CLIs, libraries and hardware drivers, to mention but a few things that most people, today, consider "part of the OS".

There's no such thing as a perfectly secure OS, but there are relatively secure OS's--these are operating systems that are secure by design (rational security policies), [...]

Design != Policy. Design dictates what capabilities are. Policy dicates how those capabilities are applied.

[...] have relatively few exploitable bugs (few system vulnerabilities), [...]

Bugs != system vulnerabilities. Poorly configured passwords or permissions, or unnecessarily started services, are [potential] system vulnerabilities, but they are not bugs.

[...] and have secure default configurations (easy to secure by the average user).

Again, you try to equate two different things. A secure default configuration, by definition, makes "easy to secure by the end user" irrelevant.

This doesn't entail protecting the user from himself.

Yes, it does. Otherwise there would be nothing considered wrong about running a system day to day as root.

If an AV detects a virus, then chances are the OS has already been infected.

Unlikely. Viruses, by definition, need vectors like email and downloads. Virus definitions are updated frequently enough to make 0-day virus infections uncommon, simply because of the time it takes people - rather than computers - to propogate them.

If anything, AV's encourage users to be stupid about what they download since they think the AV will pick up all viruses and they will be more likely to proceed downloading and executing suspicious attachments.

Like most geeks, you confuse "ignorant" and "stupid".

This also demonstrates a flaw in your argument. Since only "stupid" people use hihgly privileged accounts for day to day use, then only "stupid" people are vulnerable to the vast majority of Windows "exploits", which fail when the user is not in an Administrator user context. Similarly, since you argue the OS should make no effort to protect the user from himself, then you should see no issue whatsoever with the default user account f

Re:You don't see the problem.

[lysergic.acid]

That actually trying to involve every programmer at Microsoft in making Windows better would almost certainly be counter-productive ?

So you are admitting that building an anti-virus isn't actually making Windows itself better (or more secure). Therefore, the EU requiring MS to package the AV separately is--exactly what it sounds like--requiring MS to package an external component separately rather than abusing their monopoly to gain an unfair anti-competitive advantage over other AV manufactuers.

MS can still develop and sell an AV. But seeing as it's clearly not part of the OS, there's no reason they should be packaged together--especially when doing so would basically shutout all other AV manufactuers, not because of being a superior product, but because no one wants to go out and buy a second AV when Windows already comes with a pre-packaged one that you've basically already paid for.

Re:You don't see the problem.

[drsmithy]

So you are admitting that building an anti-virus isn't actually making Windows itself better (or more secure).

Er, no. And I have no idea how you managed to reach that conclusion from a statement referring to the well-known fact that adding more programmers past a certain point rarely results in a product being finished any faster.

MS can still develop and sell an AV. But seeing as it's clearly not part of the OS, there's no reason they should be packaged together--especially when doing so would basically shutout all other AV manufactuers, not because of being a superior product, but because no one wants to go out and buy a second AV when Windows already comes with a pre-packaged one that you've basically already paid for.

Your "save the buggy whip manufacturers" argument is only marginally less worthless than your "it's not part of the OS" argument.

Five years ago people were saying it about a media player. Five years before that, it was a web browser. Five years before that, it was a network stack. Five years before that, it was a GUI shell. Five years before that, it was a CLI shell. Five years before that, it was a BASIC interpreter. Etc, etc.

All these things (well, except the BASIC interpreter) that were - at the time - "clearly not part of an OS" are now considered standard. It's just another step in the commoditisation of software. Get used it, because it's only going to continue. Indeed, enjoy it, because as the end user, you are the beneficiary of lower costs and more functionality.

If you wish to use the "it's not part of the OS argument", then you must also argue that OS vendors - *all* OS vendors - not be allowed to include anything that doesn't fit into the academic definition of "OS". Thus, only allowing them to sell a product that is - to the vast majority of users - pretty much useless (no shell, essentially no hardware support, no supporting libraries, no networking protocols, etc).

One Microsoft Way

[Doc+Ruby]

Microsoft spends most of its time producing new OS features in collaboration with other vendors. DRM, drivers, APIs all designed to make MS OSes work better with the rest of the products people will buy. That takes much longer, and more code, than the rest of the OS does.

But its "security" features are MS only. Of course that must be to protect the MS "near monopoly", always its #1 priority. Since the security market is neither very profitable nor already dominated by MS, I expect that their "security" also protects revealing other serious defects of the OS. Whether more monopoly protection, unnecessary security problems, or just bad coding. Therefore I don't see Microsoft opening those facilities for the EU before Vista is released, if ever.

Vista security and consumer protection.

[Noryungi]

Here is my take on it:

• Some european companies (F-Secure/Finland, Panda Software/Spain, etc) are involved in anti-virus protection and provide security products for Windows.
• Microsoft Vista is going to integrate a lot of security products -- anti-virus is just one -- that will squeeze these european companies out of a market.
• The above action can be qualified as "unfair competition" and "monopoly abuse" by the European Commission, since Microsoft owns... what? 97% 98%? of the market.

The logical conclusion of the European Commission is that Microsoft should not incorporate these security features in Vista.

To make sense of this decision, you have to remember that the European Union was based, as far as the economy is concerned, on the idea of "fair competition" meaning that monopolies should be banned, and major companies (or states) cannot squeeze smaller competitors out of a market. Whether the squeeze is due to state protectionism, unfair tariffs or a dominant position -- which is the case here -- is irrelevant.

So, yes, it sounds ridiculous and bureaucratic at first sight, but it makes economic sense. And it may even provide better products in the end (I don't trust Microsoft products anyway).

Re:Vista security and consumer protection.

[scuba0]

You have a good point and for that if they include or offer the products for free, you still pay for it when you by a MicrosoftOS and that is probably something you will have to take in but it does make the rivals look a lot more expensive and in that manner less attractive even if they are the better option.

Re:Vista security and consumer protection.

[ClosedSource]

"The logical conclusion of the European Commission is that Microsoft should not incorporate these security features in Vista."

Even if one were to conclude that this is fair, the problem is that European Commission won't be explicit about what can or cannot be included. If the commission wants to get into the requirements business they should at least accept the responsiblity that goes with it rather than effectively saying to MS "Go ahead and implement it and we'll sue you if we don't like it".

Re:Vista security and consumer protection.

So, yes, it sounds ridiculous and bureaucratic at first sight, but it makes economic sense

Supposing a car manufacturer did not package brakes with his car and there were some small european companies that added them later on, would you protest and threaten to sue the car company for including brakes ? The customers are the ones who ultimately suffer. How then does this make economic sense?

Re:Vista security and consumer protection.

[Richard_at_work]

Sounds like the "Broken Window" fallacy dressed up for the technology age.

Re:Vista security and consumer protection.

[syousef]

I don't trust Microsoft products anyway

Then why do you even care about Vista?

Re:Microsoft???

O'RLY?

Idiotic on the part of the EU.

[Churla]

They are trying to push MS into a no win situation.

A) MS doesn't include as complete and inclusive security as possible. This leaves the doors open for third party security developers, it also leaves the door open to the OS for malevolent people who will take advantage of the fact that many people won't think to add a product later for security.

B) MS includes all the security they can, possibly making it so that people don't need third party software for security. BAM new anti-trust action because they aren't being fair to people who made a living covering bad MS security architecture in a previous version and aren't being given an equally bad architecture to help "protect" for a profit this go around.

People complain that MS releases insecure OS products, then complain when they want to include more security features?!? bah

I won't even get into how Apple is bundling everything they can under the sun into OS X when the same actions by MS would be tantamount to kicking the interwebs dog.

Re:Idiotic on the part of the EU.

[Mixel]

B) MS includes all the security they can, possibly making it so that people don't need third party software for security. BAM new anti-trust action because they aren't being fair to people who made a living covering bad MS security architecture in a previous version and aren't being given an equally bad architecture to help "protect" for a profit this go around.

Including security features is not the same as hardwiring them into the OS so that nobody can improve them with 3rd party products. This is about poor interoperation, not security.
 
So, Microsoft used to be bad on the security front, but at least allowed competition. Now they want to kill off the competition.
 
Poor product + no competition => very poor product. So the EU has a good point!

Re:Idiotic on the part of the EU.

[tokul]

...and aren't being given an equally bad architecture to help "protect" for a profit this go around.

Antivirus does not make OS secure. It only tries to patch insecure OS. If Microsoft makes OS secure, EU commission and antivirus companies can't argue about it. If own antivirus solution is bundled instead of securing OS, it looks like monopoly abuse. It is possible that Microsoft is trying to help users, but company is known to use its market position against competitors. Any bundling will look suspicious.

Apple is bundling everything ...

Symantec is still selling NAV for Mac. I think Apple does not bundle antivirus.

Re:Idiotic on the part of the EU.

[howlingmadhowie]

no no no. microsoft has pushed itself into this position. there is no graceful way out now. either the eu will abide by the law and punish microsoft severely, or they will back down (like the american courts did) and the rule of law will take one more blow.

Re:Idiotic on the part of the EU.

[rolyatknarf]

"I won't even get into how Apple is bundling everything they can under the sun into OS X when the same actions by MS would be tantamount to kicking the interwebs dog."

Why does this have to be repeated over and over again???

Apple has never been convicted of being a monopoly.

Re:Idiotic on the part of the EU.

>Apple has never been convicted of being a monopoly.

Why does this have to be repeated over and over again by the same lame fanboys???

IBM was a bigger monopoly than Microsoft and never got convicted. Apple not being convicted doesn't mean a thing if it's doing the same stuff.

Re:Idiotic on the part of the EU.

[Magada]

Insightful? How?
This is about signed 3rd party security apps being allowed (or not) to hook into the kernel, not a debate over the continued existence of Windows OneCare.

Hell Yeah

[joshetc]

20 years of bitching about MS security. Now its time for 20 years of bitching about them trying to fix it.

Re:Hell Yeah

Read the text, retard. No one is bitching about Microsoft trying to fix their security problems. The problem is Microsoft not releasing information on their security APIs AND not making it possible for the user to uninstall/replace Vista's default security modules.

It's typical of the EU...

[usa1mac]

The EU is more concerned about the impact this will have on MS competitors than they are concerned with the impact of a typical EU citizen. To make sure the MS's security features do not preclude customers from installing different, and probably better software, is a good thing, but to exclude the security features in Windows in order to protect a MS competitor doesn't make sense.

Should we have MS take out all other other utilities and apps they have added over the years to Windows like IE, defrag, networking, etc and go back to the days when you needed to select and install all these apps on your own? We all know the MS apps and features aren't the best out there, but they are "good enough" for the vast majority of people who don't like tinkering with their computers.

Re:It's typical of the EU...

I've argued in favor of this repeatedly. I think we should ship a SKU of Windows with no UI, no IP stack, no utilities, no notepad, no nuthin' and call it 'Windows FU' or 'Windows BareMetal' or something like that.

This will create a win-win situation: If people want it, they buy it and we make money. If people don't want it, when the EU complains about how consumers don't have choice, we just point to the FU on the shelf and note that not only do they have the option right there, they don't want it (just like they didn't want the version of XP with no media player that they spent hundreds of billions of dollars to get).

Note: there's no AV software to be integrated in Windows. The only AV software Microsoft makes is AntiGen, which is delivered via a subscription service (OneCare) that is not integrated into windows.

Re:It's typical of the EU...

[howlingmadhowie]

this isn't about the 'typical EU citizen'--this is about the minority. the typical EU citizen would not have a problem with the microsoft monopoly, the minority of citizens who use other software would. this is about protecting the minority.

Re:It's typical of the EU...

[Almahtar]

"The EU is more concerned about the impact this will have on MS competitors than they are concerned with the impact of a typical EU citizen."

By which you mean the immediate impact on the typical EU citizen? Because long term, the consequences of a monopoly are much much worse than a little hassle over choosing an antivirus.

Re:It's typical of the EU...

[usa1mac]

Great idea! Windows FU sounds like a perfect solution for those people that want to build up their utilties suite piece by piece. For the other 99% of the population that wants to just use their computers, they can get the normal version. Mark

Fair Play

[Ajehals]

Just because this request to ensure a "level playing field" is focused on security makes it no less valid than if it were aimed at other elements integrated into the operating system.

I Agree that i microsoft is integrating security products into its vista operating system that would enable it to enter markets where it has not got a large hold (i.e. Anti virus - where it is the main driver but not the main supplier...) and by virtue of its desktop OS monopoly becoming dominant in that market, then thats wrong. Especially if these integrated products are add ons masquerading as core operating system components.

It would be fine if Microsoft ensured that their Operating system was sufficiently secure not to require any additional software, but not to include a load of features in the operating system that ensures its system security sotware becomes dominant.

If it wants to sell these bits seperatley (reduce the cost of the OS and sell the security bits as additional extras) thats all fine too then those of us who use the OS can choose - but lets make it clear that selling a vista version with them in and one without at the same price is the same as integrating them in the first place....

This becomes an even bigger issue if the Microsoft Security products / components are written to take advantage of elements of the OS that other providers cannot gain access to (either due to lack of documentation or through some other means). That would give rise to the same interoperability issues as we have seen previous law suits attempt to resolve.

In short if MS want to secure their OS thats great, if they want to simply wipe out any external security providers to gain an extra revenue stream in the future (by say later charging for the components initially included for free), or become dominant in that area so as to play down securty vulnerabilities in their products thats not. After all would you buy your antivirus from the same guys who seem incapable of preventing their OS being succeptable in the first place?

Last point - If microsoft are in the business of supplying both the OS and the security software (and additional services such as one care) doesnt that leave a rather nasty potential conflict of interest?

Re:Fair Play

[xtracto]

After all would you buy your antivirus from the same guys who seem incapable of preventing their OS being succeptable in the first place?

I agree with you on that, see, Linux does not have any antivirus program (well, just the ones that scan for Windows viruses). However, you do not read about virus spreading on it.

What Microsoft should do is make their operating system secure, I mean, Linux and Apple have done it, it is possible.

Sounds like the EU wants it both ways

[Lawyer+Geek]

Perhaps the EU folks will come up with some clever wording, but this looks to me like MS bashing by reflex. It would be completely inappropriate to release an OS that isn't as secured as it's possible to be (and MS has had more than enough well documentd problems with security) - and yet the EU seems to be suggesting that MS should leave holes, presumably for smaller companies offering anti-spyware and anti-virus protection.

It's a Catch 22 for MS - no matter which way they go they'll run afoul of one group or another, users or regulators.

Disclosure: No, I've represented either side.

http://www.browdelaw.info/

Re:Sounds like the EU wants it both ways

[Andy_R]

The EU doesn't 'want' anything. All this is about is making MS follow the same law that every company and citizen of the EU has to follow, a law which boils down to "If you happen to have a monopoly in one product, you cannot use that monopoly position to gain an unfair advantage in other areas."

Microsoft have consistently broken this law an many fields, and the EU justice system has been amazingly lenient with the company for many years.

Re:Sounds like the EU wants it both ways

[InsaneGeek]

But is it in the best interest of the public to cripple the security of an OS because a market around bugs has cropped up? Is it in the best interest of the people to remove security out of a product so that they individuals will have to turn around and buy something? Seems pretty darn insane if you ask me.

Re:Sounds like the EU wants it both ways

If the OS was built properly in the first place there would have never been a third party market to speak of. MS failed its customers by releasing broken products. Third party companies built a business off of fixing MS's mistakes. Now Microsoft is wanting to cash in on this market and KILL all the competition. This isn't a new tactic for Microsoft and the EU is tired of putting up with it. If Microsoft wants to protect their customers fix real problem and leave the after market fixes such as antivirus to the after market companies. IE is a perfect example of Microsoft using bundling to screw another company. Anyone remember what MS did to the Netscape market. They killed it by giving away their browser, bundling it with the OS so it couldn't be removed, and made their web development tools not work well with Netscape. Fewer companies means fewer choices, which means crappier choices. You can trust MS to protect you if you want, but I and everyone else should have a choice to trust someone else if we want to.

Re:Sounds like the EU wants it both ways

[InsaneGeek]

Still didn't answer squat, you ranted and raved on and on, but you never answered the question. Is it in the best interest of the people to cripple the security of an OS to prop up 3rd party addons? Choice is one thing, but to intentionally be forced to remove security features, so that you than have to go buy them somewhere else?

Re:Sounds like the EU wants it both ways

[falconwolf]

Perhaps the EU folks will come up with some clever wording, but this looks to me like MS bashing by reflex. It would be completely inappropriate to release an OS that isn't as secured as it's possible to be (and MS has had more than enough well documentd problems with security) - and yet the EU seems to be suggesting that MS should leave holes, presumably for smaller companies offering anti-spyware and anti-virus protection.

From what I understand and what others have said, it's not about making Windows as secure as possible. Instead there are two interrelated issues. The first is that MS releases an OS with sercurity holes then bundles software to bandaid the holes instead of releasing a secure OS to begin with. The second issue is blocking interoperability, not allowing third parties to release products that fill a "need" a user may want. Whether it's true or not I don't know but I've heard how MS is blocking or trying to block third party software. I don't mind MS inproving their products but I don't like when they use their monopoly to prevent others from offering users something they want.

Falcon

Re:Sounds like the EU wants it both ways

[UltimApe]

I am a tarp making company (you know, those large plastic water-proof things)... Everyone buys tarps from me. I have a monopoly on the tarps. My tarps have annoying holes. Some companys start up that base their company off of filling those holes with tape. next generation of tarps don't need said tape, the holes aren't there, or are self filling. said companys sue me. Stupid.

Re:Sounds like the EU wants it both ways

[ibbo]

Perhaps if MS were to settle the last bout and fines imposed by the EU then the EU would not be so ready to beat them with a stick.

MS is an arrogant company that will get no headway in Europe while it constantly looks at ways to thwart foreign policy.

They have had it coming anyway.

And I will lay a tenner on MS security still failing via I.E and its addware spyware holes.

ibbo

Re:Sounds like the EU wants it both ways

[Andy_R]

Following your analogy, changing to making tarps without holes would be legal, but giving away tape until the tape makers all go bust isn't. The reason it's not legal is that you could then charge a fortune for tape once you own the sole supply.

This is exactly what mircosoft are doing, giving away security software until all the other makers die off. It would be prefectly legal for them to sell their security software seperately at a reasonable price, what they cant legally do is subsidise the security software with profits from Windows.

The reason it can't be legal to do this is because once you have a monopoly on tarps and tape, you could use your increased size to corner the market in more and more products, and eventually own everything, or gain control of something then raise the price to ridiculous levels.

Re:Sounds like the EU wants it both ways

[UltimApe]

The analogy isn't perfect, but I meant to imply that the tape was strictly "tarp tape"... which wouldn't have existed if my tarp didn't have holes... Since some company decided to piggy back off of my tarp product, I am not allowed to put out tape for my own product. These tarp holes weren't ever intended to be in my product, they are not a feature, but a bug in my tarp making procedures, but now I either have to change my entire procedure to fix them, or be forced to charge for something that in all sense, should hvae been included by default.

If there is a flaw in x's DRM scheme, and company y makes money fixing the flaw, x can no longer fix the flaw in the same manner because they would be pushing out company y.

Re:Sounds like the EU wants it both ways

[Andy_R]

You are allowed to put out your own tape, and you are allowed to make tarps that dont need tape too. The thing you can't do is sell your tape unreasonably cheaply by subsidising the cost of developing and manufacturing your tape with the profits from your monopoly on tarps. If you include the tape by default, you are gaining a monopoly in tarp-tape by leveraging your monopoly in tarps, because the cost of your tape is built-in to the cost of the tarp. If your tarp-tape is any good, you should be able to rely on brand loyalty and your tape-making skills to sell it.

If you owned both markets, you have strong financial incentives to sell tarps with worse holes, tape that needs replacing often, and even to invent new problems in your next tarp which require another expensive fix, which (if you dig into your war chest a bit) you can own the market for too.

Microsoft Monopolism : making Buggy Bloatware pay!

[FractalZone]

From what I have been reading, Microsoft is designing Vista in such a way as to make it difficult for products that compete with whatever token security schemes Microsoft is planning to foist upon its hapless user base to be installed and/or run properly. Microsoft should make any and all APIs necessary to implement alternative (read: better) security solutions for Vista public. If it doesn't, I think it is fair to say that Microsoft is once again using proprietary standards/code to stifle the competition. That seems like a clear anti-trust violation, given Microsoft's technically undeserved but nonetheless practical monopoly of the commercial desktop PC operating system market.

Like most things that Microsoft touts as benefiting the user (think Windows Genuine (Dis)Advantage, DRM, and the "recommended" options on various configuration pages), whatever so-called security Microsoft puts into Vista will undoubtedly profit Microsoft first and the user as a mere afterthought, assuming that Microsoft can think up a good marketing gimmick to scare users into paying for it.

I'm still planning on not wasting money on yet another overpriced, under performing piece of Microsoft Buggy Bloatware, namely Vista. Ubuntu Linux is working well for me and doesn't seem to suffer from the gaping security holes most major Microsoft products (Windows, Office, and IE) are infamous for.

I must admit that Microsoft has a lot of nerve, trying to exclude competitors from cleaning up the security disaster that Vista is expected to be, so that it can make users dumb enough to buy Vista also pay through the nose to fix flaws that wouldn't be there if Microsoft sold quality programs in the first place.

Re:Message to EU: STFU

[GotenXiao]

I'll feed the troll.

Apple don't have a monopoly. Microsoft do.

The EU isn't whining at MS for making their OS more secure; they're "whining" because MS are blocking anyone else from making any security software for Vista. And when a monopoly is abused in such a fashion, people lose jobs. And the economy tends to take a nose dive when lots of money is suddenly no longer made.

Spin on definitions

[Todd+Knarr]

Bear in mind that the EU isn't saying that Microsoft can't include security software in Windows Vista. What they're saying is that MS can't include it in such a way as to exclude competitors. For example, take a firewall. If MS integrates their firewall into the network stacks at the physical-code level so that no other firewall can take over, that's not allowed. However, if MS adds hooks to their network stacks to allow other modules/drivers to tap in and filter packet traffic, and then implements their firewall completely using those hooks and makes it so you can replace the loading of MS's firewall modules with a third-party firewall's modules, that's perfectly fine. And for anyone who says this can't be done, I'd point out that Linux and *BSD implement their firewalls in exactly that manner so obviously it can be done.

Re:Spin on definitions

[jonesy16]

There is one problem with the situation as you describe it though. Often, in order to make something as secure as possible, it needs to be as proprietary as possible. I don't want to get into an open source / closed source security debate but look at it like this. If all of these hooks are integrated into the system to allow built in security measures to be disable then those same hooks can be used to compromise the system by some adware software that is masquerading as a firewall / AV service. It's been my experience that the only people running XP that have spyware issues are the amateur users who can't tell the difference between an actual windows error message and a web browser pop-up with a fake error message. Those people install software without reading anything about what they just clicked "OK" to. And those are the same people who will just as likely install some 3rd party software in Vista that will use these hooks to compromise the entire security system without the user even noticing.

It's not so different in the Linux/OSX world either. I've installed Ubuntu a dozen or more times now and NOT ONCE has it asked me a single question related to security other than to enter my user password. No firewall setup, no anti-virus software, etc. (I know, since no ports are open my default I don't need a firewall). OSX is no different, everything is integrated (except AV) and the user isn't expected to go and hunt down any 3rd party firewall software. Just select which services you want to run and you're good to go. Why should Windows be any different. This whole EU proposition is definitely not in the consumer's best interest. It almost goes as far to say "if you're software can't be infected by spyware then you're going to put a bunch of anti-spyware companies out of business and that's not good for the economy." Well I'm sorry your business model isn't going to be able to keep up with evolving software and technologies. However, just because a shortcoming on Microsoft's behalf created a job for you 2 years ago doesn't mean that they are in your debt and have to provide that job forever. Just my two cents.

Re:Spin on definitions

[Todd+Knarr]

Except that your premise is false. Firstly, the hooks aren't there to allow built-in measures to be disabled. They're there to allow non-built-in measures to be added. MS's firewall then becomes one of possibly several that can be added. Modules can be added, but no module can remove another (other than by configuring the system to not load the other module, which no module should ever have permission to do). Secondly, security and open/proprietary aren't connected. If they were, and your premise was right, then Windows would have far fewer exploits than Linux or *BSD. The fact that the reverse is true is a good indication your premise is incorrect.

The rest of your argument rests on air, and on accepting MS's definition that they are the only supplier of security in the OS. The EU's position is that MS shall not be the sole supplier. I'd note that that's true for OSX and Linux now: you probably won't go searching out third-party firewall modules, but nothing in OSX or Linux prevents someone from creating a set and completely replacing the standard firewall subsystem with their own with no loss in functionality or performance (other than that caused by their own code and their own decision whether or not to implement various bits of functionality). If MS's firewall and other security products are so good, no other company will be able to compete on the merits. The EU is merely saying that MS will have to compete on the merits, not by preventing any competition from existing at all. I'd note that blocking competition will be bad for consumers as well. We've already seen that with the Windows XP firewall: MS's offering lacks significant functionality, but the way they implemented it interferes with more capable third-party firewalls and makes them unable to function stably. I had to take a significant hit by dropping my Sygate firewall because it simply wouldn't work after XP SP2 (when it had worked perfectly for a year before, and the problems started exactly when SP2 was applied). I was more secure before MS decided theirs would be the only firewall allowed on XP.

Re:Spin on definitions

[YrWrstNtmr]

Bear in mind that the EU isn't saying that Microsoft can't include security software in Windows Vista. What they're saying is that MS can't include it in such a way as to exclude competitors

Right. That's what the EU is saying.
However, where is it documented that Microsoft is actually building it this way? I've seen many, many other remarks on this, and no source for something that says MS is actually making it hard/impossible to use 3rd party tools.

I'm NOT defending them, would just like a source for this claim by the EU.

Re:Spin on definitions

[Todd+Knarr]

Well, if MS were building things in a modular way, there would be zero problem complying with the EU request. The only reason I can think of for MS to have any problems is if they're continuing to design Vista to exclude competitors in those areas.

protocols

[jbeaupre]

I believe Apple isn't a target because the EU's complaints are about interoperability between clients and servers. Since OSX is built upon BSD/Unix protocols, the protocols are already well publicised. MS on the otherhand keeps the details of its protocols ambiguous at best.

stifling an industry they created

[BGraves]

So the EU is concerned that MS is going to stifle the cottage industry that sprang up from MS's inability to secure its products? To me, if you start a business based on another company's mistakes, you need to be ready for when that company fixes its mistakes.

Re:stifling an industry they created

But this isn't a fix, it is a workaround... better make sure the system has less security problems in the first place...

Oh wait, then nobody would update anymore *after* Vista...

Re:stifling an industry they created

No, you retard. The EU is worried that once again Microsoft will try to tie into the software vital components in such a way that not only it will not be possible to write components that use the operating system like Vista's default components do but it will not be possible for joe sixpack to replace/remove Microsoft's imposed module.

And by the way, Microsoft ships firewalls, backup software and anti-virus and even so they didn't killed any market whatsoever.

Please DO shut out 3rd party security software

Let's put the FULL burden of securing Windows on Microsoft's shoulders. Then they will have no excuses.

I'm so sick of expensive 3rd-party bloatware that may or may not protect you (you never know if you're just throwing money away).

If you really want a non-MS solution, you can always use an external firewall appliance. There should also be a market for bootable CD-ROMs that check for rootkits (though ideally some of this functionality should be built into the BIOS/MB).

If it work like in the US

[wsanders]

You will get a coupon good for a free mouse pad with any purchase of Vista, and the lawyers will pocket $150 million of the $350 million.

they made their own bed

does anyone else think it is just a little ironic that Microsoft is being governed to preserve a market that it essentially created because it sucked at writing secure code for so long?

Re:Message to EU: STFU

[rahrens]

And where, pray tell, is Apple bundling anti-spy or virus-ware in with OS X? Unless you are talking about their making the OS more secure in the first place...

"Hey, Apple doesn't have any viruses, but MS Windows has over 100,000! Let's file suit against Apple, we want a level playing field here!" from the EU anti-trust folks...

Because MS is the big kid on the block

[Sycraft-fu]

And the one in the media spotlight. If you actually do some research you discover that for as much as people whine about MS's anti-competitiveness it's much, much worse in other areas. If you want a scary one look in to Sysco. They own basically every grain silo in the US. They, in a very real way, control the US food supply. Yet nobody makes a fuss because they aren't in the limelight.

It's just how it goes, when you are the one making all the news, you are the one that takes all the shit. The US is another great example. Doing some research you find that plenty of countries engage in imperialistic behaviour, shady deals, etc, etc. However none of them are the news makers the US is and none of the have the same military might, so the US is the one that draws the most ire.

Re:Because MS is the big kid on the block

[giorgiofr]

You nailed it. And because of this, if I were MS I'd simply disregard all this idiocy and sell my OS all the same. What would they do, stop me? Make MS software illegal or worse free? As if it weren't 98% pirated anyway.
Then again as a European I'm all for milking foreign companies; but I know I won't see a dime of the many billions the gov't is stealing from MS, so meh.
My main complaint is that everyone's bitching and whining about competition, yet most markets are over-regulated and some draconian protectionist measures have been taken recently - now it costs me MORE to buy stuff from the USA than from the EU, even now that the dollar is so weak, all because of import taxes. I look at prices on something.com and compare them to the ones here... and I cringe. No one has the balls to admit that real competition is not compatible with defending the interests of an individual, a country or the European economic system.

I almost died laughing

[xkr]

"...ensure a fair playing field..."

What part of Microsoft does the EU not understand?

Re:I almost died laughing

[vadim_t]

What part of "the EU has Microsoft by the balls" don't you understand?

In previous discussions there have been speculations of that the EU could decide to dissolve MS in EU territory if they refused to cooperate, and people argued that the outcome would be a huge mess. But now they have a less drastic alternative that'd be still very painful for MS: Forbid releasing Vista until they're happy with it.

It's perfect, Vista's release is nowhere near critical for the EU, but MS would really feel the hit.

Re:Message to EU: STFU

[CastrTroy]

The reason that nobody is going after apple, is because MS's idea of security is building a spyware scanner or a virus scanner or a firewall. Apple doesn't include this kind of stuff in the OS. Instead, the only security that Apple includes is a user/permission system for who can access and run files. Also, in Vista, MS is making it impossible or really hard to install another virus/spyware/firewall tool. So you won't be able to use any other tools like this from anybody else. The MS security tools that are the item of complaint are things that don't need to be part of the operating system (Virus Scanner, Firewall, Spyware Scanner). The tools that apple includes (File Permissions system) are part of the basic operating system, and nobody is complaining about Vista including these sorts of features.

I noticed the world despises Microsoft

[icepick72]

So I watched the /. community and European Union argue how insecure Windows is and how bad that is, and then I watched them argue how Windows is unjustly implementing security and shutting out competition. Obviously, Microsoft cannot win, ever.
Sometimes I think the world is just full of dumb-asses. (sounds like a Jack Handy quote)

Re:I noticed the world despises Microsoft

[crabpeople]

"Obviously, Microsoft cannot win, ever"

They make decent mice. Shitty keyboards though.. DAMN YOU F LOCK!!!

Re:I noticed the world despises Microsoft

[howlingmadhowie]

not 'obviously, windows cannot win', but rather, 'microsoft has manouvered itself into an untenable position'. The EU is just making this clear by applying the law.

My take on the situation

[bitabyte_x]

The bundling of the applications that Microsoft is going to do with Vista is perfectly fine, just as long as they allow you to FULLY uninstall these apps. They won't be able to compete with the other OS's out there if they don't do this (aka Mac and *nix). As for Microsoft not disclosing the documentation on their networking, I believe the EU is doing a damn fine job, since most people use Windows and it doesn't allow other OS's to play nice with them.

Re:Message to EU: STFU

[DrXym]

No one is stopping Vista from implementing user access controls or other mechanisms to lock the leaky OS down. What they are objecting to are MS muscling into the firewall, antivirus, antispyware markets by installing or offering to install Windows Defender, preferentially promoting Windows Defender or using undocumented APIs in Windows Defender to make it run better than the competition. No doubt Bitlocker and other aspects of security could also be considered as preferentially pushing MS tech to the detriment of an existing market.

Re:Message to EU: STFU

[The+Living+Fractal]

Let me say that I knew when posting my original comment I would get modded up and down at the same time. The issue is sharply divided.

To the parent: You obviously are on the Anti-MS side of the issue. I'm not really too enthralled by the idea of responding to your post, but here goes anyway.

In case you didn't even read the /. story quote from the article, here it is again:

"European Union officials warned Microsoft Corp. on Tuesday not to shut out rivals in the security software market as the company plans to launch its Windows Vista operating system with built-in protection from hackers and malicious programs. EU spokesman Jonathan Todd told reporters that the European Commission is "ready to give guidance to Microsoft" concerning Vista but added that it was up to the U.S. software maker 'to accept and implement its responsibilities as a near monopolist to ensure full compliance' with EU competition rules."

Let's go over it, shall we?

In the first sentence the EU spokesman clearly states that by building protection into Vista Microsoft is 'shutting out' rivals in the software security market. Except that if Windows was secure in the first place those 'rivals' would've never existed. So a market emerged and now it is disappearing. It should've been seen as temporary from day one, especially considering the fact that Microsoft has ALWAYS been trying to make their software more secure.

But wait, now they might actually be achieving that goal, and what happens? Nothing less than whining from people who should've already known it was coming. There have been so many companies and industries in the past which have been forced to change, to adapt, or to go extinct in the past that adding another one (which I still think is not going to be the case anyway) is hardly a surprise.

It's also not surprising that there will be a lobby, a dying scream if you will, to prevent it. Like you said, a lot of people make money off of Microsoft's insecure programs. A lot of untrustworthy people do as well. People who make spyware and botnets. And hopefully not as many after Vista.

When Todd said the EU is "ready to give guidance" what he really meant was "We want Microsoft to do whatever we ask". He is just a puppet of course, going through the motions of his strings which are pulled by the EU.

And, simply put, Microsoft does NOT have a monopoly. Nobody is forced to have Microsoft products. There are viable alternatives. Even OSS offers alternatives, and we've seen many organizations, from companies to countries, going to OSS. And more so as time goes on.

TLF

The problem is

[Sycraft-fu]

That things will stop working. Programs rely on the presence of these enriched tools. You can see this with the EU's Windows XP N edition. People found that all sorts of things stopped working, games wouldn't play videos and such. Why? Well if you remove Windows's video playback engine, anything that uses it for video playback will stop playing video.

Same is true of IE. To actually remove IE, and not just the executable (which you can delete if you want) you have to remove the HTML rendering engine. That means that help stops working. MS help files are HTML, and if there's not an engine to render them, then they can't work.

It would be the same as trying to remove the Gecko Rendering Engine from a program that uses it. If you do, it'll break.

So you want to talk a support nightmare, that would be it. People would turn off a whole bunch of stuff without knowing what it is, and then cry because their programs didn't work and blame MS.

Re:The problem is

[Sloppy]

Programs rely on the presence of these enriched tools.

Gentoo solves this problem with virtual packages that fill generic slots. For example, I have to have a system logger installed, but there are a variety of loggers to choose from.

People would turn off a whole bunch of stuff without knowing what it is, and then cry because their programs didn't work and blame MS.

It's really not all that hard to make an application display an informative error message. I've done it lots of times. :-) But let's suppose the default behavior when a player isn't installed, is just to silently fail and not play anything (actually, I have to admit that from my perspective as a user, this is probably the most desirable behavior when it's embedded inside of a non-video-dedicated app, such as a web browser). The support call goes like this:

User: "my video doesn't play."
Support: "Go to control panels, blah blah, and look at what it says next to 'video player'"
User: "It says 'not installed'"
Support: "Ok, insert your Windows CD and..."

or..
User: "Next to video player, it says 'Foosoft Mediablitz'"
Support: "Ok, you'll need to call Foosoft for support with their product. Or I can talk you through installing our own video player, if you have your Windows CD."

That doesn't sound too nightmarish to me.

Re:The problem is

Same is true of IE. To actually remove IE, and not just the executable (which you can delete if you want) you have to remove the HTML rendering engine. That means that help stops working. MS help files are HTML, and if there's not an engine to render them, then they can't work.

You have that backwards. IE -really is- just a tiny executable that serves as a wrapper around a bunch of COM objects. The components it uses (such as MSHTML and SHLDOCVW) are available systemwide, and are NOT part of IE itself. Saying that you have to remove these components to remove IE makes no more sense than saying that you have to remove kernel32.dll to remove IE.

Re:The problem is

[Sycraft-fu]

Have you done user support for the average user? If anything isn't precisely how they expect it's a pretty major problem. You have to remember that this would incur a rather large cost of MS as they'd need to provide the phone operators to take all these calls and they really couldn't get away with charging for them. Well that opens up a new problem in that people will start calling about support issues that aren't related. The way it works with support is that if you are on the phone, anything and everything is your fault. That's just how the mindset is. HD failure? They'll call MS and say Windows is broken.

The help problem, in particular, would be a doozy. Should MS have to redo their entire help system just so you can remove IE? That seems rather stupid.

Also where does it end? I mean when you get right down to it, the explorer UI isn't necessary, even Win32 isn't necessary. You can strip things like that out in the embedded version of Windows. However everything stops working. Should MS be forced to provide only a kernel?

What it comes down to is most people don't want a minimal OS like Linux, where the kernel is the only included part and everything else is optional. They want an enriched OS that provides things for them. You can see the same thing with MacOS. Is Quicktime necessary? No, but pulling it out removes OS-X's ability to display any video. Is Aqua necessary? No, but people really don't want a CLI.

MS and Apple provide enriched OSes and there's nothing wrong with that and for normal users it's not something they should change. If you want a minimalist OS, use Linux.

Re:The problem is

[theckhd]

That's completely true of Windows XP. There's no reason it needs to be true of Vista.

The only reason it's true of XP is that XP is not modular. Thus, programs are coded with the expectation that the core system components include many of the things you've mentioned. This is why MS wouldn't go back and modularize XP -- it would certainly create the support nightmare that you predict.

However, what if Vista were modularized from the beginning, with this in mind? Development kits would emphasize which parts of the OS were core components (and thus guaranteed to exist) and which components were optional. Programs that were written that tried to require optional components would be subject to scrutiny; perhaps they would not be allowed to put the "Compatible with Vista" sticker on the box.

Or, at the very least, the programs themselves would look to see which optional components were installed on a user's machine, and tell the user if they needed to install these other components to use the software. Remember that this would be as simple as popping the Windows CD into the drive, or downloading the module from MS.

The point you bring up about the html rendering engine in IE is a good one, but it's not difficult to work around it. Simply make sure that the default windows install has a basic html rendering engine, but only barely enough to run help files. The "IE" module would then be a larger component that focused on a clean front-end designed to be a solid user interface for web browsing, with full support for RSS and the like that wouldn't be included in the basic install.

For video rendering, a more simple solution would just be to catch any program trying to render video and give the user a pop-up screen alerting them that they have no video software installed, with a friendly reminder that they can download and install the Microsoft one free of charge if they like. Depending on the design, the program could even do this itself if it wanted to suggest a different alternative.

So for your Gecko example, the program requiring it would check for the existance of that module, and if it didn't exist, give the user a dialog box saying, "Hey, we need this particular module to run properly, you should go to this website and download it, or press this button and we'll automatically direct you to the latest compatible version."

Clearly, this sort of thing would be unwieldly to do retroactively to XP (and even Vista, at this point, i'm sure). But I don't see a compelling reason that this couldn't be achieved, provided the decision to go this route is made early enough in the OS's development cycle.

Re:The problem is

[falconwolf]

MS help files are HTML, and if there's not an engine to render them, then they can't work.

There are at least two possible solutions to this:

• First: Allow help to be rendened in any "browser";
• Second: Don't use html for help. I prefer the above option.

Falcon

Re:The problem is

Same is true of IE. To actually remove IE, and not just the executable (which you can delete if you want) you have to remove the HTML rendering engine. That means that help stops working. MS help files are HTML, and if there's not an engine to render them, then they can't work.

This isn't a strike against modularity, it's a strike against microsoft's bastardized idea of modularity. True modularization would be having a system setting (need not be accessible to the user outside of regedit) for the default rendering engine, much like there is a setting for the default browser today. That way, any rendering engine (gecko, khtml, etc) could be made to implement a standardized, well-documented interface, and the system would still work. Windows could ship with IE, MSHTML and the whole nine yards, but when Firefox is installed, there would be an option to change the default rendering engine to gecko. The Firefox install should also play nice with IE components in that if the user chooses to install just the UI and not the rendering engine, Firefox should happily render pages using the system's default rendering engine.

Expand this methodology throughout the OS, and you have true modularity...multiple discrete pieces of functionality that interact through well-defined and fully-documented interfaces. So long as every piece fulfills the contract laid out by the API, everything works. And when there's an error due to some code not doing what it's supposed to, the OS can give the user a very direct message about which vendor supplied the non-working code (since they're so dead-set on requiring all code to be signed, this shouldn't be a problem).

Re:The problem is

[drsmithy]

The only reason it's true of XP is that XP is not modular.

Yes, it is. It's just that *you* didn't have a say in which modules were optional.

However, what if Vista were modularized from the beginning, with this in mind? Development kits would emphasize which parts of the OS were core components (and thus guaranteed to exist) and which components were optional. Programs that were written that tried to require optional components would be subject to scrutiny; perhaps they would not be allowed to put the "Compatible with Vista" sticker on the box.

That's exactly what happens now.

If it gets installed by default, it's a core component and software developers can safely assume that it will be present on any Windows installation their software runs on. If it doesn't, it isn't, and they can't.

The point you bring up about the html rendering engine in IE is a good one, but it's not difficult to work around it. Simply make sure that the default windows install has a basic html rendering engine, but only barely enough to run help files. The "IE" module would then be a larger component that focused on a clean front-end designed to be a solid user interface for web browsing, with full support for RSS and the like that wouldn't be included in the basic install.

I still find it amazing, that *years* after everyone else (GNOME, KDE, OS X) went down the same path with a browser component as Microsoft did, people are still carrying on about it trying to pretend a web browser isn't an expected and critical feature of any consumer-oriented OS.

But I don't see a compelling reason that this couldn't be achieved, provided the decision to go this route is made early enough in the OS's development cycle.

The compelling reason is that the vast majority of end users will *hate* having to run out and acquire additional software (even if it's download straight from Microsoft, at no extra cost) to reach levels of functionality that have been standard for a decade or more.

This is no longer the early 80s. Computers aren't just for 31337 geeks anymore and when people buy one today they expect to get more than a text screen with a flashing cursor and the opportunity to create their own experience. Microsoft are not pandering to the minscule proportion of people that wish it was, nor are they ever likely to. Get over it, install Linux (which *does* pander to your demographic) and move on with your life.

Re:The problem is

[theckhd]

Yes, it is. It's just that *you* didn't have a say in which modules were optional.

Isn't this the whole point? If "we" (or more accurately the EU) could say which modules should be included in a default install, this whole article wouldn't exist. If the EU says "we don't want (media player/antivirus/firewall/etc.) enabled by default," MS just makes sure that that module is disabled on default installs for machines being sold in the EU. Problem solved.

That's exactly what happens now.

If it gets installed by default, it's a core component and software developers can safely assume that it will be present on any Windows installation their software runs on. If it doesn't, it isn't, and they can't.

Yes, but right now "core component" includes a lot of things that wouldn't necessarily need to be there, and are causing the legal troubles the article is talking about. Hence the suggestion to trim down the part of the OS that's absolutely, positively required, to make it easier to comply in the future.

I still find it amazing, that *years* after everyone else (GNOME, KDE, OS X) went down the same path with a browser component as Microsoft did, people are still carrying on about it trying to pretend a web browser isn't an expected and critical feature of any consumer-oriented OS.

The compelling reason is that the vast majority of end users will *hate* having to run out and acquire additional software (even if it's download straight from Microsoft, at no extra cost) to reach levels of functionality that have been standard for a decade or more.

I think you mistook what I meant. Of course a browser is expected of a modern OS, and of course users hate having to spend time getting additional functionality that should be standard. I'm not suggesting that Microsoft do this at all; in my view most installations will default to installing all of the components, unless the user specifically asks otherwise. The important thing is that the option to remove major components (or disable their installation by default in certain geographic or political regions) would be feasible to comply with the type of anti-monopoly policy that the EU is asking for.

This is no longer the early 80s. Computers aren't just for 31337 geeks anymore and when people buy one today they expect to get more than a text screen with a flashing cursor and the opportunity to create their own experience. Microsoft are not pandering to the minscule proportion of people that wish it was, nor are they ever likely to. Get over it, install Linux (which *does* pander to your demographic) and move on with your life.

I think you're confused. This wouldn't be "pandering to a miniscule proportion of people," it would be "pandering" to the entire EU, which isn't a miniscule segment of their customer base. The fact that power users get the added ability to customize would a secondary benefit of the change, not the primary goal.

Re:The problem is

[drsmithy]

Isn't this the whole point?

By "you" I mean you, personally.

If "we" (or more accurately the EU) could say which modules should be included in a default install, this whole article wouldn't exist. If the EU says "we don't want (media player/antivirus/firewall/etc.) enabled by default," MS just makes sure that that module is disabled on default installs for machines being sold in the EU. Problem solved.

No, *huge* problem created. Microsoft can now no longer write *any other part of Windows* with the assumption that the functionality provided by those modules is present (so, for example, if IE is "optional", then they couldn't have created an HTML-based help system). It means either a) that functionality may as well not exist (because developers cannot assume it exists, therefore cannot use it), or b) equivalent functionality must be independently implemented in all aspects of the system that want to use it (thus removing one of the primary reasons for a modular design).

Yes, but right now "core component" includes a lot of things that wouldn't necessarily need to be there, [...]

Only by your definition of "need to be there". I can't think of a single piece of Windows functionality that doesn't also exist on its contemporaries (and in many cases existed there first).

[...] and are causing the legal troubles the article is talking about.

Only because of a braindead legal system that is trying to make sure Microsoft cannot provide feature parity with its competitors in an effort to "punish" it (although in reality, only disadvantaging innocent end users).

Hence the suggestion to trim down the part of the OS that's absolutely, positively required, to make it easier to comply in the future.

So who gets to decide what's required ? How will these conclusions be reached ? How frequently will they be reviewed ? Will these guidelines be applied fairly to all vendors shipping Operating Systems ?

I'm not suggesting that Microsoft do this at all; in my view most installations will default to installing all of the components, unless the user specifically asks otherwise.

You're missing the point. If a component's presence cannot be guaranteed, then its attractiveness to developers (and, hence, usefulness to end users) is close to zero in the case of general purpose software.

The important thing is that the option to remove major components (or disable their installation by default in certain geographic or political regions) would be feasible to comply with the type of anti-monopoly policy that the EU is asking for.

And my point is such a requirement is idiotic. It's effectively stating that Operating System design and featuerset should be dictated by politicians, not developers and end users.

I think you're confused. This wouldn't be "pandering to a miniscule proportion of people," it would be "pandering" to the entire EU, which isn't a miniscule segment of their customer base.

"Miniscule proportion of people" and "the EU" are not contradictions. Just because the EU *government* says something, doesn't mean the customers have the slightest interest in it. The utter disinterest of the market in Windows "Reduced Media Edition" should be more than enough evidence of that, for those who were too stupid to figure it out for themselves.

Re:The problem is

[Sloppy]

You have to remember that this would incur a rather large cost of MS as they'd need to provide the phone operators to take all these calls

I sympathize, but this is all part of the cost of a government declaring them a monopoly and asserting the right to specially regulate them. Yes, by being forced to be looser with their product bundling, they're going to incur this cost. But if they don't like this, then they should fight the fact that they're being given orders, instead of squabbling about the specifics of the orders (i.e. saying they can't do it, when I just explained how they can do it).

There is a technical solution to this, and it actually makes the product better, too. If flexibility makes support more expensive, that's just Too Bad.

What. The. Hell.

[lattyware]

OK, First things first, I hate MS products. Best MS product I have is an MS keyboard and mouse. I run linux.
But
This is ludercrous (and no, I can't spell that), since what they are saying is MS is not allowed to make thier software secure.
That's like saying to car manufacurers 'OK, you can make cars, but no making saftey equipment, that'll deprive the NHS (or Medical Insurance companies, whatever) of thier work!'.

What a load of rubbish.

Re:What. The. Hell.

[doshell]

Actually, this is more like car manufacturers forcing you to buy their replacement parts (at the price they set) whenever something in your car breaks down, and locking out competitors from repairing or tuning your vehicle. And yes, this happens. See this for an example.

This is about MS allowing alternatives, not about MS being blocked from providing their own. Don't be fooled by the spin.

I don't understand why all the dissention.

[DoctorDyna]

It seems as though Microsoft is / will have it's security products built into Vista, and will most likely build them into the TCP/IP stack at some level. Here is what most people seem to be ignoring here, and it's pretty simple.

As it always has been, you can choose to use or disable any part of any feature in Windows. As it sits now with RC1, you can enable / disable features at will. Wireless networking configuration is built into Windows XP, but as everybody here knows who has a wireless network device of some sort, upon driver / software installation, that application takes over the duties of the Windows feature, usually by default. I don't know why anybody would have a reason to think that this would be any different from having a firewall in the OS, which, at the request of the user (by way of installation) gets replaced by some other product. We'll leave the discussion about inferiority for another time.

People really should stop talking about a feature of Vista as if its sure to be some set in stone incumberance, and it most likely will not be.

Oh, but it's built into TCP/IP! Anybody here ever installed the Novell client in Windows? Ever see what it does to your network protocols? Microsoft has said time and time again that it is keeping with backwards compatibility, are we naive enough to think that this won't include clients, protocols, craptastic software firewalls and anti-virus-viruses? Not so much. For those of you that need to experience a Novell client install for yourselves, go ahead. It's uninstallable. http://download.novell.com/SummaryFree.jsp?buildid =l1o2uFAj23U~/

WHAT WHAT WHAT

[BillGod]

Ok so let me get this right. Everyone complains that MS Windows is not a secure OS. MS spends a lot of time and $$ to "resolve" these problems. Now everyone is complaining that they are doing something about it. Is there a way MS can win at all with everyone?

AV is not integrated in Vista

[Sycraft-fu]

In fact after you install it, it whines at you to get some. MS will sell you some, Onecare live, though it's not a particularly good deal pricewise. However installing any AV makes it happy, it doesn't want it's own, it just wants any AV app.

Re:AV is not integrated in Vista

[Darkman,+Walkin+Dude]

Why the christ are they supplying AV software? They make the friggin OS for gods sake! Wouldn't it be a lot easier just to patch it?

I weep.

Re:AV is not integrated in Vista

[Sycraft-fu]

I'm not sure why I'm bothering to reply, since anyone who can't understand the difference between viruses and patches has extreme gaps in knowledge but here it goes:

Viruses are just malicious code. Most of them don't sneak in security holes, the come in as either another file that's infected or just straight over e-mail. They require the end user to execute the file to infect the system. There is no OS-level defense against this except for trusted computing. A computer can't inherently know if code is good or bad, it's not like bad code has an "evil bit". It has to listen to the administrator (the user) and run it.

A virus scanner is just a database of known bad code, generally with some heuristics to find new bad code based on old code. It looks at things you try to run and says "I wouldn't do that, it's evil."

Regardless of your OS or patch level, a virus can be put on your system. As a simple example, say I send you a shell script that just does rm -rf / and tell you to run it as root. If you do, your drive is gone. What a virus scanner would do is see that script, recognise it's evil and warn you.

Now in the real world viruses are much more complex. Often they hide in the code of other programs. So you'll get an application and it'll run correctly, however the virus has modified the code so when you do, it spawns and then starts infecting other files and doing whatever else it wants to do. So a virus scanner actually has to look at executables and see if they've been changed.

So please, stop the bullshit. Acting like viruses are MS's problem just drips with stupidity.

Re:AV is not integrated in Vista

[Darkman,+Walkin+Dude]

Hey, asshole. Viruses are just malicious code.

Thats trojans. There are a great many worms which are the OSs fault. Dur.

There is no OS-level defense against this except for trusted computing.

Run in an non admina ccount, nothing overwrites anything. Durrr Duh.

What a virus scanner would do is see that script, recognise it's evil and warn you.

You mean a malware scanner. Durr huhuduh.

So a virus scanner actually has to look at executables and see if they've been changed.

Wouldn't be changed in a non admin account. Duhhh huh durr.

So please, stop the bullshit. Acting like viruses are MS's problem just drips with stupidity.

And you drip with the POWER OF THE SHILL!!1!.

EU And Microsoft Clash Over Vista Security

[oahazmatt]

EU: We want efficient security in your next release.
MS: ...can we just double the fine?

Re:Message to EU: STFU

[eldepeche]

Show me an article where MS is literally blocking anyone else from making security software for Vista. It looks to me like they're finally making their own.

This is not "Insightful"

[Petersko]

Come one, people. Now you're modding on autopilot. "The solution is to use linux and open everything" is NEVER insightful on Slashdot. It's the automatic response.

Re:Message to EU: STFU

[eldepeche]

in Vista, MS is making it impossible or really hard to install another virus/spyware/firewall tool.

Link? (I'm curious, not doubting you.)

Speaking of ludicrous...

Why the hell are you using HTTP for an include from your own site?

<b>Warning</b>: include(http://www.lattyware.co.uk/content/blog/09 06.php) [<a href='function.include'>function.include</a>]: failed to open stream: HTTP request failed! HTTP/1.1 406 Not Acceptable
  in <b>/home/latty/public_html/content/home.php</b> on line <b>16</b><br />

<br />
<b>Warning</b>: include() [<a href='function.include'>function.include</a>]: Failed opening 'http://www.lattyware.co.uk/content/blog/0906.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in <b>/home/latty/public_html/content/home.php</b> on line <b>16</b><br />

Re:Message to EU: STFU

[MooUK]

Some of the security companies have already partly succeeded in hacking their way around these new security features to allow their software to work. If they can, any malicious entity can. Clearly the added features are not effective enough.

MS can't be achieving their goal of security at all here. Remember, they make additional money from people using their security software - software that attempts to cover security holes that they put there in the first place (hopefully non-intentionally, but I would not be too surprised...). They BENEFIT by locking out other security companies and leaving their OS in need of security software.

Can you honestly tell me that you think MS will try to eliminate the need for any security software, including their own, when such software can be a nice big constant - not one-time as with the OS itself - revenue stream?

Microsoft Created the market

[ijakings]

Im not a fan of microsoft, hell im not even neutral to em, and i live in the EU (Wish i didnt because importing stuff is a bitch and they keep trying to take our pound away... but thats another story). Microsoft accidentally created this market through bad coding and this gave rise to the big security players. The tech community routinely bludgeons M$ about the bad secuirty in its products and as it takes steps to counter its own bad coding and poor security issues in the past it gets slapped with an anti-trust suit. Its a no win situation for microsoft. It created the market so how is it monopolistic to take it away by fixing problems?

Re:Microsoft Created the market

[janrinok]

No - they are not fixing their bugs, they are creating anti-virus software to prevent virii from exploiting the bugs. What the EU wants is:

1. The ability for any company to provide anti-virus software i.e. MS should open up the APIs so that all can compete from a level playing field.

2. The ability for the user to uninstall MS anti-virus software should (s)he choose to do so.

I would like them to start fixing their bugs so that ALL anti-virus producers become irrelevant. That would be a level playing field.

Two Words...

[fuzznutz]

won't even get into how Apple is bundling everything they can under the sun into OS X when the same actions by MS would be tantamount to kicking the interwebs dog.

Effective monopoly

If you think unfettered monopolies are good for the consumer/end user, then you need to take a trip to the DMV. Anybody that has ever had to stand in line at that hellhole can't possibly argue in favor of monopolies.

OS admitting defeat

[sponga]

I remember reading a modded up post awhile ago where the user said that "by the Open Source advocates telling Microsoft to open up its source code that they are already admitting defeat of their precious".

bah

[cosminn]

The only reason EU is doing this is because Symantec has been bitching about this. They're scared shitless because their entire business model is around fixing someone else's problems.

And frankly, I've had experience with Symantec, and it's awful. I haven't played with OneCare yet, but I've heard good things about it.

Re:Message to EU: STFU

[MooUK]

This is the basis of this entire issue. MS's new security features apparently prevent any software that they don't specifically allow from getting low-level system access - access of the sort that security software needs. Their own security software, naturally, gets access. The problem is that other company's doesn't.

Some of the other companies have apparently found ways to bypass these features to enable their software to work - but these bypasses can also be found and used by malicious hackers and so forth, so one would assume MS will patch them, and then the third party security software gets disabled again.

I wouldn't be too surprised if MS offers - for some sum of money, of course - to allow certain companies access in an attempt to please antitrust prosecutors - but that still leaves out any of the freely available software.

placate the EU with completely optional software

[gsn]

The EUs complaints have always been about other applications like IE, Windows Media Player and and now the whole host of security programs that Vista will have like Defender etc. These go be installed by default and if there is no way to chose not to install them or in some cases like IE no way to remove them then MS is abusing its monopoly. IANAL but if MS did provide you options to remove these and not make various OS features dependent on them then the EU wouldn't have a problem.

I agree that MS should have clear options giving you control over what to install - even if its under some custom install option and shouldn't make the basic functioning of the operating system dependent on these programs - there is no reason an operating system needs a browser for instance but MS did try to claim it was an integral part of the OS. Ofcourse most people want a browser/media player/firewall with their OS and so even making it the default option isn't so bad, but we should be able to replace it with something that has identical functionality.

Sadly even if MS does give you the option of not installing their software, most users will still go for the default install and so even bundling completely optional software MS will most certainly become the dominant force very quickly. As long as those of us who want to do use alternate software can I don't necessarily have a problem with this because I think it reflects people demanding more from their OS. The danger is in a lot of people accepting MS default antivirus, which because they didn't apply Critical Update KB2702570213750153132.3e107, wasn't able to protect a lot of systems from the next W.NastyThing. A fake sense of security is as dangerous as no security at all.

Re:Message to EU: STFU

No doubt Bitlocker and other aspects of security could also be considered as preferentially pushing MS tech to the detriment of an existing market.

Heck, inclusion of a text editor and an IP stack and a UI and solitaire and minesweeper meet that bar. By that logic, any additional functionality is unfair.

I recognize that ability to compete is important, but at some point MS has the right to design their own products and let the customer decide if they want it or not. At this point, there are many mature, stable, viable OSes that can run on the same hardware, and lots of software that will run on those platforms. The barrier to entry is... well, down. I think it's time to let the market sort this out.

Windows security

[falconwolf]

Linux application security consists of "run it as 'nobody'" or "just don't do that." Clearly this is not a realistic option on Windows, where regular day to day usage of your computer includes exploring the massive catalog of software available on the Internet, and so an application firewall is a sensible precaution. Personally I see absolutely no reason why this should be a third party product.

Is it ironic or just Microsoft bashing when people complain there is not security in Windows but when MS finally incorporates security in Windows they turn around and say MS is being anticompetitive? Admittedly I have bashed MS myself but I welcome MS beafing up security, which is one of the reasons I have bashed them. What I wouldn't like is if MS were to prevent users from installing third party security software if they so wished, ie being anticompetitive. I didn't see anywhere in either article where they said MS was doing this though.

Falcon

Re:Windows security

[sowth]

That is because it was in some previous story. I'd probably have to search slashdot's archives for an hour to find it though. Basicly what I understand it to say was: Microsoft's new security enhancements would either make it difficult or impossible for 3rd party security vendors to create software for Vista. Apparently it locks everyone else out of doing lower level things with the kernel.

Microsoft will never get a Break

[jrspur2003]

Im in know way backing MS i prefer BSD and use it at home 90% of the time except for gaming and other Win apps that i cannot port to Linux/unix... However I think the EU is being rediculous... Trying to remove Microsoft Security out of Vista ??? Are they seriously trying to open the European users to hackers? Obviously they aren't targeting Apple OS's to the same scurienty(sorry been a long day cant spell) Apple OS is more tightly integrated than MS... And im sure Apple has their own Security suite built into Apple.. Anyways from a Microsoft Approach they should give in and say alright here you go a base Vista no security no nothing the just the plain OS... Because they know and i think most others know most buyers from Europe wont buy the Vista European version they'll buy the other versions...

Re:Microsoft Monopolism : making Buggy Bloatware p

[sponga]

I will say it again but it was modded up a long time ago by another user. By the open source advocates saying for MS to open up they are already admitting defeat.

Personally I have never payed for windows 1.0,3.0, 95, 98, 2k and now XP. It has given me access to the world and lots of people who use it; it has had its trouble in the days but with good user care the OS works wonders and has provided unlimited time to do millions of different things. As much as Slashdot plays the fear-mongering card of DRM/BSOD/Bugged it has really not been invasive and a great majority of Windows users go on with their lives enjoying the over all good that outweighs the bad.

After the little fiasco with WindowsUpdate which WGA was the only problem because I had a pirated version. I am now ready to actually buy Windows because of what NT/XP have shown to be a good product as much hating goes on here about it. Other users who paid for it legally enjoyed the OS even with WGA they went on using it like they regulary did and got their updates on time except for me and many other pirates. Not that non-tech people care about updates anyway, I just kind of wish I had paid for XP in the beginning and not have to go through the hassle of getting an on-time update from MSupdate.

I think the majority over time will move on and updgrade their OS to Vista; although the minority will put up a very vocal fight on the message boards.

WTF?

Yes, that is what the competition rules are concentrating on BECAUSE THAT IS WHAT THE LAW SAYS IS NEEDED!

The idea (smilarly to the invisible hand that capitalists, such as MS lke to expound) is that if there are competitors, then the innovation in the field is increased by that competition. If there is little to no innovation, then the product becomes a commodity and the goods become cheaper. By these two methods, the consumer is benefited.

Your complaint is that the laws on murder seem more to be about punishing the murderer than helping the victim. Duh.

Re:Message to EU: STFU

[madcow_bg]

Let's go over it, shall we?

In the first sentence the EU spokesman clearly states that by building protection into Vista Microsoft is 'shutting out' rivals in the software security market. Except that if Windows was secure in the first place those 'rivals' would've never existed. So a market emerged and now it is disappearing. It should've been seen as temporary from day one, especially considering the fact that Microsoft has ALWAYS been trying to make their software more secure.
I believe the scream is because MS is going to BUNDLE security applications in their OS. It is not making the OS secure, it is bundling software with it. That is illegal.

It's also not surprising that there will be a lobby, a dying scream if you will, to prevent it. Like you said, a lot of people make money off of Microsoft's insecure programs. A lot of untrustworthy people do as well. People who make spyware and botnets. And hopefully not as many after Vista.
Dream all you can - Vista will cure cancer and AIDS, the world saviour. The same untrustworthy people will exploit the same ol' holes. Mainly PEBKAS.

When Todd said the EU is "ready to give guidance" what he really meant was "We want Microsoft to do whatever we ask". He is just a puppet of course, going through the motions of his strings which are pulled by the EU.
That is sooo much different from where? Of course strings are pulled, it is the way in politics. What you should point out is how exactly that is so bad?

And, simply put, Microsoft does NOT have a monopoly. Nobody is forced to have Microsoft products. There are viable alternatives. Even OSS offers alternatives, and we've seen many organizations, from companies to countries, going to OSS. And more so as time goes on.
Oh phleeeeze ... after two convictions from EU and one from US, there are still people that claim MS is not monopoly. Live with it people, they are monopoly, and they are repeatingly ignoring anticompetitive laws.

Mods smoking crack again...

[DamnStupidElf]

Too bad I already posted. The parent is not a troll; better inherant security does in fact reduce or eliminate the need for antivirus and other "protective" software. Look at it this way: If viruses are prevented from infecting executable files by filesystem or policy security (like "Don't allow writing to existing executable files", which seems pretty reasonable) and personal data is protected by limited access to it until the user specifically grants access, then most malware is totally useless. Limit network connectivity to trusted applications, and zombie machines become useless.

One problem, of course, is that deciding which software to trust is a hard problem. The operating system has to be the initial root of any trust relationship. Adding things like email, document editors, and any other software requires the operating system to know what security should be applied to these applications. Things like Google Desktop and any other useful utility require broad permissions to access data, and are potentially difficult to secure. How do you specify that, say, Google Desktop is trustworthy but Gator/Claria isn't? To really secure personal data, you almost need an operating system that directly classifies data and protects access to it not only to applications but tracks the data through each application and prevents its use from being mixed with other classifications. For instance, personal credit or financial information should be classified such that it is only mixed with unclassified information (like the Internet, email, or any other way out of the computer) under controlled conditions that the user is made directly aware of by the OS. Otherwise, it's easy for rogue applications to spoof trusted applications to gain access to personal data and misuse it.

My basic point is that for a truly secure operating system, a very comprehensive model of all the data and applications that will use the OS is necessary to define the security policy. Microsoft is probably not able to create such a system simply due to the complexity versus ease of use, not to mention the monopoly issues. For instance, if Microsoft starts protecting personal data by not letting it be opened by untrusted applications, the Internet at large will cry out that they are abusing their power, despite the fact that such a step is necessary for true security. The problem is that Microsoft has wedged itself into complete gatekeeper of commodity PCs, and there is very little chance of a standard method for securely managing data and applications emerging on its own in the free market that works with the existing monoculture. Microsoft can neither be the initiator or the adoptor, and so general computer security suffers. I don't really see any solution until a lot of backward compatibility is dropped and a lot of work is done on a secure data model that isn't too difficult to use for normal people.

Re:Mods smoking crack again...

[Foofoobar]

Tell that to the Microsoft zealots. :)
Tey lov to point their fingers whe Linux people are being biased but just put their hands over their ears ad go 'LALALALALALALALAL' when you start talking about Microsoft security :)

Nope, you seem to despise anyone against MS

Why is that? If MS want to sell firewalls on the same basis, then fair go. If they want to include it bundled, saying that "it's free so good for customers", then they would have to reduce the cost of Vista. Because on one hand they say it's free and on the other one, they justify the cost increase by saying "but you're getting so much more than you used to".

How can you get stuff for free that costs you money?

PS aren't YOU part of the /. community?

I agree completely

[falconwolf]

Why the hell do people get pissed off when MS includes basic, handy tools such as the windows firewall? For the average user that is just fine for them. For other people who want more custimization and features there is ZoneAlarm, Kerio Personal Firewall, etc. I think it would be great to have more basic tools included with the OS so I can get simple tasks done but if those simple tools eventually just aren't enough I can still go buy a better featured product from another company. That is how it should be.

Same here, I agree compleatly. I use ZoneAlarm, the paid for version, on my PC and I love the level of control it gives me. I'm planning on getting a MacBook Pro when Apple releases a version with the Merom, Core 2 Duo, processor (and am hoping it is released within a couple of weeks) and have been looking for a firewall that offers the same controls as ZoneAlarm. I know OS X has a built in firewall but unlike ZoneAlarm it doesn't allow the user to set website controls, allowing some websites to use cookies, javascript, and objects while blocking other sites from using them. My one problem with ZoneAlarm is that it doesn't work with Netscape above 4.x or with Firefox. The only "modern" browser it works with is IE.

Falcon

Proprietary implies monoculture

[Beryllium+Sphere(tm)]

Is it a correct paraphrase that you see a risk that if it's easy to install third party security software, people will wind up installing malware that pretends to be security software? And that making the OS and the security software part of the same monolith provides useful tamper-resistance?

The downside is that if 95% of the desktops in the world are running the same security software, then as soon as the security software has a vulnerability we'll get something like the Witty worm but far more devastating.

Ask and you shall recieve

[ad0gg]

API to integrate your AV software into Longhhorn's WSC(Windows security center)

Re:Message to EU: STFU

[amliebsch]

Oh phleeeeze ... after two convictions from EU and one from US, there are still people that claim MS is not monopoly. Live with it people, they are monopoly, and they are repeatingly ignoring anticompetitive laws.

Oh, well, then that settles it! Courts are never ever wrong, especially on technology-related issues.

Re:Message to EU: STFU

[amliebsch]

Apple doesn't include this kind of stuff in the OS.

Wait - so OS X doesn't even come with a firewall? What's all this then?

Re:Microsoft Monopolism : making Buggy Bloatware p

By the open source advocates saying for MS to open up they are already admitting defeat.

Could you please explain this? I honestly don't understand this at all...

No, the problem *is* the market.

[nobodyman]

When MS ships it's products with it's own security software
(antivirus, intrusion detection, ), the market will shrink
dramatically. No one of the competitioners would have a chance
to sell it's products to private ans small buisness customers.

The problem isn't that Microsoft will own the "Windows Security" market. The problem is that such a market exists in the first place. What about all of the other markets that are formed around the windows platform, or that use the windows platform. Supposing that the EU "protected" the security market, you'd end up with the vast majority of PC's purchased without security measures ("I can save 30EUR by ditching Macaffe!"). Windows would continue to be the target of malware, virii, and other unwanted code. Yeah, the security market is protected, at the expense of everyone else: Not just Microsoft, but resellers, developers, and especially end users.

This "protection" is short-sighted at best.

And i think we all know what happens when there is no more
competition at the free market. The quality goes down the drain.

Yes, I imagine this is true... but this contradicts your next point

BTW. This would end in a monoculture of security-products
by MS, and monoculture makes the whole infrastructure
extremely vulnerable for real big or well organized attacks.

When/if the infrastructure becomes more vulnerable, the market will grow. Look at Firefox's growth due to the stagnation of IE.

This being slashdot, I'm sure someone will say "how about they stop writing such crappy code!". Fair enough, but wouldn't that have the same effect of shrinking the security market? Should the EU prevent Microsoft from developing software that is too robust!?

Re:No, the problem *is* the market.

[Kazoo+the+Clown]

The security market should dry up as soon as Microsoft creates an operating system that doesn't need it-- not when they create one that won't allow for it.

Not a good idea.

[Endo13]

If Microsoft really wants to make their software secure like it should be they're basically going to have to re-write it from the ground up. At this point, any 'security' they add is basically just more bandaids, and we've all seen how well those work in the form of their many patches.

The point I really want to make though is that it's pretty much irrelevant how good or bad their security apps are. The simple fact is that any such features that they include will most likely be used by most people who use their operating system. Just look at how many people use internet explorer over other browsers, and then look at how many more security issues IE has. This is not necessarily because IE is less secure than other browsers but since most people use IE, people who produce malware don't have to worry about finding security flaws in other browsers - all they need is to find them in IE. Plenty of computers will be affected. If MS includes their own security apps the same will apply, whether or not they allow third party security apps. Since most people will be using theirs instead of third party replacements for convenience's sake, there will be a lot more grief caused because of it. Finding secuirity flaws in one system is far easier than finding flaws in a dozen systems, and when you know that 90% of home computer owners are using the one system, your malware goal just got that much easier.

The EU is doing the right thing .. Why?

Look at the facts.

MS want their own security production, they do not in any way want to let someone else in, why?

The next generation of DRM depends on this, depends very highly on MS being the only one who can authenticate drivers.

Provided MS can say "Only we can approve drivers", now MS can block out all those "third-party" applications such as Daemon Tools, that allows you to run a CD from your hard drive, or those applications that can record movies or DVDs.

This is the reality, if you like it or not, the implications go far beyond "other security companies".

By these companies not being able to tap into the API, it gives MS a way to lock out everything from the OS they don't want. What don't they want? Anything that can copy a DVD, CD, video, music, HD streams with the "do not save" flag. This allows them to lock down your computer to do as they see fit, all in the name of "security".

Lets get real here people - The security "API" that MS has is what keeps DRM firmly embeded in the operating system. Allowing a third part control over what drivers can and can not be installed allows users to write those applications they so much hate.

This isn't about "security", this is about "FairPlay".

OS X - Ive upped my standards, up yours!

[falconwolf]

I plan to when Apple releases a MacBook Pro with the Merom, Core 2 Duo.

Falcon

Re:OS X - Ive upped my standards, up yours!

[mjwx]

I use Linux

Which is far superior to OSX so up yours

People talk about bloat in vista, OS X has 2 install DVD's

Another strike for Anti-Trust

[shiz98]

Yet another reason why anti-trust laws screw the consumer. Who gains from removing built in features from Windows (such as IE and Windows Media Player)? If they're free, who cares? And now security features are being removed because it's "not fair." Again, who gains from this? I also find it interesting that only microsoft is being forced to remove stuff from their operating systems. Why not remove Quicktime from Apple computers? That's just as unfair as it is to have Windows Media Player on Windows PC's.

On another note, this kinda kills the whole "It's Microsoft's fault for any virii that get on my computer" argument. This basically frees Microsoft from having to be responsible for any Windows malware.

Mods on SCO crack

[sowth]

WTF is up with the troll mod here? This just proves the mods are working for Microsoft. This guy wasn't even saying anything negative about MS, just pointing out that Linux has lots of software to download from the internet too, therefore it has a similar risk for trojans.

Call me redundant, but...

[CCFreak2K]

...this is way overdue. Gotta play Devil's Advocate with this one. The only reason the "security market" exists is because there was a need for one. I don't see a security market for Linux, or BSD, or Solaris, or any of those. And now that the holes are closing (or at least being filtered with in-house tools), the security companies are complaining that their market is fading. Tough shit, guys. That's what you get for banking on a one-trick pony.

On the other side of the coin, their software seems redundant. Why not just make the code more "secure" (for lack of a better term) in the first place, instead of writing MORE CPU-sucking code to cover it up?

Oh, come on!!!

[ecuador_gr]

Everybody on /. and their grandmother have always been complaining about how "broken" and "unsecure" Windows is. In fact MS is responsible for the security product market because it was so vulnerable.
Now, they are trying to "fix" the OS, make it more secure, and EU yells foul!

As a European I cannot stand this sillyness. I want my OS to have built-in security out of the box, as I want it to be able to play all my music & videos without having to install inconvenient (Quicktime) or downright evil (Real player) software.

I'm a fiscal conservative,

[falconwolf]

it's a pity we don't have a political party anymore

Sure we do, it's called the LP, Libertarian Party.

Falcon

That is because it was in some previous story.

[falconwolf]

I'd probably have to search slashdot's archives for an hour to find it though. Basicly what I understand it to say was: Microsoft's new security enhancements would either make it difficult or impossible for 3rd party security vendors to create software for Vista. Apparently it locks everyone else out of doing lower level things with the kernel.

I know what you mean by "an hour to find", I've found myself in the same situation. Now if MS is locking users of third parties products from installing them then yes I'd say that were bad.

Falcon

Oh, come on.

[Randseed]

For God's sake. I'm no fan of Microsoft, and I despise windows, but the fact of the matter is that security is part of an operating system. Controlling interaction with the outside world and between processes running on a machine is one of its primary functions. The EU is going off the deep end by demanding that Microsoft not include this functionality. The only reason anti-virus companies, firewall makers, anti-spyware companies, and all the rest exist is because Microsoft screwed up in the first place. Now when they go to fix it, the EU demands that they leave holes that people can drive a truck through, and so that users have to go out and buy even more software to fix holes that shouldn't be there in the first place.

Good God.

Re:Oh, come on.

[gnasher719]

'' The EU is going off the deep end by demanding that Microsoft not include this functionality. ''

Sorry, but you are just repeating the Microsoft propaganda here. Same thing happening here is with the EU's demand that certain interfaces should be opened: Microsoft starts crying that they shouldn't have to publish their source code but that they will still do it under pressure, whereas the EU had never demanded such a thing and everyone else says that publishing source code is completely pointless because source code is not a spec.

This time, the EU demands that Microsoft must not prevent competitors from producing security software for Windows, which is entirely reasonable, and Microsoft is crying that they are not allowed to make Vista secure, which is absolutely not what the EU demands. Yes, the things that the EU demands according to Microsoft propaganda are entirely unreasonable, but what the EU actually _does_ demand is perfectly reasonable.

installing security on Mac OS X and Windows

[falconwolf]

OSX is no different, everything is integrated (except AV) and the user isn't expected to go and hunt down any 3rd party firewall software.

Ah, but OSX allows you to install 3rd party firewalls. Currently I'm using a PC with Windows and I use ZoneAlarm for my firewall. However I plan on getting a MacBook pro and am looking for a firewall that offers me the same controls as ZoneAlarm does, for Macs. If Zone Labs offered one for Macs then I would get it. Apple doesn't lock me into using their firewall which I've heard is exactly what MS is trying to do with Vista. While I'm glad MS is finally paying attention to security I don't like their anticompetitive stances.

Falcon

Ob. Car analogy

[Kaenneth]

March 32nd 1910: Today the Whip and Spur Manufacturing Association announced a lawsuit against Mr. Ford's Horseless Auto-Mobile company, seeking an injuction against production of carraiges that do not respond to Whipping and Spurring, as if such machinery would reduce the number of horses needed to travel, and would lead to a decline in their income.

The Representative of the W.S.M.A was rebuked by the Judge, ridiculed by the spectators, and removed from the courthouse by Bailiffs; and ordered not to return unless they had actual legal business to conduct therein.

Mr. Ford stated that dispite their folly, his offer to purchase from them essential parts for his Auto-Mobiles, such as machine belts from the whip-makers, and gears from the spur-makers; should they convert their manufaturing to the same; still stands.

Re:Ob. Car analogy

[ArtStone]

In addition, Mr Ford announced today that his Model T will come equipped with a horse hitch in the event the owner does not wish to use a Ford Motor or opposes the use of petroleum products - and instead wishes to use an Open Source Horse to power his Model T.

At this time, there are no plans to equip the model T with a horse manure scooper, but that topic is still under active negotation.

Re:Microsoft Monopolism : making Buggy Bloatware p

[mdielmann]

gaping security holes

Uh, make sure to identify your official and unofficial trademarks. It's well-known for years that Microsoft has the de facto trademark on Gaping Security Holes(tm) and Big Gaping Security Holes(tm) (note they're not registered). There are really very few things where MS innovates - let's give them credit where it's due.

"The Economist" magazine

[falconwolf]

"Un-American and morally wrong": conservative and prowar magazine The Economist

I realize your tagline may be a joke but I don't see "The Economist" as either "Un-American" or prowar. They may not like some of the policies of businesses or government but they like others. As for being prowar I see the opposite, they are especially against resource wars as is happening in the Congo with the coltan found there, or in Angola and Botwana where the San or Bushmen are being forced off their land so diamonds can be mined.

Falcon

Windows Security..

[aero2600-5]

Windows Security? Isn't that an oxymoron?

I don't understand what the big deal is about Vista security. Microsoft will attempt to provide a total solution to security and lock everyone out. First off, Microsoft can't lock out everyone for very long. The security software companies and hackers will find a way to design and use software for Windows Vista. This is only a matter of time.

Also, we all know how horrible Microsoft security will be. It's almost certain that Windows Vista users will need third party security software, and someone will be sure to provide it. Nothing will change with Windows Vista.

Aero

How dumb can you be?

Both applications allow programs to be able to do some things and not others.

E.g. firefox will NEVER need to write files in /etc. You can make sure it does so. You can require that FF only use port 80. You can do so. *in the application*.

There are also ACLs that allow you to give permission to goodUser write access to /etc/ntp.conf and write access to /var/log. You can also add that functionality in to a program. E.g. vi can only do the same thing unless root can do so.

Re:Build It Secure

[KDR_11k]

I think the ultimate FU to the EU and security sotware manufacturers would be if they could make it secure by default.

The EU wouldn't mind that. What they do mind is Microsoft bundling other products with a product that has a monopoly position. Doesn't matter if it's software, cars or hamburgers.

typo - missing URL

[Penguinisto]

I really love HTML sometimes...

http://iptables-tutorial.frozentux.net/chunkyhtml/ c91.html

Re:typo - missing URL

[shird]

That link you provided showed nothing about iptables doing application 'firewalling'.

It says "Iptables is also able to work on higher layers, such as the Application layer. However, it was not built for this task, and should not be used for that kind of usage. "

So.. this has nothing to do with blocking certain applications from communicating out. eg. blocking firefox.exe accessing wga.microsoft.com or whatever. It has to do with packet inspection at the application layer, and can't even do that well.

But they'll just bitch about it

[Sycraft-fu]

Because they want what isn't possible. Look at Windows XP N. They said "You have to make a version of XP with no media player!" Now of course Media Player doesn't stop other media players from being installed (I have Quicktime, Realplayer, and VLC on my system, as well as MPC which is a new frontend for Mediaplayer), but the EU decided this was a major problem, that consumers wanted a no-media player XP. Well MS's initial proposed version removed the actual media player front end,b ut left the video playback component in Windows (DirectShow). The EU pitched a fit over that and said it ALL had to go. Ok, fine they removed it and that was released as XP N.

Well then they got pissed because things didn't work. Games wouldn't play their video back, you couldn't look at many kinds of streaming video in web browsers, etc. Why? Well because they relied on the video playback capabilities to play back their video, they didn't include their own (why would you?). Also the "competing" products like Realplayer aren't full media players, they only play their own stuff, so they couldn't help. This was, of course, why MS was leaving it in in the first place.

So that's the problem: People want MS to remove their software, but still provide the services. Can't do it. To remove the media playback engine is to remove media playback. You've no choice but to reinstall it, or to install an alternate. Since there is no alternate, you are screwed.

api

Shouldent the firewall be built into the network stack by default but with a publicised API for managing it. That way Microsoft could bundle a frewall with an on/off switch and just allow software developers to create a user interface to it. This is the only security product that is being bundled that should be,. If Microsoft is forced to leave the firewall out of vista they should drop networking as it would be a hack to implement the firewall anywhere else.

As for anti virus / sypware microsoft should build a kernel feature that allows 'trusted' code to scan disk writes (and possibly all access to the kernel from userspace) and block it. I think this is how linux virus scanners work with a kernel module that I have fogotten the name of.

They should also have a special user that owns all system userspace programs and libs which needs a password to access (only done when installing programe avalible to all users / system updates). This would help prevent a lot of the viruses (unless the user enters a password bliendly)

If this were a necessary field...

I'd be sympathetic to all those folks who want a piece of the 'make windows secure' industry- but having windows be vulnerable out of the box is not in anybody's interests except those who want to profit from that. Arguing against having MS fix windows is sort of like arguing against tax reform because without excessively complex tax code, what would all those tax accountants do every april?

They'd move on to something productive, that's what.
Let Microsoft fix Windows. If vendors want to make their living lying in bed with Microsoft, they should expect to be jostled when it moves around. Remember too, it's these vendors who keep Windows dominant by writing software to the platform.

Move along, nothing to see here.

Malarky

[ElanVital+O2]

Microsoft should just revoke every single license they have ever sold in the EU, and then sue all of the governments that use the software for copyright infringement. Apple's OSX has and will continue to include these types of features. When I the European Union takes the same action against Apple, then it will be a fair playing field. In fact, doesn't OSX include Quicktime as well? Scrap it, fair's fair... Right EU?

Monoply?

Can we really judge software on the same basis as that of other things?

Companies should be free to control their IP; You don't have to use Windows, heck you don't even have to use PCs.

Popularity shouldn't be an excuse to bully your way around.

half evil

[r00t]

If you could change the keys, no problem. You could add keys for software vendors you trust. Perhaps you could even delete keys of software vendors you don't trust!

Obviously this couldn't just be a NtAddDriverSigningKeyEx() or NtAddDriverSigningKeyA() call that any old spyware app could make. (About the names: if this were UNIX it'd be called sgnky() of course!) The user might do Alt-Ctrl-Del, click a "Driver Keys" button, and so on. It'd need protection against compromised accessibility software and remote desktop software.

Of course, this probably still destroys the market created by bugs. It reminds me of the leaky water supply tunnel to New York City which is illegal to fix because it leaked enough to get the land above the leaks classified as protected wetlands.

But Microsoft already has "Windows Vista e"

[Bismillah]

At least that's what former BeLux manager Bruno Segers says. Looks like Segers might have been fired for revealing that too.

Re:But Microsoft already has "Windows Vista e"

[Lawyer+Geek]

The interesting thing to me in that article is the line suggesting that by unbundling the security features to make the EU regulators happy, eurozone computer users will have the choice of buying a less robust OS locally or buying the more fully featured US variant. Segers is undoubtedly correct that, given that choice, customers will choose the US version over the regulator-approved EU package...in essence coming up with a workaround to the EU.

Besides, do we really want regulators deciding software features?

Re:Message to EU: STFU

[Weedlekin]

"Can someone tell me why nobody is going after Apple?"

Because companies with 3% of the European desktop market aren't monopolies, and therefore don't attract the attention of those who regulate the behaviour of monopolies.

Expanation for the hard of thinking

MS should be spending $$$ on fixing the OS so that trojans, viruses and worms are no longer a problem. NOT by leaving the OS as it is and patching over the top.

Here's what could happen:

OS remains cruddy but has AV/FW/etc (security system)
Security system requires SPx
SPx includes stuff that isn't needed for your use
SPx is now mandatory because your cruddy OS needs their Security and that needs SPx

Remember that there is a new EULA to agree to when a SP is installed, and the agreement must be made to install. If you cannot agree to the EULA, you're hosed by nasty people. If you agree, you may still be hosed by them, but you are also definitely being hosed by MS.

Secondly, what if the new security system no longer runs on your version of the OS? You now need to upgrade.

So if MS had vixed the OS, there wouldn't be a need to install their security over the top. If they allowed others to sell security fixes independently, they wouldn't have to change OS.

*sigh* Too late for this to make a difference...

[tygerstripes]

...but will people please, for the love of God, learn to do the following before posting the type of reactionary crap that seems to have inundated this discussion:

1. RTFA. It's such a cliche that it's almost funny. That doesn't mean it's not important.
2. RTF Discussion. How many people saw the submission, jumped in and clicked "Reply" without even stopping for 20 seconds to scan the existing posts and realise that the little gem they were about to defecate into cyberspace was
a) completely fucking redundant a thousand times over and
b) already comprehensively shown to portray a lack of understanding of the facts

Okay, so both of those requests are massively redundant in the grand arena of /., but either of the above would have stopped 90% of the above "WTF M$ finally dun some gud, EU sux WTF!!1one" from infecting /. with their particularly redundant form of idiocy.

Just to sum up (although if you've read this far, I don't need to tell you - I'm just getting it off my chest):
M$ are NOT being told by the EU to remove their security gadgets from Vista. They are being told to make it possible for existing security companies to implement their own solutions to a comparable standard by making the APIs and hooks available publicly. The only reason not to do so would be to deliberately lock-out competition. If they do not do so, they are forcing the third-party vendors to write inefficient and possibly ineffective software. This violates not only anti-trust laws, but makes it more likely than ever before that security issues will be harder to defend against and take longer to solve - hardly ideal for the user.

The EU is, in this regard, doing an admirable job of championing the cause of smaller companies AND the average Joe on the street, as well as EVERY business that ends up using Vista. They are not asking M$ to make any significant changes to their software - only to give other companies the information they require to write good software that benefits the user, which is precisely what any OS should do in the first place.

Re:Can anyone see the Irony?

[ibbo]

Well when us Europeans say someting we mean it. Not like Bush allowing Redmond to carry on as normal after been found guilty of the same thinig Europe found them guilty of.

MS has no friends over here and its for the better good of us all.

Re:Message to EU: STFU

[madcow_bg]

But the issue is that MS a monopolist with anticompetitive practices, which is hardly a technology issue.

MS breaks modularity

[jotaeleemeese]

Look, if MS wa releasing a tool that could be easily replaceable, becuas it was modular, I think there would be very few complaints.

The problem is that what MS does is to artificially embed a new feature in the OS in a way that nothing would work if you removed all the dependencies.

This is done not for technical reasons but for commercial ones (i.e. in order to abuse a monopolic position).

The problem is not the bundling,but the unbundling

[jotaeleemeese]

MS has a track record of including the kitchen sink in the OS and then putting unnecessary locks, so if you remove the kitchen sink (lets say, because you want a new one) the full kitchen stops working. And the bathroom, and the TV in the living rooms explodes....

If MS had an history of beating the competition by innovating with better products (that are not unnecessarily tied to the OS) then nobody would be complaining and we would be blessing our near monopolists.

But the matter of fact is that they are convicted abusers of their monopolic position, are constantly testing the boundaries of what is legal in many countries, and frankly I don't see why we should give them the benefit of the doubt on this one.

By reflex indeed.

[jotaeleemeese]

If somebody has been beating you for a couple of hours with a baseball bat, you would be forgiven if you cover your head, by reflex, as soon as you see tht hooligan reaching for the implement again.

They are not crippling the OS....

[jotaeleemeese]

The OS is crippled at birth. Otherwise it would not need the myriad of security products to secure it.

What the public could expect is to have an OS designed with sensible assumptions about security and with enough open hooks to allow anybody to improve upon that.

The MS way is to embed everything in a convoluted way to later claim "it is all part of the OS you know" in order to generate new revenue streams (suscriptions to antivirus services like virus signatures updates...) while being creative about abusing their monopolic position.

The insane thing would be to let them get away with it.

Talk about a bullshiter.

[jotaeleemeese]

You stoll all the wonders of Windows, but you are a vulgar pirate.

What a hypocrate.

Re:Talk about a bullshiter.

[sponga]

stoll?
hyporcrate?
Nice spelling there. Dictionary.com and maybe next time you will have some credibility.

Thanks for the laugh but I am not a hypocrite and I am just pointing out the realities and facts about the WGA/MSupdate to get past all the FUD. Way to put an argument up a sensible argument on me being a hypocrite.

Microsoft Monopolism and MS Buggy Bloatware

[FractalZone]

Uh, make sure to identify your official and unofficial trademarks. It's well-known for years that Microsoft has the de facto trademark on Gaping Security Holes(tm) and Big Gaping Security Holes(tm) (note they're not registered). There are really very few things where MS innovates - let's give them credit where it's due.

Microsoft is clearly an innovator in creative use, maintenance, and enforcement of monopoly power in the marketplace. It seems to have "borrowed" a few tricks from other companies as far as dodging legal consequences for its misbehavior in the U.S. go, although the usually lame EU seems to be less intimidated (I wonder why? :-)

In the States, we have a situation that might well be described as "he who has the most lawyers wins". Microsoft can afford to pay for lawyers by the garbage barge load, and does so. Few other companies I can think of would be so bold as to use Gaping Security Holes(tm) as a means of forcing people to use their lame Internet Explorer Web browser with its notoriously exploitable ActiveX support to install patches which often introduce new bugs or even malware (Windows Genuine (dis)Advantage) when those people would otherwise use a quality browser such as Firefox or Opera.

I have no problem with companies that become successful because they provide new or technically superior goods and services. I have a problem when they are allowed to dominate the marketplace by stifling the competition, especially when the competition has better goods or services that can and do benefit the consumer. One solution to the Microsoft monopoly would be to force it to truly unbundle its browser, Internet Explorer, from all of its other products.

IE should have to be downloaded and installed, just the way competing browsers are, unless Microsoft wants to include them on a list of browsers a user can choose from and install along with Windows when a system is being set up. Microsoft should be ordered to make all of its support services that are associated with Windows and/or Microsoft Update available to users who chose other browsers that have reasonable support for industry standard scripting. People should not be forced to expand upon existing security flaws built into Windows by having to use IE to get security patches and other software updates from Microsoft. There is absolutely no technical reason why one should have to use MS Buggy Bloatware such as IE when better, more secure browsers exist.

Your main point, that Microsoft is rarely the source of innovation in the software industries it dominates by monopolistic muscle, is absolutely correct IMNSHO. I'd love to have the choice of walking into a store and buying a machine with no OS, or some non-Microsoft OS pre-installed on it. Why should consumers be forced to pay for crap like MS Windows Home or Media Center Edition when they buy a computer off the shelf? Microsoft enforces its monopoly powers by making it very difficult for people to get systems with other or no OS installed on systems they buy at retail. Just go into any major office supply or consumer electronics store and see for yourself what operating system will come bundled with the machines sold there, even if you would rather buy the machine bare so you can install your own favorite operating system. I suspect many people would choose to take a discount equivalent to the amount the manufacturer pays Microsoft for the version of Windows it pre-installs and then install an alternative OS.

Making that choice (either no OS or any of several popular OSes including Windows as an option) available to all consumers would be a great way to force Microsoft to compete fairly. It would also promote real competition in the OS market and undoubtedly inspire more innovation therein, maybe even from Microsoft! :-)