Slashdot Mirror

← Back to Stories (view on slashdot.org)

EU And Microsoft Clash Over Vista Security

Posted by ryuzaki0 on from the get-along-or-i-will-turn-this-os-around-and-go-home dept.

An anonymous reader wrote to mention coverage of further clashes between Microsoft and the EU, this time over security in Windows Vista. Microsoft is 'urging' the EU to allow all of the security elements of Vista to remain intact. The EU seems to be under the impression it's not asking for security to be lax; it just wants the software company to ensure a fair playing field for all businesses. From the Newsday article: "European Union officials warned Microsoft Corp. on Tuesday not to shut out rivals in the security software market as the company plans to launch its Windows Vista operating system with built-in protection from hackers and malicious programs. EU spokesman Jonathan Todd told reporters that the European Commission is "ready to give guidance to Microsoft" concerning Vista but added that it was up to the U.S. software maker 'to accept and implement its responsibilities as a near monopolist to ensure full compliance' with EU competition rules."

11 of 311 comments (clear)

  1. Could we get any more vague? by Sloppy · · Score: 3, Informative

    What lame articles. Neither one says what the hell the thing being bundled is, other than "security" as though security could possibly be a product or module.

    Ok, one of the articles made a brief mention of a firewall. Is all this noise about something as mundane as a software firewall?

    --
    As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
  2. Re:You don't see the problem. by jank1887 · · Score: 3, Informative

    Problem: third party applications are prevented from working with the OS, to 'prevent weakening the built in security".

  3. The problem is by Sycraft-fu · · Score: 1, Informative

    That things will stop working. Programs rely on the presence of these enriched tools. You can see this with the EU's Windows XP N edition. People found that all sorts of things stopped working, games wouldn't play videos and such. Why? Well if you remove Windows's video playback engine, anything that uses it for video playback will stop playing video.

    Same is true of IE. To actually remove IE, and not just the executable (which you can delete if you want) you have to remove the HTML rendering engine. That means that help stops working. MS help files are HTML, and if there's not an engine to render them, then they can't work.

    It would be the same as trying to remove the Gecko Rendering Engine from a program that uses it. If you do, it'll break.

    So you want to talk a support nightmare, that would be it. People would turn off a whole bunch of stuff without knowing what it is, and then cry because their programs didn't work and blame MS.

    1. Re:The problem is by Sycraft-fu · · Score: 2, Informative

      Have you done user support for the average user? If anything isn't precisely how they expect it's a pretty major problem. You have to remember that this would incur a rather large cost of MS as they'd need to provide the phone operators to take all these calls and they really couldn't get away with charging for them. Well that opens up a new problem in that people will start calling about support issues that aren't related. The way it works with support is that if you are on the phone, anything and everything is your fault. That's just how the mindset is. HD failure? They'll call MS and say Windows is broken.

      The help problem, in particular, would be a doozy. Should MS have to redo their entire help system just so you can remove IE? That seems rather stupid.

      Also where does it end? I mean when you get right down to it, the explorer UI isn't necessary, even Win32 isn't necessary. You can strip things like that out in the embedded version of Windows. However everything stops working. Should MS be forced to provide only a kernel?

      What it comes down to is most people don't want a minimal OS like Linux, where the kernel is the only included part and everything else is optional. They want an enriched OS that provides things for them. You can see the same thing with MacOS. Is Quicktime necessary? No, but pulling it out removes OS-X's ability to display any video. Is Aqua necessary? No, but people really don't want a CLI.

      MS and Apple provide enriched OSes and there's nothing wrong with that and for normal users it's not something they should change. If you want a minimalist OS, use Linux.

  4. Re:The solution by swillden · · Score: 3, Informative

    It's not like the concept of an application firewall even exists on Linux.

    Sure it does. It's not difficult to firewall at an application level in Linux, and there is at least one tool (fireflier) that provides a nice GUI for managing such firewall rules.

    Few people bother, because there's simply not much need, but it's not at all accurate to say that it doesn't exist.

    Linux application security consists of "run it as 'nobody'" or "just don't do that."

    Or run it in a chroot jail, or run it with fine-grained mandatory access controls from SELinux, or ...

    Unix/Linux application security provides lots of different options. That they're more commonly used for securing Internet-facing services than for locking down random local apps acquired from untrusted sources is because there's little need, not because the security tools don't exist. I used to keep a chroot jail configured just to run random little apps. These days I run such stuff in a virtual machine instead, but that's just because I find it more convenient.

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  5. Re:The solution by johansalk · · Score: 3, Informative

    > "Clearly this is not a realistic option on Windows, where regular day to day usage of your computer includes exploring the massive catalog of software available on the Internet"

    I would call the 15,000 packages or more on Debian repositories quite a massive catalog.

  6. Re:You don't see the problem. by tolan-b · · Score: 4, Informative

    It'd help if you actually understood the issue.

    MS is stopping *any* 3rd party security code from running, signed or un-signed, within the kernel.

    The anti-virus vendors are essentially having to hack Vista to get their code to work.

  7. Re:Idiotic on the part of the EU. by tokul · · Score: 4, Informative
    ...and aren't being given an equally bad architecture to help "protect" for a profit this go around.

    Antivirus does not make OS secure. It only tries to patch insecure OS. If Microsoft makes OS secure, EU commission and antivirus companies can't argue about it. If own antivirus solution is bundled instead of securing OS, it looks like monopoly abuse. It is possible that Microsoft is trying to help users, but company is known to use its market position against competitors. Any bundling will look suspicious.

    Apple is bundling everything ...

    Symantec is still selling NAV for Mac. I think Apple does not bundle antivirus.

  8. Re:Vista does do that.. by vadim_t · · Score: 4, Informative

    Linux security is very customizable.

    First of all, sudo is just a normal application, that can be replaced. Second, there's PAM, which allows you to plug pretty much anything into the security system. You can replace the mechanism for password entry, authenticate with a fingerprint or an USB flash drive, etc, and have it all automatically integrate with existent software -- you don't even need to patch tools like su and sudo to accept different authentication methods, as it's handled through PAM.

    Same goes for firewalling, nothing stops you from building whatever UI you want to talk to netfilter. You can ignore iptables completely, which is just an userspace tool.

    Then the kernel has a whole system of security hooks which is used by things like SELinux. New security models can be integrated.

  9. Re:I noticed the world despises Microsoft by crabpeople · · Score: 2, Informative

    "Obviously, Microsoft cannot win, ever"

    They make decent mice. Shitty keyboards though.. DAMN YOU F LOCK!!!

    --
    I'll just use my special getting high powers one more time...
  10. Re:Modularization by linebackn · · Score: 2, Informative

    And for those that recall what got them in trouble a while back with Windows Media Player could have easily been solved by adding:

    [_] Windows Media Player

    to the installer and add/remove screen. But what did they do? They they got all snotty and created "Windows Reduced Media Edition", a "special" version of Windows completely without WMP (not an option - just none).