Oh, they would. But by then it'd be too late. If their competitors tried to take it to court, it'd take the better part of a decade to reach any kind of decision. See, for example, Netscape.
This is the entire entertainment industry -- we'd like to be able to sell content to customers and control how it is displayed per the license A good chunk of the software industry. -- we'd like to be able to sell software and not have to worry about piracy A huge percentage of enterprise -- we'd like to be able to have the same sorts of tracking with electronic documents we used to have with physical documents
I agree that those are important reasons for marketing to want SecureBoot, and use it as a sales argument. I just don't think it has practical importance in most cases, since there are so many ways to hack into a computer once the OS is up and running (and unlike installing a rootkit at boot, many of them can be executed remotely).
The threat to Linux is not the UEFI Bios being locked down. The Linux community has a 20 year record of handling that kind of nonsense with no problem.
I don't doubt the Linux developers will find a way to get around the technical problems. But Redhat apparently thought something as simple as disabling SecureBoot manually, would be enough to scare away some of their customers.
The threat to Linux is that Linux runs fine on these new protected computers but the data whether it be websites, or movies or school classes rejects the environment.
Well... isn't that easier than getting around hardware locks? Content can only be protected by encrypting it, and if legitimate users are to be able to access it, the decryption keys need to be stored in cleartext on their computers.
The only situation where I can see difficulties, is where the decryption is done directly in specialised hardware (such as accelerated video playback hardware).
Or are there difficulties I haven't realised? Are you talking about legal problems, such as patents being used to prevent third party software from accessing the data?
Microsoft is not going to lock people out of using alternative OSes on x86 hardware, in the same way they haven't stopped people from buying Word Perfect.
They don't make it impossible to run something, they just make it expensive or difficult enough to nudge the majority of users in the right direction.
For example, when Microsoft saw Netscape as a threat, they changed the licensing terms for Windows NT Workstation to make it impossible to run web servers on it. You could still run web servers on Windows NT Server, but when you bought NT Server you got a web server for free, so you didn't need Netscape's. Nobody was actually prevented from running Netscape's web server; Microsoft just made sure it didn't make financial sense for most users. (This was one of the practices the DoJ found to be anti-competitive.)
I know what Benjamin Franklin said, and that he's usually misquoted. But in the world of today, computers are essential for our liberties.
Today, when a government tries to suppress freedom of speech, censoring the Internet is probably its most important tool. The revolt in Syria was instigated on Facebook, and the regime tried to stop it by shutting down the Internet. China blocks foreign sites where their citizens can get the wrong ideas (including social networks), censors search results, and pressure foregin companies into censoring their services for Chinese users. People try to get around it by using proxies and P2P networks like Tor and Freenet, which are then outlawed, but it's hard to enforce the ban. If standard PC motherboards come equipped with the option to only run approved software, it'll be a useful tool in any oppressive governments' hands.
Trying to control what people can do with their computers is not really any different from trying to control a country's printing presses. The Internet is the equivalent of books and newspapers in the 21st century.
None of that answers the question "what do you think Red Hat can do about it"? Red Hat not supporting SecureBoot is not going to make SecureBoot go away, it is going to make Red Hat go away. How is that good for anyone?
I'm not blaming Red Hat. They're a for-profit company and can't be expected to act any other way. I'm just trying to make people aware of the problems with SecureBoot.
Now, certainly many hardware manufacturers will choose to do that (market forces and all), but not ALL of them will (or have to). In addition, you have a few other companies saying 'hmm, our customers would probably like to run our software on hardware that has our competitors logo - I guess we better enable that'. Do they have to do that? Of course not, but they are pretty stupid if they don't.
Historically, Microsoft has been able to convince their partners to exclude competitor's products.
For example, back in the days of OS/2, Microsoft used a licensing scheme where OEM manufacturers paid them per computer they shipped, not per copy of Windows. That meant OEM manufacturers had no reason to offer OS/2 on their computers, since they already had a Windows license for each one of them (and customers who specifically wanted OS/2 had to pay for both OSes).
Back in the days of Netscape, Microsoft changed the license terms of Windows NT Workstation to limit the number of simultaneous network connections, while at the same time bunding IIS Server with Windows NT Server. That meant anyone who wanted to run a web server on Windows, had to buy Windows NT Server, and then there was no reason to buy another web server software. It also meant a customer had to pay extra if they specifically wanted Netscape's web server software. (This was one of the things they were found guilty of in the US DoJ's anti-trust case.)
Microsoft has also been found guilty of explicitly asking their partners to stop bundling competitor's products, and using late deliveries as a way to pressure them.
Of course, I can't know that Microsoft will continue to use these kinds of methods to limit the number of OSes included in SecureBoot, since I can't see into the future. But I'd be very surprised if they didn't try.
Those who really want to run an alternative OS, will still be able to do it. But Secureboot could be used to make it too much hassle, too expensive, or too scary for the majority of users. You only need to make the competitor's option a little less attractive to nudge the market in the right direction.
There are US senators who have tried to outlaw P2P filesharing software, or make the software authors responsible for preventing piracy, since at least 2004 (CNet, Afterdawn). They're currently not close to succeeding, but the boundaries are constantly being pushed back. So far, we've seen web sites become responsible for what their users upload, then for what they're linking too, then search providers like Google became responsible for listing infringing material in their search results, and so on.
There have also been major attempts to mandate encryption with government backdoors in the United States (Clipper).
Smaller Linux versions, without the backing of a corporation, won't be able to afford signing or getting OEM manufacturers to include their keys.
You're right. I didn't realise it was that cheap. But once you have to go through Microsoft to get your key signed, you give them a lot of power, and they may change their mind at any time.
But most powerful software packages include languages.
That's a good point. But someone may still try to lock down personal computers for the >90% of users who are non-technical, and the technical users will also be hurt by it (for example, by not being able to install any OS they want). The ease with which a technical user could circumvent DRM, didn't stop the music companies from forcing it on users, and it didn't stop Microsoft from investing a lot of money into DRM.
I thought that the 'freedom's that are so important to FOSS are the freedoms of the USERS.
That too. I was just using the context of Benjamin Franklin's statement on giving up freedom to gain a little temporary security.
Once the system is in place, there are a number of players who'll be tempted to extend it and make it mandatory, which may hurt users' freedoms.
* Microsoft has an incentive to use SecureBoot to lock out competitors and squash small Linux distributions before they can get big. They can stay friends with RedHat and Canonical so they have someone to point to when someone claims they have a monopoly, while still never allowing them to become a threat. Much like when they bought shares in Apple. * The media industry wants to outlaw file sharing programs as soon as they have a chance to succeed. SecureBoot, together with the ability to only run approved programs in Windows Vista and up, will provide the means to enforce such a law. * The government may decide to outlaw hacking tools or encryption, or insist on backdoors they can eavesdrop through.
Implementing SecureBoot is like installing a mandated lock that someone else controls on every computer. Even if you're (initially) given the key to your own computer, you know it's not good and will be abused in one way or other.
Forced by whom? There hasn't been any outrage or criticism over the fact that root kits can be installed through the boot loader. There are far more (and far more criticised) holes when the OS has started up, including remote exploits.
Microsoft has to play nice to get other companies to play along, and to avoid accusations of monopoly practices. Once SecureBoot is in place, and Microsoft's competitors have to go to them to have their own bootloaders signed, Microsoft is free to change their mind.
How about doing it like SSH? The first time you install something with a new key it tells you "the key *blah* is unknown to the system. Do you want to proceed? yes/no". If you say "yes" it memorizes the key.
That's the best damn suggestion I've seen in this discussion.
I, for one, would really love the ability to secure boot a Linux system, knowing that every component is still exactly as it was when I last checked it and nobody has sneakily installed malware that secretly emails spam to all my friends and my financial details to carding sites.
You seriously believe email spammers and credit card stealers modify the boot loader?
99.9% of malware is spread through e-mail or web pages that exploit vulnerabilities in the OS, or by trojans. They can hide in almost any executable on the machine.
Is malware ever inserted by modifying the bootloader these days? I haven't heard about it since the day of boot loader viruses, and they spread through floppy disks..
The loss of freedom is that Canonical/RedHat now has to go through their competitor (Microsoft) every time they do an OS upgrade. It gives Microsoft power over them. Microsoft can change their mind at any time and make it more difficult to get new OS versions signed, or just threaten with it to make their competitors step in line.
Microsoft can also change their mind at any time and require their OEM manufacturers to make SecureBoot mandatory (i.e, not possible for the user to turn off).
Yes, you chose to let Microsoft sign your OS, but Microsoft created the conditions which caused that choice to be the least damaging for your business.
So the fact that they chose to pay Microsoft $80 rather than establish vendor relationships with every motherboard and BIOS manufacturer (as Microsoft did) creates a situation of force?
Establishing relationships with all the manufacturers would have been very expensive, if at all possible. Instead, they had to let Microsoft sign their keys, which gives Microsoft power over their competitors.
It increases the cost of business for Canonical/RedHat to negotiate with all the OEM manufacturers and get them to include their key.
If you're Microsoft and already have deals with all OEM manufacturers, the cost may be negligible, but if you're Canonical/RedHat and your OS comes pre-installed on less than 1% of desktops, it may not be practically possible.
This is true for anyone who wants to enter the market for desktop operating systems and potentially compete with Microsoft. In economical terms, the SecureBoot system raises the barrier of entry for the desktop OS market.
Because of Microsoft's history of anti-competitive behaviour, I'm also worried about what they'll do next. Once they have control over the SecureBoot system, they could work to make it mandatory, citing piracy as reason. They could also pressure the OEM manufacturers, inofficially, to say "no" when a competitor asks them to include their OS keys. They could make it slow and costly for competitors to get new OS versions signed. Smaller Linux versions, without the backing of a corporation, won't be able to afford signing or getting OEM manufacturers to include their keys.
I don't know what'll happen, but having control over SecureBoot seems like too much power to place in the hands of any company.
Then there's the risk that the state will abuse the system once it's in place. SecureBoot controls what OS can be run, and the OS can control what software can be run, using a system of checksums and signing keys. In fact, the technology for that is already in place in Windows Vista onwards, but for the moment, you only get a warning when you try to run an unknown executable. If the state decides to outlaw certain software (such as encryption, hacking tools or P2P file sharing programs), SecureBoot combined with Windows enables them to enforce that law. If that ever happens, it'd be very good for Microsoft, since it severely reduces competition in the OS market, and gives even more power to the company who handles the signing of their competitors' OS:es.
Where I live, you're allowed to drive faster than the speed limit when overtaking another vehicle. Is that true in the USA too?
Also, there are situations where you need to drive faster than the speed limit to avoid accidents. For example, if another vehicle is out of control and heading right at you.
So a car that starts behaving uncontrollably at 9MPH over the national speed limit seems to cut it a bit close. I certainly wouldn't want want to ride on a highway in a car like that.
So how does having a desktop monopoly facilitate Microsoft's move on ARM?
I'm not so familiar with the facts of the case, so I'm only speaking hypothetically, but Microsoft could use their monopoly on desktop OS:es as leverage when they negotiate with OEM manufacturers, and get them to lock down ARM devices.
Both these things are often complained about, but the only other way is to store full chat logs on the server, so that they can be pushed to all clients later when they come online. This would also make history sync always work on all clients. But it, of course, means that your chat logs are now subject to subpoenas, NSA security letters, and whatever else the government has at its disposal.
You could solve this with public key encryption, if you really wanted to. The chat messages could be stored on the server encrypted with the sender's and the receiver's public keys, separately.
Jumping off a geostationary would involve pushing oneself down towards earth, slowly picking up vertical speed (now I have heard before that it doesn't work exactly like that but I'm not a rocket scientist and it's not important for the sake of the argument).
If we discount friction (wind resistance), this is not enough to reach the surface of the Earth. The momentum gained when pushing down from the space station, will only move the jumper very slowly towards the Earth, and once he has orbited half a revolution and is on the other side of the Earth, the same momentum will take him *away* from Earth again. The net effect is that the orbit will become slighty elliptical.
I doubt he will reach the surface in a reasonable amount of time even if we take friction into account.
Microsoft's tactics were of a different kind. They did things like locking out competitors through deals with retailers, and paid for smear campaigns, which got them convicted several times.
Apple's tactics are more straightforward: they use the law to their benefit without trying to hide anything (as far as I know).
If Apple is Lawful Evil, then Microsoft is Chaotic or Neutral Evil, using the law or flouting it as it benefits them. So far, I think Microsoft still leads the league for Evil.
Slashdot Mirror
Oh, they would. But by then it'd be too late. If their competitors tried to take it to court, it'd take the better part of a decade to reach any kind of decision. See, for example, Netscape.
This is the entire entertainment industry -- we'd like to be able to sell content to customers and control how it is displayed per the license
A good chunk of the software industry. -- we'd like to be able to sell software and not have to worry about piracy
A huge percentage of enterprise -- we'd like to be able to have the same sorts of tracking with electronic documents we used to have with physical documents
I agree that those are important reasons for marketing to want SecureBoot, and use it as a sales argument. I just don't think it has practical importance in most cases, since there are so many ways to hack into a computer once the OS is up and running (and unlike installing a rootkit at boot, many of them can be executed remotely).
The threat to Linux is not the UEFI Bios being locked down. The Linux community has a 20 year record of handling that kind of nonsense with no problem.
I don't doubt the Linux developers will find a way to get around the technical problems. But Redhat apparently thought something as simple as disabling SecureBoot manually, would be enough to scare away some of their customers.
The threat to Linux is that Linux runs fine on these new protected computers but the data whether it be websites, or movies or school classes rejects the environment.
Well... isn't that easier than getting around hardware locks? Content can only be protected by encrypting it, and if legitimate users are to be able to access it, the decryption keys need to be stored in cleartext on their computers.
The only situation where I can see difficulties, is where the decryption is done directly in specialised hardware (such as accelerated video playback hardware).
Or are there difficulties I haven't realised? Are you talking about legal problems, such as patents being used to prevent third party software from accessing the data?
Microsoft is not going to lock people out of using alternative OSes on x86 hardware, in the same way they haven't stopped people from buying Word Perfect.
They don't make it impossible to run something, they just make it expensive or difficult enough to nudge the majority of users in the right direction.
For example, when Microsoft saw Netscape as a threat, they changed the licensing terms for Windows NT Workstation to make it impossible to run web servers on it. You could still run web servers on Windows NT Server, but when you bought NT Server you got a web server for free, so you didn't need Netscape's. Nobody was actually prevented from running Netscape's web server; Microsoft just made sure it didn't make financial sense for most users. (This was one of the practices the DoJ found to be anti-competitive.)
I know what Benjamin Franklin said, and that he's usually misquoted. But in the world of today, computers are essential for our liberties.
Today, when a government tries to suppress freedom of speech, censoring the Internet is probably its most important tool. The revolt in Syria was instigated on Facebook, and the regime tried to stop it by shutting down the Internet. China blocks foreign sites where their citizens can get the wrong ideas (including social networks), censors search results, and pressure foregin companies into censoring their services for Chinese users. People try to get around it by using proxies and P2P networks like Tor and Freenet, which are then outlawed, but it's hard to enforce the ban. If standard PC motherboards come equipped with the option to only run approved software, it'll be a useful tool in any oppressive governments' hands.
Trying to control what people can do with their computers is not really any different from trying to control a country's printing presses. The Internet is the equivalent of books and newspapers in the 21st century.
None of that answers the question "what do you think Red Hat can do about it"? Red Hat not supporting SecureBoot is not going to make SecureBoot go away, it is going to make Red Hat go away. How is that good for anyone?
I'm not blaming Red Hat. They're a for-profit company and can't be expected to act any other way. I'm just trying to make people aware of the problems with SecureBoot.
Now, certainly many hardware manufacturers will choose to do that (market forces and all), but not ALL of them will (or have to). In addition, you have a few other companies saying 'hmm, our customers would probably like to run our software on hardware that has our competitors logo - I guess we better enable that'. Do they have to do that? Of course not, but they are pretty stupid if they don't.
Historically, Microsoft has been able to convince their partners to exclude competitor's products.
For example, back in the days of OS/2, Microsoft used a licensing scheme where OEM manufacturers paid them per computer they shipped, not per copy of Windows. That meant OEM manufacturers had no reason to offer OS/2 on their computers, since they already had a Windows license for each one of them (and customers who specifically wanted OS/2 had to pay for both OSes).
Back in the days of Netscape, Microsoft changed the license terms of Windows NT Workstation to limit the number of simultaneous network connections, while at the same time bunding IIS Server with Windows NT Server. That meant anyone who wanted to run a web server on Windows, had to buy Windows NT Server, and then there was no reason to buy another web server software. It also meant a customer had to pay extra if they specifically wanted Netscape's web server software. (This was one of the things they were found guilty of in the US DoJ's anti-trust case.)
Microsoft has also been found guilty of explicitly asking their partners to stop bundling competitor's products, and using late deliveries as a way to pressure them.
Of course, I can't know that Microsoft will continue to use these kinds of methods to limit the number of OSes included in SecureBoot, since I can't see into the future. But I'd be very surprised if they didn't try.
Those who really want to run an alternative OS, will still be able to do it. But Secureboot could be used to make it too much hassle, too expensive, or too scary for the majority of users. You only need to make the competitor's option a little less attractive to nudge the market in the right direction.
There are US senators who have tried to outlaw P2P filesharing software, or make the software authors responsible for preventing piracy, since at least 2004 (CNet, Afterdawn). They're currently not close to succeeding, but the boundaries are constantly being pushed back. So far, we've seen web sites become responsible for what their users upload, then for what they're linking too, then search providers like Google became responsible for listing infringing material in their search results, and so on.
There have also been major attempts to mandate encryption with government backdoors in the United States (Clipper).
Ok, it may be a big thing with security experts, but so far it's mostly theoretical, and there are far bigger issues with Windows security.
Smaller Linux versions, without the backing of a corporation, won't be able to afford signing or getting OEM manufacturers to include their keys.
You're right. I didn't realise it was that cheap. But once you have to go through Microsoft to get your key signed, you give them a lot of power, and they may change their mind at any time.
But most powerful software packages include languages.
That's a good point. But someone may still try to lock down personal computers for the >90% of users who are non-technical, and the technical users will also be hurt by it (for example, by not being able to install any OS they want). The ease with which a technical user could circumvent DRM, didn't stop the music companies from forcing it on users, and it didn't stop Microsoft from investing a lot of money into DRM.
I thought that the 'freedom's that are so important to FOSS are the freedoms of the USERS.
That too. I was just using the context of Benjamin Franklin's statement on giving up freedom to gain a little temporary security.
Once the system is in place, there are a number of players who'll be tempted to extend it and make it mandatory, which may hurt users' freedoms.
* Microsoft has an incentive to use SecureBoot to lock out competitors and squash small Linux distributions before they can get big. They can stay friends with RedHat and Canonical so they have someone to point to when someone claims they have a monopoly, while still never allowing them to become a threat. Much like when they bought shares in Apple.
* The media industry wants to outlaw file sharing programs as soon as they have a chance to succeed. SecureBoot, together with the ability to only run approved programs in Windows Vista and up, will provide the means to enforce such a law.
* The government may decide to outlaw hacking tools or encryption, or insist on backdoors they can eavesdrop through.
Implementing SecureBoot is like installing a mandated lock that someone else controls on every computer. Even if you're (initially) given the key to your own computer, you know it's not good and will be abused in one way or other.
Forced by whom? There hasn't been any outrage or criticism over the fact that root kits can be installed through the boot loader. There are far more (and far more criticised) holes when the OS has started up, including remote exploits.
Is that a legal requirement for monopoly abuse? That the monopolist does something someone without a monopoly couldn't normally do?
Microsoft has to play nice to get other companies to play along, and to avoid accusations of monopoly practices. Once SecureBoot is in place, and Microsoft's competitors have to go to them to have their own bootloaders signed, Microsoft is free to change their mind.
How about doing it like SSH? The first time you install something with a new key it tells you "the key *blah* is unknown to the system. Do you want to proceed? yes/no". If you say "yes" it memorizes the key.
That's the best damn suggestion I've seen in this discussion.
If you verify everything you download before running it, why do you need SecureBoot?
I, for one, would really love the ability to secure boot a Linux system, knowing that every component is still exactly as it was when I last checked it and nobody has sneakily installed malware that secretly emails spam to all my friends and my financial details to carding sites.
You seriously believe email spammers and credit card stealers modify the boot loader?
99.9% of malware is spread through e-mail or web pages that exploit vulnerabilities in the OS, or by trojans. They can hide in almost any executable on the machine.
Is malware ever inserted by modifying the bootloader these days? I haven't heard about it since the day of boot loader viruses, and they spread through floppy disks..
The loss of freedom is that Canonical/RedHat now has to go through their competitor (Microsoft) every time they do an OS upgrade. It gives Microsoft power over them. Microsoft can change their mind at any time and make it more difficult to get new OS versions signed, or just threaten with it to make their competitors step in line.
Microsoft can also change their mind at any time and require their OEM manufacturers to make SecureBoot mandatory (i.e, not possible for the user to turn off).
Yes, you chose to let Microsoft sign your OS, but Microsoft created the conditions which caused that choice to be the least damaging for your business.
So the fact that they chose to pay Microsoft $80 rather than establish vendor relationships with every motherboard and BIOS manufacturer (as Microsoft did) creates a situation of force?
Establishing relationships with all the manufacturers would have been very expensive, if at all possible. Instead, they had to let Microsoft sign their keys, which gives Microsoft power over their competitors.
It increases the cost of business for Canonical/RedHat to negotiate with all the OEM manufacturers and get them to include their key.
If you're Microsoft and already have deals with all OEM manufacturers, the cost may be negligible, but if you're Canonical/RedHat and your OS comes pre-installed on less than 1% of desktops, it may not be practically possible.
This is true for anyone who wants to enter the market for desktop operating systems and potentially compete with Microsoft. In economical terms, the SecureBoot system raises the barrier of entry for the desktop OS market.
Because of Microsoft's history of anti-competitive behaviour, I'm also worried about what they'll do next. Once they have control over the SecureBoot system, they could work to make it mandatory, citing piracy as reason. They could also pressure the OEM manufacturers, inofficially, to say "no" when a competitor asks them to include their OS keys. They could make it slow and costly for competitors to get new OS versions signed. Smaller Linux versions, without the backing of a corporation, won't be able to afford signing or getting OEM manufacturers to include their keys.
I don't know what'll happen, but having control over SecureBoot seems like too much power to place in the hands of any company.
Then there's the risk that the state will abuse the system once it's in place. SecureBoot controls what OS can be run, and the OS can control what software can be run, using a system of checksums and signing keys. In fact, the technology for that is already in place in Windows Vista onwards, but for the moment, you only get a warning when you try to run an unknown executable. If the state decides to outlaw certain software (such as encryption, hacking tools or P2P file sharing programs), SecureBoot combined with Windows enables them to enforce that law. If that ever happens, it'd be very good for Microsoft, since it severely reduces competition in the OS market, and gives even more power to the company who handles the signing of their competitors' OS:es.
Where I live, you're allowed to drive faster than the speed limit when overtaking another vehicle. Is that true in the USA too?
Also, there are situations where you need to drive faster than the speed limit to avoid accidents. For example, if another vehicle is out of control and heading right at you.
So a car that starts behaving uncontrollably at 9MPH over the national speed limit seems to cut it a bit close. I certainly wouldn't want want to ride on a highway in a car like that.
So how does having a desktop monopoly facilitate Microsoft's move on ARM?
I'm not so familiar with the facts of the case, so I'm only speaking hypothetically, but Microsoft could use their monopoly on desktop OS:es as leverage when they negotiate with OEM manufacturers, and get them to lock down ARM devices.
If Microsoft is defeated in EU courts, it could still help you a little back home, if nothing else by serving as an example.
Both these things are often complained about, but the only other way is to store full chat logs on the server, so that they can be pushed to all clients later when they come online. This would also make history sync always work on all clients. But it, of course, means that your chat logs are now subject to subpoenas, NSA security letters, and whatever else the government has at its disposal.
You could solve this with public key encryption, if you really wanted to. The chat messages could be stored on the server encrypted with the sender's and the receiver's public keys, separately.
I wouldn't say he intentionally encouraged piracy, but he must have been aware that he derived most of his income from piracy.
Jumping off a geostationary would involve pushing oneself down towards earth, slowly picking up vertical speed (now I have heard before that it doesn't work exactly like that but I'm not a rocket scientist and it's not important for the sake of the argument).
If we discount friction (wind resistance), this is not enough to reach the surface of the Earth. The momentum gained when pushing down from the space station, will only move the jumper very slowly towards the Earth, and once he has orbited half a revolution and is on the other side of the Earth, the same momentum will take him *away* from Earth again. The net effect is that the orbit will become slighty elliptical.
I doubt he will reach the surface in a reasonable amount of time even if we take friction into account.
Microsoft's tactics were of a different kind. They did things like locking out competitors through deals with retailers, and paid for smear campaigns, which got them convicted several times.
Apple's tactics are more straightforward: they use the law to their benefit without trying to hide anything (as far as I know).
If Apple is Lawful Evil, then Microsoft is Chaotic or Neutral Evil, using the law or flouting it as it benefits them. So far, I think Microsoft still leads the league for Evil.