Days After Entering 12-Step Program, Microsoft Falls Off Wagon
Whatever happened to the "12 tenets," announced just 10 days ago, that were supposed to help a seemingly humbled and repentant Microsoft assume a more ethical stance toward allowing competition? Could it be that its self-imposed 12-step program has already failed to cure Microsoft of its monopolistic impulses?
Whatever happened to the "12 tenets," announced just 10 days ago, that were supposed to help a seemingly humbled and repentant Microsoft assume a more ethical stance toward allowing competition? Could it be that its self-imposed 12-step program has already failed to cure Microsoft of its monopolistic impulses?First case in point: the amusing news--posted by a TechWeb reporter--that the preview of Microsoft's newly renovated home page provided Internet Explorer users with a new search tool and site guide, while users of the open-source Firefox browser were insulted with a "We're sorry, the page you requested could not be found" error message.
(Shortly after this news item appeared, the problem was fixed, but not before some dry and very funny comments were posted on the bink.nu site. Its motto: "Watching Microsoft like a hawk.")
Then there was the more serious accusation that new security initiatives implemented by Microsoft will make it hard for third-party security tools to be integrated with Windows.
This means that those of us (which is all of us) who have long relied on the much-needed security protection delivered by third-party vendors could soon be dependent on the security remedies delivered by the very company at the root of the problems. A circular statement, but one that illustrates the absurdity--or worse--of Microsoft's actions.
Let's look at the relevant "tenet" (No. 1 of 12) to see how well Microsoft is managing to avoid temptation to succumb to its previous vices:
Computer manufacturers and customers are free to add any software to PCs that run Windows. More broadly, every computer manufacturer and customer is free to install and promote any operating system, any application, and any Web service on PCs that run Windows. Ultimately, end users are free to choose which software they prefer to use.
Given that generous (and long-overdue) statement, let's focus on this week's more troubling allegation: that one of the new security protections offered by Vista--one that prevents something called "kernel patching" by non-Microsoft programmers--will force security vendors to resort to hacking techniques to make their applications integrate seamlessly with the next-generation operating system.
This was first reported by firewall vendor Agnitum on its Web site, then picked up by U.K. site The Register and widely disseminated around the Web over the weekend. Disclosure: Agnitum provides a firewall that will be directly threatened by Vista's built-in security features, which will "obviate the need for most third-party firewalls," according to the Yankee Group.
Kernel patching is when software developers--or worse, hackers--replace code in the kernel of Windows with unknown code or data. ("Unknown code or data" is defined by Microsoft as anything non-Microsoft.) Microsoft's Kernel Patch Protection is designed to prevent that.
The problem, according to Agnitum--which, despite its potential conflict of interest, is highly respected in the security industry--is that third-party firewall vendors routinely need to get control over low-level system activities. Previous versions of Windows allowed them to do this. But this new security measure would make it much more difficult for them to do that legitimately, even though it would do nothing to deter sophisticated unscrupulous hackers from doing their nefarious deeds. According to Agnitum, software makers could still reverse-engineer access to the kernel, but that would have the potential to raise serious compatibility issues for their security products.
As many, many bloggers have pointed out, this smells suspiciously like a protection racket. You've got a multibillion-dollar industry built up around the fact that there are major security flaws in Windows. And you have Microsoft entering that market with products and services of its own--ones that will apparently emasculate the very people who have provided us (albeit for a fee) with very important help all these years.
To be fair to Microsoft, a number of developers and analysts have weighed in with the argument that its move is a step in the right direction--after all, anything that makes the operating system more secure is a good thing, and who wants the existing kernel loophole available to just anyone with a keyboard? Security vendors will just have to adjust, they say.
What do you think? Is this just a tempest in a teapot? Or should Microsoft pay closer attention to its own high-minded principles before making important changes to Windows that could significantly impact competitors? Let me know what you think.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.