Symantec Suit Against Microsoft Symbolizes Security Shift
Several years of negotiations over Microsoft's right to use Symantec's Volume Manager software boiled over last week when Symantec filed a lawsuit that threatens to keep Microsoft from further developing and distributing Vista and Longhorn.
It hasn't taken Microsoft long to make powerful enemies in the IT security market, where the company hopes to play a much larger role when it delivers Windows Vista and Longhorn Server. Several years of negotiations over Microsoft's right to use Symantec's Volume Manager software in Windows boiled over last week when Symantec filed a lawsuit that threatens to keep Microsoft from further developing and distributing its much-anticipated and often-delayed Vista and Longhorn.
Although the suit centers on a long-standing storage management software contract dispute between Microsoft and Veritas, which Symantec acquired last year, there's no question that additional delays in Vista's debut would benefit Symantec's security business, or at least buy the company time to further diversify its offerings. While the companies claim to continue to be technology partners, Microsoft's designs on the security market are clear. "If you look at our investment in the next version of Windows, security would jump out as the thing we've spent the most time on," Microsoft chairman and chief software architect Bill Gates said in February at the RSA Security conference. "Microsoft has a big responsibility here."
Symantec says it turned to the courts as a last resort when the two companies reached an impasse. "We've been in discussions with Microsoft for well over a year," says Michael Schallop, director of legal affairs at Symantec. "Only recently have both sides seen that we aren't able to reach an agreement." Ultimately, there were differences in the legal interpretation of a 1996 agreement between Microsoft and Veritas. Schallop acknowledges that going through the courts isn't necessarily the most efficient way to resolve the dispute, but says Symantec saw no other way at this time. He also noted that the two companies could return to the negotiation table to avoid a lengthy trial.
Symantec isn't looking for an all-out war against Microsoft and plans to maintain partnerships in areas not related to the case. "Our intent is not to delay the launch of Vista but, rather to protect our intellectual property," Schallop says. "The idea was not to give Microsoft our IP so that it could be used against us."
Still, the appeal to delay Vista is there in the lawsuit, filed in the U.S. District Court for the Western District of Washington State. The suit seeks a jury trial against Microsoft on eight different alleged offenses, including trade secret misappropriation, breach of contract, copyright infringement, and patent infringement.
The suit in colorful yet direct language alleges that, "over the course of nearly a decade, Microsoft has deliberately and surreptitiously misappropriated" Symantec's data storage technologies, misled the U.S. government into issuing patents to Microsoft based on technologies invented by Symantec, attempted unsuccessfully to persuade Symantec to forgive Microsoft's "misdeeds" under the guise of expanding their business relationship, and built portions of its next-generation operating system "on this house of cards."
Microsoft CEO Steve Ballmer on Monday downplayed the suit, saying it won't delay Windows Vista from launching later this year and early in 2007.
Of course, Microsoft doesn't need any help from Symantec when it comes to delaying the next version of Windows. Vista has been delayed several times, with the latest announced in March. Then, Microsoft said Vista--which is to be available to enterprise customers in November, and to consumers in January 2007--was pushed back even further to better accommodate Microsoft's software partners.
Although Microsoft declined to be interviewed for this story, a statement on the company's Web site asserts Microsoft's belief that "the facts will show that Microsoft's actions were proper and are fully consistent with the contract between Veritas and Microsoft." Microsoft contends that Symantec's claims are "unfounded" because Microsoft purchased intellectual property rights for all relevant technologies from Veritas in 2004. The 1996 contract gave Microsoft the option to buy out the rights to Veritas' code and intellectual property rights, Microsoft claims, adding that in 2004 Microsoft exercised that right and purchased the intellectual property rights.
At the heart of the dispute is a document unambiguously entitled "Microsoft Corporation Development and License Agreement with Veritas Software Corporation." The problem is in the interpretation of this document, which the companies have been arguing over for the past two years, even before Symantec entered the fray by acquiring Veritas in July 2005.
The decade that the deal between Veritas and Microsoft spans is an eternity in the IT world during which technologies, strategies, and markets change drastically. "In the computer business, 10 years is three generations," says Bruce Sunstein, co-founder of Bromberg & Sunstein LLP and head of that law firm's patent practice group. Symantec's decision to turn to the courts provides no shortcut to resolving its dispute with Microsoft. "It could take years even before their case goes to trial, which could last another three years," he adds. As a result, it's unlikely that Symantec and Microsoft will leave their fate in the hands of some future jury. "This is a case that both companies want to settle because they have an existing relationship." The sticking point is that Microsoft and Symantec now see one another as competitors more so than they have in the past.
There's no question that Microsoft will soon butt heads with a significant portion of the IT security software market as Vista includes new anti-virus, anti-spyware, and other security features. "Microsoft is thinking hard about moving aggressively into the security space," says Martin Roesch, chief technology officer of Sourcefire and creator of open source Snort intrusion detection software. He adds that companies like Symantec can't afford to give away large portions of market share to Microsoft, which is why he's not surprised Symantec has turned to the courts to resolve their dispute.
Microsoft is also eyeing the network security where Sourcefire plays. Microsoft last week revealed plans to buy Whale Communications Ltd., which specializes in providing secure sockets layer virtual private network appliances as well as Web application firewalls, a key security tool for companies fighting much-maligned SQL injection attacks.
Microsoft's ties to Veritas mirror the company's emerging success over the past decade in selling to large businesses. In the early 1990s, Microsoft's bid to sell more of its products to businesses required Windows to include more sophisticated storage management capabilities than could be found in Windows NT, which debuted in 1993. Meanwhile, Veritas' Volume Manager software allowed data to be stored and retrieved across a number of disparate types of storage devices, a trick that came in handy for companies that built their storage systems using a variety of platforms and operating systems. Symantec's suit alleges that in 1996 Microsoft approached Veritas about licensing certain capabilities of Volume Manager technology--what the suit refers to as "a simplified version" containing a "subset of features"--for use in Windows NT and subsequent versions of Windows.
Symantec claims Microsoft licensed certain features of Volume Manager to replace and improve upon Windows FT Disk technology, which didn't scale as well as Volume Manager. The agreement between Veritas and Microsoft stipulated that Veritas would provide Microsoft with the full version of Volume Manager source code with certain features disabled, as well as a specific list of Volume Manager features that could be included in Windows. Microsoft was prohibited by the agreement from developing products that competed with Veritas products and, for a period of time, from using Microsoft engineers who had access to Volume Manager source code to develop competing products, Symantec says.
In 1999, Veritas and Microsoft amended their agreement, obliging Veritas to provide a minimum of five engineers at Microsoft's Redmond offices to teach Microsoft engineers more about Volume Manager and help them test its Logical Disk Manager storage management software embedded in Windows 2000. Symantec alleges that after the release of Windows 2000, Microsoft was less willing to share with Veritas information about the further development of Logical Disk Manager and this hindered Veritas' ability to develop its own products to work with Windows. Microsoft subsequently developed its own Virtual Disk Space, Volume Shadow Copy Service, and Logical Volume Manager products that competed with Veritas.
The tension between Microsoft and Veritas came to a head at the 2004 Windows Hardware Engineers Conference, or WinHEC, where Microsoft provided a version of its upcoming Vista and Longhorn versions of Windows to WinHEC members. Based on this code, Veritas determined that the new versions of Windows included features, including a common interface for hardware and software RAID volumes, that were in violation of Microsoft's licensing agreement with Veritas. The company claims also to have learned in 2004 that Microsoft had five years earlier filed U.S. patent applications that included Veritas intellectual property.
"Each side wants leverage," Sunstein says. "You can certainly say litigation is Symantec's leverage, while Microsoft's leverage involves trying to file patents. For Symantec, this is about survival as Microsoft threatens to move more into Symantec's space."
Although Symantec was aware of Veritas' feud with Microsoft, Symantec decided to bring Veritas into the fold nonetheless. Symantec wanted to add data protection, storage management, high availability, disaster recovery, and application performance management technologies to its already extensive portfolio of security products.
Resolution of Symantec's legal action against Microsoft could be settled tomorrow or years from now. Either way, the gloves are off as incumbent vendors brace for Microsoft's cannonball into the IT security pool.
Building A Mobile Business MindsetAmong 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.
InformationWeek Must Reads Oct. 21, 2014InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.