Microsoft faces its next antitrust front


Less than a decade and hundreds of millions of dollars in penalties later, software giant Microsoft Corp. may have yet another antitrust battle looming over its head.

This time, the Redmond, Wash.-based company is treading on thin ice with its security-related initiatives. Industry observers say Microsoft’s foray into the security software market, coupled with certain protection features it has embedded on the recently launched Windows Vista operating system (OS), give third-party security vendors “legitimate” cause for concern.

One area of contention is Microsoft’s PatchGuard feature for Windows Vista’s 64-bit edition. PatchGuard is a kernel patch protection feature that prevents the OS kernel from being accessed or modified by other software.

Certain types of attack pro-grams are able to accomplish their malicious intent on a system by embedding themselves in the kernel. Microsoft contends that PatchGuard plays an important role in ensuring the security of Vista by locking down the OS core and preventing kernel-level attacks.

A number of third-party security software offerings, however, need access to the kernel to enable certain security functionalities, such as behavioural host-based intrusion prevention system (HIPS) and host-based content monitoring and filtering (CMF).

“We see a legitimate concern,” wrote Gartner Inc. analysts Neil MacDonald and John Pescatore, in a news analysis document entitled, McAfee Ad Highlights Ongoing Microsoft Security Skirmish. While PatchGuard may affect the performance of third-party security software, it does not affect any Microsoft security products since it does not offer HIPS or CMF functions, the analysts pointed out.


The European Union (EU) antitrust authority, which already fined Microsoft over US$600 million for antitrust violations in 2004, is keeping a close watch on the software giant.

In September of last year, European Commission spokesperson Jonathan Todd cautioned Microsoft about maintaining certain Vista security features that can run counter to EU antitrust regulations.

Microsoft has since made public commitments to work with security vendors and release application programming interfaces (APIs) that will allow third-party security software to work around the PatchGuard protection.

But the manner in which Microsoft delivers on this promise is vital if the company is intent on avoiding further antitrust questions.

“If Microsoft is slow to deliver these capabilities (for PatchGuard workaround) or fails to meaningfully collaborate (with security software vendors), it risks further antitrust concerns,” said Gartner analyst MacDonald.

While Microsoft has not made any firm commitment on a timeline for releasing the PatchGuard-related APIs, it did say it will deliver these new capabilities with Vista Service Pack 1, which is expected to be released in early 2008.

Still, Microsoft contends its move to make Vista and its other products more secure is in the best interest of its customers and the industry.

“We need to be able to do the work where it makes the most sense. This isn’t an antitrust matter; this is about really solving computer users’ needs as much as possible,” stressed Antoine Leblond, a corporate vice-president at Microsoft Corp.

Leblond added that having a “healthy partner community in the world of security is very, very important and we have no intention nor desire to do anything that will harm that partner community.”


It is not only the built-in security features of Vista that EU antitrust regulators are warning Microsoft about. Commission spokesperson Todd has also cautioned Microsoft against bundling its own security software products into Vista.

This may constitute similar antitrust issues brought up when Microsoft bundled its own Windows Media Player with Windows XP, for which the EU found Microsoft to be in violation of antitrust regulations in 2004.

EU competition regulators should be cautious about antitrust complaints brought forth by Microsoft’s competitors, said Stan Liebowitz, research fellow at The Independent Institute in Oakland, Calif. “Almost everyone would agree that the last thing [the EU would] want is to allow competitors to run [the antitrust investigations] because [competitors] never want more competition; they always want less.”

One Canadian Competition Law expert agreed with Liebowitz. “At the end of the day, the main policy considerations should be in the interest of the customers. That doesn’t mean, however, that when competing producers bring complaints (to the antitrust body) that they’re thinking always of the consumer interest,” said Anthony Vanduzer, associate professor at the University of Ottawa’s Faculty of Law.

Quicklink 068770

— With files from IDG News Service


Related Download
Improving the State of Affairs With Analytics Sponsor: SAS
Improving the State of Affairs With Analytics
Download this case study-rich white paper to learn why data management and analytics are so crucial in the public sector, and how to put it to work in your organization.
Register Now