Microsoft lifts lid on EC Vista probe

Microsoft lifts lid on EC Vista probe

Summary: The software giant has revealed that the EC raised potential anti-competition concern about four aspects of Vista

SHARE:
3

A senior Microsoft executive has revealed details of the European Commission's anti-competition probe into its upcoming Vista operating system.

Microsoft and the EC have been in protracted discussions regarding Vista since March, over the EC's concerns that parts of Vista may violate anti-competition laws.

"There were four different areas where the Commission gave feedback on Vista," said Ben Fathi, corporate vice president of the security technology unit at Microsoft Corp. "Two security components, and two other components."

The Commission was concerned that Windows Security Center would give Microsoft an unfair advantage by flashing up alerts which would guide consumers to buying Microsoft or Microsoft-endorsed security products.

"The EC wanted vendors to have the ability to disable alerts in Security Center. They are satisfied that we've provided those APIs (application programmable interfaces) to all of our security partners. We're completely open to that," Fathi told ZDNet UK, in an interview at the RSA security show in Nice on Tuesday.

The second Vista security area causing the EC concern was PatchGuard, or kernel patch protection, the code that prevents access to the Vista kernel. Security vendors McAfee and Symantec were incensed that they were banned from the kernel. The EC wanted Microsoft to disable this feature, but Microsoft refused.

"Kernel patch protection really is something we do not want to disable," said Fathi. "We told the EC this is something we are working on with our partners going forward," said Fathi. Microsoft has agreed to supply its security partners with APIs for any parts of Vista, according to Fathi.

"The [provision of the] APIs was executed on promises made to the EC," said Fathi.

The EC was also concerned about XML Paper Specification (XPS) which describes the formats and rules for distributing, archiving, rendering, and processing documents created in Microsoft's XPS format. The EC wanted to make XPS an open standard. However, Microsoft brokered a compromise whereby anyone can read or write documents using XPS, which is distributed under a royalty-free copyright licence, meaning it can be distributed freely once a licence has been obtained. Licence holders must agree to a "covenant not to sue" people who use XPS.

The EC also expressed concern about default upgrades from Internet Explorer (IE) 6 to IE7, according to Fathi. IE7 was launched last week, and is expected to be pushed out over Microsoft's Automatic Update system next month.

Microsoft was unable to confirm recent reports that the EC was also concerned about encryption on the Vista system, and handwriting recognition software, although a Microsoft spokesman told ZDNet UK that the handwriting recognition software bundled with Vista would come from a third party.

The EC told ZDNet UK earlier this month that it does have concerns about Microsoft Vista, but declined to give full details of those concerns because of the "delicate legal situation" surrounding the Vista anti-competition debate.

Commissioner Neelie Kroes discussed the situation with Microsoft chief executive Steve Ballmer in August, when she warned that the Commission could not give Vista a "green light" before it was launched.

Topic: Operating Systems

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • At least until Vista hits the market it's not officialy certain how well Microsoft respected all the other rules and regulations they should be well aware of by now.
    anonymous
  • How about having security centre simply link to a "universal" page which lists all currently known security solutions for vista IN ALPHABETICAL ORDER!!!!

    That way no company can say MS is trying to push its own OneCare service...although if they do that then you can expect a rush on www.aardvarksecurity.com :)
    anonymous
  • As for disabling Patchguard, the best solution to stop malware simply duplicating the disabling code, would be to allow it to be switched off only BEFORE vista boots...then have software vendors supply a key CD with a MASSIVE security key (containing an encrypted key several hundred megabytes long) which is inserted..the user then logs onto Vista as admin, the CD is processed and the disabling is allowed to go ahead.

    This would mean any malware would have to download literally HUNDREDS of megabytes of verification data to be able to disable Patchguard (which is pretty much impossible).

    It also means to disable patchguard you have to REALLY want to and can't just click a single YES button to do it...

    Although it would take a while for the initial patchguard CD processing, this is something that isn't done that often, and once done on a blank machine for a business, they can ghost the image across to the other PCs in their organization.
    anonymous