November 04, 2002


The Microsoft anti-trust saga continues. Read about it everywhere. (Media Unspun – second story)

Two points:
1. Judge Colleen Kollar-Kotelly will be retaining jurisdiction over MS’s compliance with the original agreement.
2. The 9 states gunning for more got rejected in asking for more.

What this means for the security world...

A few months ago, Jim Alchin of MS testified that MS was unable to release details of an API for “security reasons.” My recommendation to Judge Kollar-Kotelly: Anytime Microsoft asks you to support them in holding back due to “security concerns” ask for the following:

- A review from an independent party able to conduct a thorough analysis*
- A detailed plan on how they plan on fixing the problem in order to comply with the settlement.

* Actually finding a truly independent party may be difficult as all security-engineering firms of significance either already do work or are trying to do work for Microsoft. Perhaps places like the NSA - that already serve as security advocates for government customers - can help. (Or maybe not, I'm guessing there is a fair amount of red tape between the judiciary and the NSA.)

One other interesting analysis not included in the Media Unspun list comes from today's issue of the laissez faire think tank CEI's C:\Spin newsletter. James V. DeLong, the author of that newsletter believes enforcing the orginal agreement will highten the current middleware guerilla war. I believe Microsoft will use security as a primary weapon in the war and it will come back to bite them in the end.

Posted by Abner on November 4, 2002 12:40 PM
Comments ARE BROKEN Send email instead - Thanks!

Recent Entries
iPhone's SIM Locks: Hardware vs. Software vs. Lawyers
Even (or especially) contests could use a security review
Vendors Responses: Voting Machines and the Pwnie Awards
Dude "Security Rocks"
iPhone Wi-Fi Vulnerability
Harry Potter Security
iPhone Hacking & Fustrations
Let the iPhone Hacking Begin
Geer heads to Washington, Again
This Just In: DRM still doesn't work
Phishing meets Internet Advertising
How long to unlock the iPhone Operating System?
Predictive Markets For Politics
The Irony of Phone Security Google Ads
Why Biometric Fingerprint Readers Are A Waste
How to Blag an Interview
Yet another Boston marketing flub
MAC vs. Vista Security
The latest in physical security
Data Loss Archive
Guerrilla Marketing Backfires in Boston
NY Times on the "Market" For Software Vulnerabilities
Not marketing security, marketing *during* security