November 04, 2002
Microlegalities
The Microsoft anti-trust saga continues. Read about it everywhere. (Media Unspun – second story)
Two points:
1. Judge Colleen Kollar-Kotelly will be retaining jurisdiction over MS’s compliance with the original agreement.
2. The 9 states gunning for more got rejected in asking for more.
What this means for the security world...
A few months ago, Jim Alchin of MS testified that MS was unable to release details of an API for “security reasons.” My recommendation to Judge Kollar-Kotelly: Anytime Microsoft asks you to support them in holding back due to “security concerns” ask for the following:
- A review from an independent party able to conduct a thorough analysis*
- A detailed plan on how they plan on fixing the problem in order to comply with the settlement.
* Actually finding a truly independent party may be difficult as all security-engineering firms of significance either already do work or are trying to do work for Microsoft. Perhaps places like the NSA - that already serve as security advocates for government customers - can help. (Or maybe not, I'm guessing there is a fair amount of red tape between the judiciary and the NSA.)
One other interesting analysis not included in the Media Unspun list comes from today's issue of the laissez faire think tank CEI's C:\Spin newsletter. James V. DeLong, the author of that newsletter believes enforcing the orginal agreement will highten the current middleware guerilla war. I believe Microsoft will use security as a primary weapon in the war and it will come back to bite them in the end.