Microsoft Security Antitrust Concerns Heat Up

By Matt Hines  |  Posted 2006-10-03

Microsoft Security Antitrust Concerns Heat Up

With rivals complaints over Microsofts move into the security applications space growing louder nearly every day, antitrust analysts said it appears likely that the software giant may soon again be locked in a battle to defend its business practices to government regulators.

In Europe, where Microsoft continues to battle with legislators over the terms of its 2004 antitrust settlement, regulators have already begun warning the firm against any efforts aimed at thinning competition in security market via the addition of security measures to Vista, the companys next-generation operating system, which is due out in November 2006.

And in the United States, rivals in the security applications market, including segment leaders and longtime Microsoft partners McAfee and Symantec, have begun publicly expressing similar concerns over the software giants future business plans as it builds a wide variety of security features into the OS.

Most recently, McAfee executives went on the offensive Oct. 3, questioning the implications of its partners intentions with Vista in a televised debate with the companys top security expert, Ben Fathi, corporate vice president of the Microsofts Security Technology Unit, and making the rounds with IT industry publications and analysts to make the companys concerns understood.

The security software maker contends that at least two elements of Vista, known as PatchGuard and Windows Security Center, will limit the ability of McAfee and other third-party vendors to integrate with the OS and continue to build technologies that offer comprehensive protection for computers running on Microsofts latest software.

Click here to read more about McAfees complaints about Vista security policies.

The lack of integration could put McAfee and others at a competitive disadvantage as Microsoft builds its own security applications into Vista, which is expected to gain the same dominant market share as its existing Windows platforms, McAfee officials said.

As the number of firms expressing such anxiety over Microsofts tactics with Vista and its other security products increases, so will the likelihood that the software giant will once again find itself defending its business strategies to regulators, experts believe, as it did in the late 90s over the inclusion of its Internet Explorer Web browser in the Windows OS, and again in 2003 over its integration of its Windows Media Player with its flagship software.

"This is deja vu all over again, as essentially these arguments over security and Microsofts use of its position in the operating system market to enter a new space are the same things we heard disputed in the companys earlier antitrust battles," said Melissa H. Maxman, partner in the Antitrust Group of Washington, D.C.-based law firm Baker Hostetler LLP.

"Microsoft is incredibly bold and brilliant with its go-to-market strategies, but because of their monopoly status with Windows, there will be scrutiny over this entry into security."

Next Page: Past but not forgotten.

Past But Not Forgotten

In addition to its hold in the OS market, Microsofts aggressive business practices and history with regulators could work against it in avoiding antitrust investigations over security, said Maxman, who previously represented U.K.-based software maker Silverware in an antitrust suit against Microsoft.

Other legal experts agreed that Microsofts past battles with antitrust regulators in the United States and abroad will not be forgotten when those officials are presented with complaints from the software giants security rivals.

On the same day McAfee railed against its partners security efforts in Vista, Microsoft attorneys filed a new appeal over a multimillion-dollar fine the European Commission imposed on the company in July for failing to meet terms of its 2004 antitrust ruling against the firm.

"Everybody who finds themselves in Microsofts way is going to complain, and because of the history, these companies will get more of a hearing than they might otherwise," said Bruce Abramson, an antitrust researcher and president of consulting firm Informationism, located in San Francisco.

"Based on the volume of issues being reported already, it seems unlikely that Microsoft will be able to appease everyone in the security industry, and at the same time there are regulators on both sides of the Atlantic who feel that Microsoft has treated the whole regulatory process with contempt; they will be receptive to these types of complaints."

Microsoft executives appear to view the notion of defending the firms growing security interests as somewhat ironic, as one of the greatest criticisms leveled at the companys products over the years, specifically Windows, have involved the many vulnerabilities in the OS allowing for the propagation of computer viruses and other IT-based threats.

As the company moves Vista and its overarching security strategy forward, said Stephen Toulouse, Microsofts security program manager, the software giant will remained focused on attempting to cut down on vulnerabilities and improving the computing experience for end users, many of whom are drowning in a sea of malware attacks that slow the performance of their PCs and attempt to steal their personal data.

"To the extent that people are concerned that theres tension [between Microsoft and its security partners], we want to point out the our first priority is always going to be protecting our customers, who have told us they want [Vista] to be more secure from engineering standpoint and to have more security features and functions onboard," Toulouse said.

"At the same time, we know that security is not a problem that we can solve by ourselves, and that our customers want choices, so we have been working very hard with our partners to help them build products that work well with Vista."

McAfee and Symantec have complained that among other issues, Microsoft is using PatchGuard to deny third-party software makers access to the 64-bit version of Vistas kernel, the softwares fundamental building block code.

The Microsoft partners say the firm has fallen short on its promise to provide partners with the so-called development keys needed to build products that work as effectively as their existing applications, which are allowed to access the kernel in Windows XP and other iterations of the companys software.

Toulouse disputes the fact that the partners have not been given sufficient alternatives to accessing the Vista kernel, pointing out the fact that developers from both companies have been living and working in Microsofts Redmond, Wash., headquarters, where he said they have been provided with full-time support for their product development efforts.

Blocking kernel access in 64-bit Vista was a security measure needed to counter emerging IT threats such as rootkit viruses, he said, and Microsofts own products wont access the softwares core for security monitoring purposes either.

Whether antitrust regulators are ready to accept the inclusion of comprehensive security features as a fundamental necessity to doing business in the operating system market is the question that will likely sit at the center of any litigation that will be heard over Microsofts burgeoning security business, analysts said.

If the company is to succeed in its efforts to assuage fears that it is trying to take over the security applications market via its work with Vista, or otherwise, Microsoft will need to provide evidence that its future sales hinges on the addition of security features such as PatchGuard, that appear to put other companies at a disadvantage, according to Kieran Shanahan, a Raleigh, N.C.-based attorney who won a $89 million settlement against Microsoft in 2004 for violating North Carolinas antitrust laws.

"Hopefully theyve learned from past encounters that a lot of people will be watching them, and that they will not be allowed to use their market position to cram additional products down customers throats," Shanahan said.

"At the same time, they do have the right to try and integrate new technologies; if they can prove that theyre only rolling security features into Vista to benefit customers, Im not sure how regulators will view that as a questionable business practice."

Check out eWEEK.coms for Microsoft and Windows news, views and analysis.

Rocket Fuel