Microsoft had a big week on the government and legal fronts, ranging from lawyer-driven attempts to shut down a botnet and a watchdog site that posted its internal documents, to the announcement of an online-services cloud for the federal government.
On Feb. 24, Microsoft announced security and privacy enhancements to its Business Productivity Online Suite (BPOS) along with a government-focused version of BPOS during its eighth annual Microsoft U.S. Public Sector CIO Summit. Business Productivity Online Suite Federal, apparently, will be housed on dedicated infrastructure in secured facilities, accessible only via biometric access controls by U.S. citizens who have undergone the necessary background checks to access the system.
Microsoft said it expects that the platform will attain its FISMA (Federal Information Security Management Act) certification at some point within the next six months. In an eWEEK interview with Microsoft executives ahead of the announcement, it was indicated that Microsoft plans on providing new updates to its BPOS services about every 90 days.
Those initiatives come as Microsoft faces an increased challenge in the online government-services arena from Google, whose cloud-based software is under contract for a number of entities such as the city of Los Angeles. Google had previously announced plans to create a dedicated federal cloud computing system in 2010, arguing that the cloud-based Google Apps productivity suite would be a suitable replacement for IBM Lotus Sametime and Microsoft Office Sharepoint.
Nor are Microsoft and Google the only companies pushing into the space. On Sept. 15, Federal CIO Vivek Kundra announced the opening of the Apps.gov Web store, where IT vendors could offer cloud-based services for purchase to federal entities. At the time, Amazon.com CTO Werner Vogels indicated that his company was interested in competing for federal contracts.
This week, Microsoft also demonstrated its willingness to use legal tools in order to shut down botnets, swarms of compromised computers used by their hacker-controllers to bomb Internet users with spam emails and malware.
In response to a complaint from Microsoft, a federal judge in Virginia issued a temporary restraining order on Feb. 22 that would cut off the 277 Internet domains associated with Waledac, which is believed to be producing over 1.5 billion spam messages per day. A recent Microsoft analysis suggested that Waledac was responsible for some 651 million spam emails clogging Hotmail inboxes between December 3-21, 2009.
“This action has quickly and effectively cut off traffic to Waledac at the -.com’ or domain registry level, severing the connection between the command and control centers of the botnet and most of its thousands of zombie computers around the world,” Tim Cranton, Microsoft’s associate general counsel, wrote in a Feb. 25 posting on The Official Microsoft Blog. “Microsoft has since been taking additional technical countermeasures to downgrade much of the remaining peer-to-peer command and control communication within the botnet, and we will continue to work with the security community to mitigate and respond to this botnet.”
With hundreds of thousands of computers infected around the world, Waledac was considered a large enough threat to have drawn a response from a number of tech entities in addition to Microsoft, including Symantec, Shadowserver Foundation, the University of Washington and a handful of others linked together in an initiative termed “Operation b49.”
“At Microsoft,” Cranton added, “we don’t accept the idea that botnets are a fact of life.”
Security experts, however, questioned whether the legal maneuvering offered but a temporary reprieve from the increasingly endemic issue of botnets. “This will not make the problem disappear,” Amichai Shulman, chief technology officer for IT security company Imperva, told BBC News on Feb. 26. “In the short term other gangs will fill the void while people behind Waledac regroup and start their operations all over again.”
Microsoft has been more than willing to use courts in order to shut down what it views as inappropriate online behavior. In 2009, the company filed five lawsuits in King County Superior Court in Seattle against entities it said were responsible for malicious online advertising. Those legal actions alleged that the defendants used advertising to either distribute malware or rogue antivirus software.
Microsoft also attempted to use legal means to shut down Cryptome, after the watchdog site published an internal document, titled “Microsoft Online Services Global Criminal Compliance Handbook,” which detailed which of its users’ online data Microsoft was willing to share with law enforcement under certain circumstances.
That document broke down how long Microsoft retains IP connection history records, user-provided registration data, IP addresses and dates of uploaded content, and other transactional records for a variety of its online services, including Microsoft Office Live, Xbox Live, Windows Live, Windows Live Messenger, Hotmail, MSN Groups, Windows Live ID and Windows Live Spaces.
Soon after news broke of Microsoft’s takedown request, the company reversed its decision. “While Microsoft has a good faith belief that the distribution of the file that was made available…infringes Microsoft’s copyrights, it was not Microsoft’s intention that the takedown request result in the disablement of Web access to the entire cryptome.org Website,” Evan Cox, outside counsel to Microsoft, wrote in a Feb. 25 email to administrators of Cryptome’s host. “Accordingly, on behalf of Microsoft, I am hereby withdrawing the takedown request.”
The document in question, along with the email correspondence related to Microsoft’s takedown request, can be found here.
If all that wasn’t enough to keep Microsoft’s lawyers busy, the company also announced intellectual property licensing agreements with both Panasonic and Amazon. In Panasonic’s case, the deal gives the electronics maker access to Microsoft’s exFAT (Extended File Allocation Table) technology, which allows flash memory devices to manage larger files. The broader Amazon agreement, by contrast, opens large portions of the online retailer’s and Microsoft’s respective patent portfolios.
Despite taking something of a back seat to legal news, Microsoft’s Windows Phone 7 Series-which received the bulk of media coverage last week-managed to spark a number of online rumors, mostly associated with hardware for the devices that will eventually run the new operating system.
In a Feb. 20 podcast on Frankly Speaking, a pair of developer evangelists for Microsoft Australia suggested that three styles, or form-factors, of device would eventually be available for the Windows Phone 7 Series: one with a full touch-screen, one with a sliding keyboard, and another in a “candybar” configuration.
The actual look of the phones remains conjecture; like a legal maneuver, these things occasionally take time to come to fruition.
Home Cybersecurity