Microsoft Must Comply in Good Faith

What the tool actually does is amazingly minimal.

This month, Microsoft has responded in two legal enanglements.

Windows 2000 Service Pack 3 has a new component called Set Program Access and Defaults, developed to satisfy requirements in Sections H.1 and H.2 of the proposed antitrust settlement. A similar component will be in Windows XP Service Pack 1. As per the settlement, this tool is to "allow end users … and OEMs … to enable or remove access" to Microsofts Web browser, e-mail, media player, instant messaging and Java virtual machine software, as well as choose third-party alternates.

We could hardly imagine a more purely nominal response to the issues raised in the antitrust case. In fact, this option will not enable IT administrators to really disable the programs that have been the source of so many security problems.

What the tool actually does is amazingly minimal. Unchecking its "Show this program" options does only one thing: remove associated launch icons from the Windows Start menu and task bar. Software is left fully installed and functional, and all file type associations are left in place. These automatic launch associations in particular have been common attack paths for crackers exploiting security holes in these packages.

IT managers have long wanted better ways to control the inessential software that is installed by default on their systems. Microsoft has always frustrated this effort with its "uninstallable" middleware. This tool is not a meaningful improvement.

The Federal Trade Commission, meanwhile, charged that Microsoft engaged in "unfair or deceptive acts or practices in or affecting commerce" by failing to take reasonable security precautions with its Passport sign-on service, making false or misleading claims about its security benefits, keeping more private information than it said it did and having an insecure Kids Passport service. Without admitting guilt, Microsoft has agreed to fix these failings and undergo third-party Passport security audits every two years for the next 20 years.

We call on Microsoft to show a greater amount of sincerity in fulfilling this agreement than it has shown so far in complying with the proposed antitrust settlement. The companys millions of loyal customers deserve it.