Microsoft News Tracker

One of the Windows Vista concessions that Microsoft promised the European Union antitrust regulators in October was that they would provide kernel level APIs for third party security software vendors to work with the PatchGuard kernel protection code in 64-bit versions of the operating system. The timeline for creating and delivering those APIs kicked up quite a ruckus, but today Microsoft released a draft and reiterated the promised availability by the time Vista Service Pack 1 ships:

Microsoft Corp. today released draft application programming interfaces designed to allow third-party security products to get around a contentious kernel protection technology in the Vista operating system called PatchGuard.

The draft APIs will be available to security vendors for testing and comment through the end of January. A final version of the APIs will then become available when Microsoft releases Service Pack 1 for Vista sometime in mid-2007, according to Ben Fathi, vice president of development for the Windows Core Operating System.

Microsoft today also released a separate criteria evaluation document that details the processes Microsoft used in evaluating vendor requests for APIs to the Vista kernel. As with the draft APIs, Microsoft is seeking third-party security vendor feedback on its criteria evaluation processes.

There are more details by following the link and in a separate Q&A with Fathi. Reactions from the vendors haven’t come in yet:

McAfee officials said they would comment on Microsoft’s move Tuesday afternoon; Symantec won’t talk about the decision until Friday.

but what strikes me is that we now have yet another date for the infinitely mutable Vista SP1 (mentioned previously here).

Update, Nov. 22: McAfee is pleased, no comment yet from Symantec.

Ted Kummert, Microsoft’s Corporate Vice President, Security, Access and Solutions Division:

Today we are announcing key security products across the client, server and network edge, which map to our customer promise to help protect information and control access. First, we are excited to announce the public beta for Microsoft Forefront Client Security, a new product that helps protect business desktops, laptops, and server operating systems from viruses, spyware, and other threats. Second, we are announcing two new server security products, Microsoft Forefront Security for Exchange Server and Microsoft Forefront Security for SharePoint, which are currently in public beta, and will be available to volume-licensing customers in December. Finally, today we are unveiling new Application Optimization features for the Intelligent Application Gateway, a product included in Microsoft’s acquisition of Whale Communications this year.

While all are of importance, Microsoft Forefront Client Security is drawing the most buzz since it’s a stake pointed right at the heart of the lucrative corporate security market which has heretofore been dominated by Symantec, McAfee, and other third party ISV’s whose relationship with Microsoft has grown so rancorous lately. More information and the Client Security beta download are here.

While Microsoft was announcing this week that their 1Q profits got a big boost from reduced legal expenses, a number of lawsuits involving Microsoft were also making the news:

Pride of place has to go to Microsoft’s opportunity to be part of landmark legal ruling as the US Supreme Court agreed to hear Microsoft’s appeal of a patent lawsuit it had lost to AT&T over a speech codec included in Windows worldwide. Scott M. Fulton, III has more details at BetaNews than you likely want to know, but while there are several aspects that might have piqued the interest of the Supremes, the key one apparently is that US law uniquely holds companies liable for foreign sales of patent infringing items if research and development was done in the USA:

But in the end, reports the AP, it was a plea from the United States’ own Solicitor General, Paul Clement, which seems to have turned the tide. In his plea, he argued that AT&T should be seeking remedies in courts within the jurisdictions where its patents were infringed, “not in attempting to extend United States patent law to overseas activities.”

The efficacy of US patents in foreign jurisdictions has been a matter of some contention, especially among proponents of patent reform. As a result, the Microsoft appeal could produce a landmark ruling from the high court, establishing the U.S. position on the territorial reach of its own patent protection.

This news may be greeted positively by European patent law reformers, who have argued lately that U.S. patent jurisdiction should stop at its own borders, and who may be surprised to learn Microsoft is in agreement with them.

It’s not clear what the price tag of a loss would be for Microsoft, but the issue is thorn in the side of Microsoft and other US software vendors among others.

Less likely to make legal history:

Microsoft settles Arkansas antitrust suit with $37.8 million in vouchers.

Meanwhile in the Iowa antitrust suit where Microsoft’s attempt last week to disqualify the head opposing lawyer failed, they also failed this week to decertify the class in the class action lawsuit. Trial starts November 13.

In the continuing search engine extortion comedy from Belgium’s Copiepresse, Struan Robertson at The Register goes direct to the source, Margaret Boribon, Secretary General of Copiepresse:

But the real reason for not opting-out with a robots.txt file or mandating against caching is that Belgium’s newspapers want to be indexed by Google. “Yes, we have a problem with Google, but we don’t want to be out of Google,” Boribon said. “We want Google to respect the rules. If Google wanted to index us, they need to ask.”

Copiepresse also wants Google to pay for indexing sites. Boribon declined to discuss how or how much. “That has to be negotiated,” she said.

…

Since the ruling, Google has pulled the plug on the news sites in the lawsuit. They are not just missing from Google News Belgium, they have disappeared from Google’s main index and cache too.

“They have done it to punish us,” said Boribon, who didn’t want Google to go that far. “They have a bad attitude.” Yet Boribon went on to complain that some of her members’ content can still be accessed via Google News France. “They don’t apply the judgment fully so we will ask for the fine,” she said.

Copiepresse and Google will be back in court November 23 for more wrangling, but as I mentioned last week, Microsoft has already dropped the Copiepresse papers from its search indexes to avoid a similar lawsuit. Ms. Boribon is after Yahoo as well and I predict that one day soon all of her client newspapers will be invisible on the major search engines.

Finally, the Symantec lawsuit against Microsoft for patent infringement that was initiated in May is scheduled for trial in December 2007.

It was easy enough for Microsoft to promise the EU that they would provide Vista security APIs to competing security software vendors, but delivering on that promise has turned into a real melee.

Microsoft did deliver some Security Center documentation on Monday, but was stung by complaints from McAfee and Symantec that it was inadequate and had scheduled a conference call yesterday to clarify matters. Unfortunately, the call did not go smoothly:

This meeting was under NDA, so what was actually discussed I can’t say. 

However, the not-secret part of it was that someone at Microsoft accidentally sent out the LiveMeeting presentation invites as “presenter”, which if you’ve ever used LiveMeeting, is an invitation to chaos.  Realizing their error, the meeting was rescheduled for 30 minutes later, and that didn’t all come together, because the meeting had been originally setup to end at 12:30, so we were promptly all kicked off.  Finally at 12:45 EDT the meeting went as planned.  Those who missed this meeting will have the ability to view another later today.

While I have my disagreements with Microsoft on the PatchGuard issue, I must defend them in this instance. It was a case of a few honest mistakes made by well-intentioned people, probably working under a tremendous amount of stress. No big deal people.

OK, but then Microsoft clarified the purpose of the meeting which they felt was “Microsoft’s intention to invite nearly 150 security products vendors to join it in the development of an open security services API for Windows,” and emphasized the fact that:

Such an API would not open up PatchGuard, the kernel protection system the company currently plans for Windows Vista, the spokesperson pointed out emphatically several times during our discussion, nor does Microsoft have any plans to ever open up PatchGuard.

“Microsoft continues to believe the kernel must be protected from unauthorized access,” BetaNews was told. To that end, the company proposes “a process for developing methods for software that works alongside PatchGuard.”

Such a process, if initiated, could take several months, by Microsoft estimates, with the goal being to produce the results of this initiative in time for the release of Vista Service Pack 1. Though the spokesperson used the phrase “the SP1 timeframe” to refer to the release of these services, Microsoft declined to attach a time to that timeframe.

This was all too much for McAfee which blasted Microsoft:

“Despite pledges, press conferences and speeches by Microsoft, the community of independent security companies that consumers rely on for computer protection has seen little indication that Microsoft intends to live up to the promises it made last week,” McAfee attorney Christopher Thomas said in a statement.

“We have been greatly disappointed by the lack of action by the company so far and Microsoft has not lived up, either in detail or in spirit, to the hollow assurances offered by its top management last week.”

and, of course, Microsoft returned the compliment:

It’s unfortunate that McAfee’s lawyers are making these kinds of inaccurate and inflammatory statements,” said Ben Fathi, corporate vice president of Microsoft’s security technology unit.

He said Microsoft was being even-handed in developing the needed software, which would happen “in the months ahead”.

It doesn’t take an international antitrust lawyer to see the problem here, just someone with a recollection of recent events:

In the past, the Commission has expressed concerns about delays by Microsoft in providing information to other companies because during that time, those firms have lost market share and eventually been sidetracked.

Then there’s the whopping supplemental fine that the European Commission slapped on Microsoft for the sluggish delay in delivering interoperability information the last time around. Why does Microsoft persist in playing the same old tune? Do they think the regulatory reaction is going to be any better this time? If they really like waving a red flag at Neelie Kroes, they shouldn’t be surprised when she shows up snorting and pawing the ground.

Update: In fairness to Microsoft, they do contend that they have provided extensive Security Center API info on and since Monday.

Microsoft’s partial delivery of EU placating Vista security APIs is drawing fire from competitors McAfee and Symantec:

A statement from McAfee worldwide corporate communications vice president Siobhan MacDermott said:

We did receive a document from Microsoft yesterday that contained the SDK for Windows Security Centre only. We continue to have questions pertaining to this document and have asked Microsoft for meetings and/or additional clarification about what MS has sent us. To date, we have not had any cooperation from MS and no response on McAfee’s repeated requests to review the information.

Contrary to what it says publicly, Microsoft has not cooperated with the leading security providers. In fact, we have not received anything at all from Microsoft concerning PatchGuard. …

And Symantec:

With regards to Microsoft and their announcement regarding security provisions in the Windows Vista operating system, Symantec has yet to actually see the final detailed information needed to address our concerns regarding Windows Security Centre or PatchGuard. While we are encouraged by their statements and are hopeful their actions will indeed lead to customers being allowed to use whatever security solutions they would like on the Vista operating system, the operative question is exactly when will the final detailed information be made available to security providers?

It is important to note that the Vista operating system is slated to ship to OEM within the next few weeks. Therefore, security providers would need to have the final detailed information to address their concerns about Windows Security Centre and PatchGuard provided to them in a timely manner.

You have to admit that it’s rather a dirty trick on Microsoft’s part to announce on Oct. 13 that they have resolved the issue, deliver part of the promised APIs on Oct. 16, and then expect the security vendors to rework their products in timely fashion when Vista RTM is now generally expected to be on Oct. 25.

Meanwhile, Microsoft CEO Steve Ballmer returned fire:

“I don’t know anything about allegations of McAfee. We have gone ahead with the release of APIs consistent with the directions we have taken to put Windows (Vista) in the marketplace on schedule and we are absolutely executing on all of the plans properly,” he said.

More broadly, Ballmer said of complaints by security companies: “We are through that … We’re prepared to release our product.”

Uh Oh! I think someone just paged European Competition Commissioner Neelie Kroes, but then her appearance is inevitable anyhow.

Update: That was quick:

Microsoft will brief security software companies on-line on Thursday, after firms McAfee and Symantec complained it was delaying promised cooperation about their security concerns.