The European Commission warned Microsoft again yesterday that planned security features in the upcoming Windows Vista operating system could run afoul of EU anti-trust laws, prompting Microsoft to say that an adverse ruling from European regulators could further delay Vista's ship date.
EC spokesman on competition Jonathan Todd said that the Commission believes that diversity and innovation in the security software market could be threatened if Microsoft doesn't allow reputable third-party security vendors to compete on an equal footing for customers. The statements came in response to questions from journalists who had been briefed by Microsoft.
Microsoft is reaching out to members of the press to express concern about the EC's stance on Vista security and to explain the reasoning that went into the company's decisions to integrate some security functions in the Vista operating system, according to Stephen Toulouse, of Microsoft's Security Technology Unit.
"We're doing what everyone asked us to do and making Vista secure," Toulouse said. "We believe we've set the security foundation higher in Vista than in other operating systems and we don't want to lower that." But he added Microsoft is committed to delivering an EC-compliant operating system, and would abide by requests from the European Commission to remove security features if necessary, Toulouse said.
Unraveling security features such as the BitLocker drive encryption, Windows Defender and Windows Security Center from Vista at this late date would be a monumental task, Toulouse claimed. "I can't even speculate on how we'd deal with a request like that," and pointedly didn't rule out delays in the global release of Vista.
Todd rejected the idea that the EC would give a "green light" to any particular version of Vista, but said that Microsoft would have to produce a product that complies with EU competition rules, or risk an anti-trust ruling from the Commission. "We've made it clear for some time that it's up to Microsoft to make products that are fully compliant with EU competition rules, particularly in light of the March 2004 ruling on its abuse of its dominant market position," Todd said.
Neelie Kroes, the European Commission's competition commissioner, wrote to Microsoft CEO Steve Ballmer in March to express concerns about the security features and requesting more information on them, but the company delayed responding to the letter until the end of August, Todd said. Microsoft has fought back through the press, emphasising the company's work with independent software vendors.
Toulouse explained that security features such as Patchguard, a feature on 64-bit versions of Vista that prevents applications from "patching," or modifying the Vista kernel, was necessary for the operating system to prevent unauthorised applications and malicious programs from taking control.
However, legitimate third-party products, such as anti-virus and security products, also need access to the kernel. Symantec executives have complained that Microsoft is using its dominance of the operating system market and hard line stance on kernel patching to stifle competition. Microsoft's response is that it allows third parties to extend the Vista kernel using signed, kernel-mode drivers.
The EC is still evaluating the information Microsoft sent in August on the Vista security features and hasn't decided what additional guidance it will give Microsoft.