Microsoft capitulates on Vista (and mushroom-mushroom)

Badger-badger-badger-badger IT Blogwatch, in which Redmond strategically caves in to competitors' demands. Not to mention Open Source Mycology...

Peter Sayer reports:

Microsoft Corp. has agreed to make changes to its upcoming Windows Vista operating system to satisfy regulators in the European Union. Despite those changes, the company said today it will still deliver Vista on schedule. The company had earlier warned that Vista might be delayed in Europe because of regulatory authorities' concerns about the impact of the operating system on competition. Those concerns melted away following what Microsoft described as "constructive dialogue" with competition authorities.
...
Microsoft has agreed to make a number of changes to Windows Vista in response to guidance from the European Commission, the EU's competition regulator. It has also had successful talks with competition authorities in Korea who raised concerns about Microsoft's business practices. It expects to ship Vista on time in that country as well.

Todd Bishop has more:

Here's a summary of Microsoft's explanation of the changes that will be made in Windows Vista. Microsoft says the changes will apply worldwide.

• The search function in Internet Explorer 7 in Windows Vista won't automatically use Microsoft's Windows Live search engine ...
• Windows Security Center, a central console for monitoring the computer's security protections, will defer in cases where users have installed alternative programs from independent security vendors with similar consoles ...
• Microsoft said it will offer interfaces to give independent security vendors access to the technical core of the Windows Vista operating system, known as the kernel, while still protecting the kernel in other ways ...
• Microsoft will submit its new XPS document format to an international standards organization and change the terms under which it licenses the format to other software developers.

Dwight Silverman:

Antivirus vendors such as Symantec and McAfee have been upset with Microsoft about a feature in Windows Vista that locks down its kernel. The vendors wanted access to it so their products would work properly. Microsoft, on the other hand, argued that a lockdown would protect the kernel -- the core component of the operating system -- from attacks. The vendors raised enough of a stink that now Microsoft is caving in, and will create hooks into the kernel for them. Then again, if they'd just waited long enough, someone would have cracked it for them.

Ars's Matt Mondok:

Symantec and McAfee, are you feeling satisfied? ... By offering an extended, kernel-level API (Application Programming Interface), Microsoft will give anti-virus makers a way to access the Windows kernel, potentially avoiding conflicts with Vista's PatchGuard technology ...  Microsoft is hoping that the APIs will dispel fears that Vista would force customers into using a Microsoft-provided security solution ... Besides presenting third-parties with the new API, Microsoft is also planning to modify Vista's Welcome Screen so that it provides links to security products other than OneCare.

Warner Crocker:

I wish Microsoft and these vendors could somehow be forced to declare how much their security products slow down a system. Granted it is still in Beta, but even Microsoft's OneCare deals you a performance hit. Is that a price we have to pay in today's world? The answer is sadly yes. But I'm guessing if we could compare these products not only by the claims of how protected we we will be, but by how much of a hit we can expect on system performance, we'd see a heck of a lot better coding going on. Sometimes I wonder if the cure isn't as bad as the disease.

Shivetya shrugs:

Sorry but I think the kernel should be off limits. Leave that to Microsoft and hold them wholly accountable to preventing issues with it. On one hand people bitch about MS's lack of security yet when they do essentially what is asked it is claimed they only did it to be uncompetitive. Make up your mind. Or is just permanent open season on MS?

UnknowingFool retorts:

Here's the crux of the complaint: In Windows, to combat viruses and add security like firewalls, these programs need kernel level access (as many APIs unfortunately do). Now with Vista, MS had decided to close off that access to all software except their commercial security apps (which they will charge extra to the customer). To some that is abusing their monopoly.

Garry Chernoff calls it a, "Lie":

Trend Micro's anti-virus and Avast both work on Vista, because their respective developers spent time developing new software to work with it. Symantec and McAfee on the other hand, rather than invest money in development for a version of their programs which fits Vista's new security model, decided to bitch and whine loudly about Microsoft's new security in Vista while doing nothing of any value
...
This should not be happening. This is BAD for security, as once you let one program bypass security barriers it's only a matter of time before others do, not all of them friendly. This is STUPID because Microsoft has kowtowed to pressure from two companies far more focused on saving money on developing their [redacted] antivirus programs than actually providing any more security.

Buffer overflow:

Around the Net

• Richi Jennings: Large U.K. ISP Gets Serious About Stopping Spam
• Brian Clark: Is Net Neutrality Down for the Count?
• Brady Forrest: How Friendster Lost Its Footing
• DrunkenData: A Simple Truth about Regulations
• Mark Evans: Web M&A: Who's Next?
• John Andrews: Remember when you could actually FIND stuff on Google?
• A VC: Who Should Buy Yahoo!

Around Computerworld

• Jerri Ledford: Woman triumphs over cell phone
• Patrick Thibodeau: CDC sees broad role for bloggers; Hastert hasn't updated blog since scandal
• Martin MC Brown: Vacation recovery
• Eric Ogren: F5 Networks runs a contest
• Martin McKeay: Keeping the $100 laptop secure
• Patrick Thibodeau: Motorola Bluetooth stereo headphones will end my dating life
• Shark Tank: Always ready to help

And finally... Shroomr -- Open Source Mycology [hat tip: b3ta]

Richi Jennings is an independent technology and marketing consultant, specializing in email, blogging, Linux, and computer security. A 20 year, cross-functional IT veteran, he is also an analyst at Ferris Research. Contact Richi at blogwatch@richi.co.uk.