Microsoft and the Justice department have inked a settlement to the long-running antitrust suit against MS.
(NOTE: for the following discussion, let’s assume that the findings of the court are correct, that Microsoft is indeed a monopoly that has used unfair business practices to stifle competition and that this has hurt consumers and the marketplace. Whether this is a correct finding is open to debate, but that debate has been done to death, so if everyone agrees let’s please restrict discussion to the terms and implications of the proposed settlement.)
Microsoft will allow PC makers to modify the Windows desktop to include competitors’ products.
Microsoft cannot financially punish IHVs for working with a Microsoft competitor.
Microsoft cannot enter into a licensing agreement that prohibits a licensee from using competitor’s products.
Microsoft will provide certain technical information to allow 3d-party products to work with Microsoft products.
A Technical Committee shall be appointed consisting of 3 members, one from the goverment, one from Microsoft. These 2 members shall elect the final member of the committee. The Technical Committee will monitor Microsoft’s compliance with the agreement. The proceedings of the TC will not be disclosed except to MS or the government.
The agreement will last for 5 years. The government may ask the court for a one time extension of two years at the end of this period.
There’s a little more, but that’s probably the essentials.
The debate: is this agreement an effective remedy?
My take: No, of course not.
I personally don’t think MS should have been broken up, but this agreement is, well, laughable. The following problems, among others, have been cited in news stories:
The behavioral remedies are minor. The technical disclosure provision is vague and probably unenforcable.
There are no damages or other punishment for past unlawful behavior. (One editorial called this letting the bank robbers get away with the cash by agreeing not to rob banks in the future.)
There are no enforcement provisions. The Technical Committee has no enforcement power, and the government’s only remedy should MS not comply is to take the company back to court (which could mean another multi-year legal battle, if anyone has the stomach for it at that point).
Sub-debate: was the government ‘tricked’ by MS into a weak agreement, or did the Justice Department roll over (for whatever reason – the JD’s motivation is probably a different debate) and come up with the weakest deal it could so it could credibly claim victory while letting MS off the hook?
The settlement is a face-saving device for the DOJ so they could drop the suit while giving their pro-MS allies a thread of cover.
The terms of the agreement can be evaded in a hundred ways. It’s effectively no conduct restraint at all.
Government (sorry, technical committee) oversight of the internal practices of MS is a joke. Unless the DOJ appoints hundreds of inspectors, how are they supposed to have even minimal awareness of the actions of thousands of coders and exectuives?
No punitive measures despite nine federal judges unanimously agreeing that MS was an abusive monopoly.
If MS continues to do as it did before, what’s the punishment? “Stop, or I’ll yell ‘Stop’ again!”
It’s a sham. I want to puke. I think that orders came down from the Dubya administration to make it go away, and it did.
One pundit described the settlement as giving the fox the keys to the henhouse. The consent decree specifically excludes any government regulation on the new markets MS wants to dominate. MS has exclusions on DRM, .NET, and all the key technologies it wants to use to dominate the net. And the new MS will be back, bigger, badder, and more pissed off than ever. This settlement is not a even slap on the wrist, it’s handing them the keys to Fort Knox. And MS has never obeyed any prior consent decree, what if they violate this one? Take em back to court? Hah.
Well, the states aren’t going for it. MS wants to slip a fast one past the DoJ but the states are more careful. The leader of the states, Tom Miller, says the settlement is “reasonable progress” towards a final resolution. There is still a wide gulf between the two sides. There is some rational opinion that MS should be denied the fruits of their illegal actions, but there is nothing to address this in the settlement. And nothing to stop MS from continuing to use its monopoly power to crush any market it wants to enter.
I still expect this to go to final penalty phase before the court, March 02 by current estimates is the soonest this will happen. But we’ll know if that will happen after Tuesday, the deadline for when the states need to make up their mind about how to proceed.
Anyway, here’s the best analysis of the agreements I’ve read so far. As usual, The Register tears into the guts of the issue:
Hmmm, some of the other interpretations by the media are fairly wrong-headed, cite:
Unfortunately, the agreement requires no such thing. It requires MS to document any internal API’s that other MS products use to communicate with Windows that are not already documented. No source code disclosure is mentioned or required in the agreement, except to the Techical Committee which shall keep such things confidential. I’d guess, with minor exceptions, MS can claim it already does this, so this provision of the agreement is extremely weak.
This just in. Anti-trust agreement struck. Federal government agrees to surrender significant executive power to Microsoft, and open a Passport account.
Of course, the news that Passport’s security is so pathetic that you might as well be handing out your credit card number to every porn junkie on the net doesn’t help anything one bit.
The settlement does nothing to remedy the ongoing leveraging of the Windows monopoly to obtain market dominance in browsers (IE) and desktop productivity software (Office). It does nothing to prevent Microsoft from doing the same for services (MSN, .NET, Passport, whatever they’ve renamed Hailstorm to).
The part that irritates me the most is the way that Microsoft’s illegal business practices have forced their programmers to make poor design choices. Both Office and IE are deeply entwined into the operating system. Not because either program needs to be deeply entwined. No, no. They do this because these products, as far as we can tell, use “secret” APIs that are less buggy and better optimized than the published APIs that everyone else has to use, which makes them perform better than the competitors, which have to use the published, buggy APIs. This is also why IE and Office bugs can crash Windows, and it’s why security weaknesses in IE and Office can crack your system wide open. This sort of design has no technical merit whatsoever. A properly-designed secure OS would not suffer from such weaknesses so easily. The only conceivable reason for this sort of “design” is to aid in leveraging the OS monopoly. Res ipsa loquitur.
But we’re going to continue to see the same thing, squared, with XP, as Microsoft tries to leverage out a few more companies: Real (XP contains a competing media player), Norton and McAfee (XP contains a crappy “personal firewall” intended to leverage out ZoneAlarm and similiar competing products), and in fact any number of other companies. The next round of DOJ v. Microsoft will have even more victims on its indictment.
Add to this the fact that Microsoft software, generally, sucks (with very few exceptions). Microsoft has no reason to write good software; it doesn’t have to compete on a level playing field. So it doesn’t. We get badly written, buggy, and grotesquely insecure junk which doesn’t serve anybody’s business needs except Microsoft’s.
And this agreement does not a damn thing to put an end to that. I hope Judge Kotelly recognizes that this agreement is not even remotely in the interests of the public and nixes it. In my opinion, the only effective remedy is a split; that’s the only way I can think of to prevent the sort of leveraging that they continually engage in. Any conduct remedy that is imposed will be dodged around or brazenly flaunted, just like the 1994 conduct remedy has been and continues to be. I see no alternative but to force Microsoft to divest either the operating systems line or all applications (including packages such as IIS, SQL Server, Exchange, and Office) and service products (such as MSN, Encarta, Hotmail, and Passport).
I respectfully dispute this. I can’t see one instance where Office or IE would need a ‘secret’ API to do what they do. I’m speaking as someone who has programmed Windows for about 12 years, Mac for almost 16. Example, please.
Si hoc legere scis, nimium eruditionis habes.
OT. Can we please stick to the antitrust settlement?
Yep, I more than agree.
Anyone out there have a take on Judge Kotelly’s probable reaction, based on past performance?
A coupla’ more responses (Kelly, nothing personal toward you, I’m just interested in the topic.):
which is already available in Win2K and ME. What does this have to do with XP?
Hmmm, I’d think a firewall is legitimately the province of any good OS that connects to the net. Whatever the competitive landscape, why should this not be a standard feature of Win ?
The latest Passport vulnerability is documented here. This is not the first time that a Microsoft site has been compromised by sloppy programming. As a general rule, Microsoft does not appear to give security much thought; usually, security issues are bolted in after the fact and often in a very sloppy way. The ongoing discussion in the security committee over the “about:” handler CSS attack on IE (which Microsoft denies presents any security risk) is an example of this, although explaining that will take more time than I have before I have to leave for work.
The pertinence of Passport’s insecurity is that the failure to impose a proper remedy in the antitrust case will perpetuate Microsoft’s ability to leverage its OS monopoly to impose crap on the general public. Microsoft is immunized by its monopoly from the usual pressures that are placed on a product manufacturer to produce a quality product. Microsoft doesn’t have to produce a quality product; it can produce whatever quality of crap it feels like secure in the knowledge that everyone will have to buy it because they’ve eliminated the competition through unfair business practices. (I also admit to having been spurred on by Sofa King’s comment.)
Yes, you are right, there is no valid reason for Microsoft to have implemented a parallel set of APIs for use by its own products. I’ve been a programmer longer than you have and I too cannot see any legitimate technical reason for this. However, experience shows (especially the Wine Project, which seeks to implement Windows compatibility libraries) that this is exactly what Microsoft has done. Although a lot of the details are speculative (Microsoft refuses to talk about this or let anyone else who knows talk about it), it seems that there’s a second API to some system functions that ties into the OS at a lower level (bypassing security and other “useless things” like argument validation) which lets Office run somewhat faster. Microsoft’s developers are reputedly told to give priority to fixing bugs in the secret API over fixing those in the published APIs. There is also reason to believe that Microsoft has deliberately added code to break or interfere with third party applications (Corel has alleged this with respect to its PerfectOffice suite, which was the big loser in the last round of anticompetitive behavior), although, as the code is not effectively available for inspection, this has never been proved. (Dissassembling something the size of Windows 98 is not feasible.) Hence the comment, “res ipsa loquitur” (which I used in the legal sense, not as an attempt to sound erudite): the thing speaks for itself. This conduct alone proves unlawful business practices, as there is no reason to have engaged in it otherwise.
Microsoft has been attempting to leverage Real out of the media market for quite a while now. The main reason that Real isn’t bitching too loudly is that Microsoft hasn’t succeeded yet: Real is a tenacious competitor with better connections to the content industry than Microsoft has had for the past few years.
You might also find what Microsoft did to Eastman Software intriguing when reviewing your comment about including a firewall in the operating system. A proper net-ready system doesn’t require a firewall because it doesn’t expose (by default) any services that require protection in the first place. It’s only because Microsoft ships its systems with eight zillion unnecessary components bundled into the operating system, many enabled by default, that people need “personal firewalls” in the first place.
In the same way that Unix was famous for in the not so distant past?
When I first got into IT you never, ever ran Unix as a commercial server. It’s vulnerabilities where infamous and businesses stayed clear of TCP/IP as hacking IP was so easy to do. All the security you now get in Unix and IP was ‘bolted on’ to provide a more secure environment. They are still additions to systems rather than an inherent design feature.
Also, given the sheer size of MS (and IBM and DEC in their days) the odd security hole will make its way out. I’m currently thinking of a foul up I once found in a common internet utility that gave you root/admin access between boxen of a certain flavour. An old version of sendmail had a memory leak not unlike buffering problems in Outlook that could give you root access.
All OS vendors have let them slip through occasionally.
The sendmail bug you’re referring to is the Morris worm. This took place in 1988. I had a substitute professor in one of my classes a year or so later because my professor (Gene Spafford) was testifying at the trial. Here we are 13 years later, and Microsoft is still deploying software systems with the same bug. I read reports in my security lists of new buffer overrun vulnerabilities in Microsoft software on almost a weekly basis, showing that they have not even paid attention to the mistakes that have been made in the past.
The UNIX problems you’re talking about, for the most part, were discovered and corrected three, five, ten, even fifteen years ago. I worked on a project to look for and correct malformed input exploits in BSD 4.3 in the early 90s. The UNIX software developer community has taken some pains to develop software engineering standards that generally avoid these sorts of problems in new code. Meanwhile, Microsoft is even today releasing code (I saw a report of a buffer overrun-related DoS vulnerability in XP just the other day) that is susceptible to these sorts of problems.
And I’m not even talking about some of the more fundamental problems with security engineering in Windows. For example, both IE and IIS parse URIs twice, once to map it to a web document or application, and once to determine the security context to be used. The problem is that the security parse is performed by a different module than the document identification parser. When one parser is modified, the other parser might not be, which can result in a particular URI getting inconsistent handling by the system as a whole. A more rational approach (not used by Microsoft) is to have one parser that parses the URI to an internal form which can then be used by both the document mapping module and the security module, but this is not what Microsoft did. Contrast Apache, which does use the same URI parser (as far as I know) for security context mapping as it does for mapping URIs to file system objects. This is why Apache was never vulnerable to those “unicode” attacks that IIS is notorious for. There are hundreds of IIS exploits out there; my firewall logs are evidence of how widespread they are. There are only a handful of Apache exploits. And, before you can claim “well, that’s because there aren’t that many Apache sites”, I would point out the Netcraft Web Server Survey, which shows that there are, in fact, some 18 million Apache-based websites out there, almost twice the number of IIS-based sites. It’s not like crackers don’t have a reason to go after Apache; it’s just that they don’t have as much luck at it. (Most Apache-based sites that get compromised are compromised other than via Apache.)
So why does Microsoft repeat the mistakes of the past, when a little quality software engineering would avoid it? Because it has no reason to bother. And that’s because of the monopoly.
KellyM: “MS has lousy security” yelmalio: “You mean like Unix?” KellyM: “But they fixed Unix. MS didn’t.”
Okay fine, and all very interesting. But fairly off-topic. And it’s all been done before, endlessly.
As I said in the OP, let’s stipulate that MS is a monopoly and engages in monopolistic behavior, which may manifest as poor products due to lack of competition (or as KellyM might say, they “suck”).
I’d be interested if anyone can defend the consent agreement terms. All that’s been posted is bashing of the agreement from everyone (myself included), and rehashed bashing of MS.
It looks like it may be a short debate, since everyone seems to agree that the settlement is at best inadequate. Anyone care to take the other side of the debate, or shall we close up shop?
It’s not a slap on the wrist, it’s the Dubya Administration puckering up to kiss Bill Gates’ rich white hiney.
Jackson had it right all along – split that sucker. I’d have suggested into thirds, myself (Windows, Internet, and Everything Else Microsoft), but IMO anything that keeps Microsoft intact just lets them to continue leveraging their monopolies into other markets.
Well, since nobody cares to defend the Justice Department or the consent agreement, I guess that ends the debate.
I’m surprised none of the Bush administration or Microsoft apologists, not to mention the opinionated lawyers in the crowd, had anything to add. Apparently nobody has a good word for this agreement.
You get no debate because you are asking the wrong question. If you want a debate, the question should not be “Is this a wrist slap”, but rather “Is it appropriate”.
Of course this is only a wrist slap, because that’s what’s appropriate to the case remained after the Appeals court got through with it. Unless the DOJ wanted to re-litigate the tying issue, the only thing that the DOJ managed to prove is that MS is a monopoly, and that it had contracts with OEM’s that restricted competition.
This agreement restricts MS contract’s with OEMs to prohibit the behaviors that the OEM’s had complained about. Thus the remedy is appropriate to the crime.
Now, I’ve seen reports that there are loopholes in the agreement that you could drive a truck though. It doesn’t appear that way to me, but I’d be willing to debate specifics if you have any.
Right. :rolleyes: Like RN’s spin isn’t self serving bullshit.
Stick to the actual text of the agreement if you want a debate. It’s pointless to debate Netscape’s or RealNetwork’s spin. They would never be happy with a fair agreement, they don’t want competition restored to the marketplace, they each want to be a monopoly.
As I understand it, this is still tentative anyway until KCK signs off.
Of course this is only a wrist slap, because that’s what’s appropriate to the case remained after the Appeals court got through with it. Unless the DOJ wanted to re-litigate the tying issue, the only thing that the DOJ managed to prove is that MS is a monopoly, and that it had contracts with OEM’s that restricted competition.
So they ONLY proved that MS is an abusive monopoly. Well, phew, glad we’ve established that! Now then, that said, it’d still be best to just let Gates and Co continue to dominate the marketplace, elminiate fair competion, and deny customers choice. That is, after all, how a free market is supposed to work - isn’t it?
“For Smith, government should not seek to subvert the creative process that is the market, but should establish the framework necessary to keep it alive. It should enforce competition. It should not give in to the well-argued demands of monopolists and would-be monopolists. It should punish people and authorities who conspire to fix prices, divide up markets, or restrict production. “Monopoly,” wrote Smith, “is a great enemy to good management.””
Well gee, isn’t my M$-apologist face red!
This agreement restricts MS contract’s with OEMs to prohibit the behaviors that the OEM’s had complained about. Thus the remedy is appropriate to the crime.
This “remedy” is such a piece of toilet paper I’m amazed the DOJ spokesman can even read it with a straight face. (Yes, that IS “just my opinion.” I’ll get my justification for it in a couple more sentences here, keep reading…)
Now, I’ve seen reports that there are loopholes in the agreement that you could drive a truck though. It doesn’t appear that way to me, but I’d be willing to debate specifics if you have any.
“If a vendor wished to replace a bundled application with their own, it must meet some yet-to-be-defined technical requirements established apparently at Microsoft’s discretion.” Say you want to include a browser in your PC systems you’re building, one that doesn’t ship with Windows. Maybe as a security feature, you’ve totally disabled cookies and/or JavaScript in it. Well, MicroSoft could say (completely arbitrarily) that cookies and/or JavaScript are an absolutely technical requirement for a web browser. Too bad, you can’t include that browser in your system! Ha-ha!!
“if Microsoft felt that IBM could eventually sell more servers running Linux than running Windows, then Microsoft would be entitled to include an exclusivity requirement in their contract with IBM, under this clause of the proposed settlement.” Hm, wasn’t this supposed to be about increasing customer choice and preventing M$ from dictating what OEMs can put on their machines? Well, too bad! This doesn’t do a damn thing to keep Microsoft from strong-arming OEMs into doing whatever they say!
“A gaping hole in the agreement with respect to antitrust relief for OEMs other than the top 20 - meaning Microsoft is free to continue it’s unfair pricing policies with all but the largest OEMs” In short, anyone who’s not a top 20 OEM for PCs can still be screwed by M$ however M$ wishes! Wow, equal protection under the law! Woo!
“[The Final Agreement] ‘Windows Operating System Product’ in such a way as to completely defeat the intent of the foregoing document in it’s entirety (simply because Microsoft can declare anything as ‘part of the OS’)” I’m not making this shit up! The actual agreement reads: “The software code that comprises a Windows Operating System Product shall be determined by Microsoft in its sole discretion.” In other words, if you want to ship a sound player of some sort, MicroSoft can still contratually prohibit you from doing so just by standing up and saying “Well, playing sound is the proper role of the OS!” And that’s entirely legal by the current DOJ agreement!
Now, let’s move on to http://www.salon.com/tech/feature/2001/11/02/microsoft_settlement_reacts/index.html…
“[Microsoft] is specifically not required to divulge proprietary technical information for anything that might have to do with the “security of anti-piracy, anti-virus, software licensing, digital rights management, encryption or authentication systems.” The area of digital rights management alone is certain to be a huge battleground in the future, affecting the online delivery of music, movies, books and other entertainment. In essence, Microsoft appears to have carved out huge swathes of potentially lucrative territory and put them off limits to competitors, with the explicit permission of the U.S. government.”
And last but certanly not least, there is the overwhelming fact that there are NO PROVISIONS FOR PUNISHMENT IF MICROSOFT VIOLATES THE CONDITIONS OF THIS AGREEMENT:
“The most egregious example of this would be the fact that there’s no provision for penalizing Microsoft if they fail to comply with the order. All it says is that the order will be extended if they don’t comply, but if you’re not obeying it now, what difference does it make if the order stays in place for a few more years?”
In other words, this whole agreement amounts to: “Stop! Or I’ll say “Stop!” again.”
All this for a company that’s blatantly perjured itself repeatedly in court, provably tampered with evidence, (cite: http://www.holecity.com/break/main_f.html) and pissed off the original trial judge so badly he had to be removed from the bench because he was simply convinced that nearly everything MicroSoft said to him was an intentional falsehood.
Is this entire agreement bad? No, there is a small amount of good here. Like, say, 2%. But 98% of this agreement is total bullshit. In the real world, it’s completely worthless as a remedy to a company that’s even you conceed was proven in court to be an evil, predatory monopoly.
I don’t have a terrible problem with MicroSoft. I think their products suck, but they seem to be good enough. And they’re so simple to use morons can (and usually do) use them. And that’s all fine with me. Because I honestly do believe that Computer Operating Systems do tend towards a natural monopoly. But there is absolutely no reason to allow MicroSoft to abuse its monopoly and destroy free and fair competition and customer choice as they have provably done in the past. This agreement doesn’t come anywhere close to punishing them for their abuses of the free market. An effective or appropriate remedy?? Are you KIDDING me??
Not abusive. None of MS’ agreeements were illegal or even unusual in the software industry. At the time that MS made them they had not been declared to be a monopoly, and they did not believe themselves to be one.
But then you go on to say:
I’d agree. But these statements seem to contradict each other. If monopoly is inevitable, then there is no point in trying to ‘encourage’ competition that the market. The market itself doesn’t want it.
And which one of these did MS do, do you think?
Don’t worry, your secret is safe…
I asked you to quote from the agreement, not 3rd party spin.
I don’t believe that the agreement says what he says it does.
Nope. The agreement says no such thing. And even if it did, the provision of having a 3 member ‘technical committee’ would prevent MS from doing anything truely arbitrary here.
This also is not in the agreement.
What unfair pricing policies affect any but the top 20? The top 10 do more than 90 of all the OS volume anyway, none of the the little guys get any kind of a different deal than any of the rest. This simply a non-problem. The agreement prevents MS from discriminating against the top 20, which is quite good enough to insure competition (such as can be) without compilicating the bookkeeping by keeping track of people who sell only 1000 copies of Windows a year.
you aren’t, but Kero5hin is.
That quote is taken out of context. It’s meaning is severely limited by other provisions of the agreement. For instance:
The actual agreement reads:“Microsoft Middleware Product” means … the functionality provided by Internet Explorer, Microsoft’s Java Virtual Machine, Windows Media Player, Windows Messenger, Outlook Express
So your example, Media Player, is specifically prohibited from being declared ‘part of the OS’.
The reason for this should be obvious. But lest you think that they can use this as ‘blanket’ protection for any and all technical info. Keep in mind that the panel of 3 that insures compilance will have access to all source code and the right to overrule MS determination of what constitues ‘security’ relevant info.
Why should there be? Is it normal for Courts to issue judgments along with an expectation that the judgment won’t be followed? If MS violates then there will some form of ajudication at that time.
Oooh, pithy. Dumb. but pity. How is this different from any other court ruling?
Nope. No perjury, and no evidence tampering. MS told the truth, although in many cases the TRUTH is pretty technical and Jackson couldn’t understand what they were saying.
The man was incompetent to handle a case with this kind of technical detail. He knew it, and MS knew it. But he really really hated having them demonstrate it to him day after day. He got mad at being showing to be a fool so often and lost his objectivity. He deserved to be removed from the case. His believe that everything MS said was a lie is proof that he isn’t competent to judge truth in a case of this sort. It says nothing about MS, but a great deal about him.
And, I remind you that you also say:
Which, of course, means that consumer choice was doomed no matter what MS did. Nice of you to blame MS for the inevitable. It really helps your argument.
Look, forget about the noise on the Linux-apologists sites. They have an axe to grind, and will not give you the straight dope. If you stick to original sources and shun hyperbole, you will get a very different picture of what happened.
MS was a tough and relentless competitor that ended up on top in a market that wants natural monopolies. They didn’t STOP doing what put them on top once they became a monopoly because no-one TOLD them that they needed to start playing by different rules than everyone else and the people INSIDE the company weren’t thinking of themselves as a monopoly. There is not ‘intent’ to abuse here. It just happened.
They don’t deserve punishment because what they did is wrong only ex-post-facto.
If this agreement happens, then MS will follow it scrupulously. They will also do their best to make sure it doesn’t take them out of the game. That, my friend, is called competition. Don’t expect MS to stop competing just because they are on top at the moment. It just isn’t in their nature. Their worst fear is NOT the DOJ, but to become a has-been like IBM.
MS is a poster child for how a young, smart agressive company can take on a giant and win. Now they are the giant, but that lesson is engraved in their bones. They know that they can’t afford to relax or they will get their ass handed to them by someone hungrier.
It’s telling that not a single consumer was involved in this suit. Only competitors. Well, guess what, competition is supposed to harm competitors. If they liked MS that would be proof that there was no competition!