The EU continues to dictate how Microsoft is allowed to operate in Europe

The market share war for browsers, word processing suites, and other products wasn’t much of a war when it came to Windows in the mid to late 90s.  Microsoft was producing full-featured products which it increasingly tied to its own operating system.  At the same time, it blocked or slowed the development of would-be competitors by withholding information on the OS.

This strategy, either brilliant or anticompetitive, depending on your viewpoint, landed Microsoft in hot water in 1999 when U.S. Federal Courts ruled that Microsoft was a monopoly which had used its powers to crush threats to the monopoly.  In the decade since, Microsoft has been forced to make a number of reforms.  While it has mostly avoided additional charges in the U.S., it has continued to run into trouble with the European Union, which has picked up where the U.S. left off.

The EU has already fined Microsoft over $2.4B USD for not making its interfaces open enough and refusing to comply with its rulings.  As a result Microsoft has been forced to pay these massive fines and offer new services to competitors to make their products more compatible with Windows.

Now, following a fresh round of accusations which included criticism of Microsoft’s bundling of Internet Explorer with Windows, the EU, according to reports, has reached a new decision which may set a new worldwide precedent.

The EU will require Microsoft to package third party browser software with Windows.  Furthermore, it will require Microsoft to provide further support efforts to make third party browsers’ interface with Windows components like Windows Explorer as efficient as Internet Explorer’s.  The ruling is set to apply to both desktop Windows OS’s and to Windows Mobile for cell phones.

Jonathan Todd, spokesperson for EU Competition Commissioner Neelie Kroes states, “If the Commission’s preliminary conclusions as outlined in the recent statement of objections were confirmed, the Commission would intend to impose remedies that enabled users and manufacturers to make an unbiased choice between Internet Explorer and competing third party web browsers.  (Microsoft will have to allow users) to choose which competing web browser(s) instead of, or in addition to, Internet Explorer they want to install and which one they want to have as default.”

EU officials propose a ballot screen when first using the OS which will tailor it to a specific browser of the user’s choice.  Another possibility, it says, is for Microsoft to negotiate with its OEMs who manufacture computers or phones with Windows and have them select the third party browsing software.  Among the browsers considered as candidates are Firefox, Safari, Google Chrome, and Opera.

The move comes at seemingly strange timing, when Firefox has finally established a solid foothold against Internet Explorer, which happens to be at a decade low of around 60 to 65 percent.  However, the decision represents long standing complaints from an EU.  It also marks a change in policy from previous rulings on Microsoft’s Windows Media Player.  With Windows Media Player, the EU required Microsoft offer a version of Windows without it.  Of course, almost everyone picked the version with it, though.  States one anonymous EU official, “That remedy was rubbish.”

Microsoft has until March to draft a formal response to the EU’s latest charges.  A final decision from the EU is not expected until then, but there appears to be a consensus that offering competitive software appears to be the best idea.  Microsoft reacted to the news with little emotion, stating, “We are committed to conducting our business in full compliance with European law. We are studying the statement of objections.”

Some speculate that the EU could bring similar regulations against Apple, which practices similar bundling of its Safari browser.  However, Apple computers continue to be a bit player in market share, so such a move seems unlikely, as the primary argument here is based on Microsoft’s dominant OS position.

Source: DailyTech

REDMOND, Wash. – Microsoft Corp. is taking the unusual step of issuing an emergency fix for a security hole in its Internet Explorer software that has exposed millions of users to having their computers taken over by hackers.

The “zero-day” vulnerability, which came to light last week, allows criminals to take over victims’ machines simply by steering them to infected Web sites; users don’t have to download anything for their computers to get infected, which makes the flaw in Internet Explorer’s programming code so dangerous. Internet Explorer is the world’s most widely used Web browser.

Microsoft said it plans to ship a security update, rated “critical,” for the browser on Wednesday. People with the Windows Update feature activated on their computers will get the patch automatically.

Thousands of Web sites already have been compromised by criminals looking to exploit the flaw. The bad guys have loaded malicious code onto those sites that automatically infect visitors’ machines if they’re using Internet Explorer and haven’t employed a complicated series of workarounds that Microsoft has suggested.

Microsoft said it has seen attacks targeting the flaw only in Internet Explorer 7, the most widely used version, but has cautioned that all other current editions of the browser are vulnerable.

Microsoft rarely issues security fixes for its software outside of its regular monthly updates. The company last did it in October, and a year and half before that. - AP

source: GMANews.TV

read the Microsoft Security Advisory

The good old FF browser gets little love when it comes to security

Firefox has its plate full when it comes to security.  It has grown a substantial enough market share to place it in a strong second after Microsoft.  This gives it a high profile and leaves it a desirable target to be exploited by hackers and malware writers.  Worse yet, it has less money to fund security efforts that Microsoft, and according to some experts, less focus as well.

While small market share browsers like Opera and Chrome have built a reputation on their security (with Safari, being a noticeable exception, have a reputation for insecurity), Firefox continues to plod along in a day to day fight, trying to remain a secure platform while dealing with the challenges of browser celebrity.

Perhaps for this reason, Bit9, an application whitelisting firm that helps employers block employee access to certain apps, placed Firefox on the top its list of most vulnerable apps.  The remaining spots on the list were filled out with more familiar names, with two through twelve respectively being: Adobe Flash & Acrobat; EMC VMware Player, Workstation, and other products; Sun Java Runtime Environment; Apple QuickTime, Safari, and iTunes; Symantec Norton products; Trend Micro OfficeScan; Citrix products; Aurigma and Lycos image uploaders; Skype; Yahoo Assistant; and Microsoft Windows Live Messenger.

The Bit9 study looked at several factors in ranking vulnerability.  One factor was how popular the applications were.  Another factor was how many known vulnerabilities existed, and how severe they were.  Lastly, it looked at how hard patching was for the particular application.

In order to make the list, programs hand to run in Windows and not be centrally updatable via services such as Microsoft SMS and WSUS.  Many say that the survey was unfair to Apple products because it kept easier patched Microsoft applications off the list.

In some ways, though Bit9’s list is a useful benchmark.  It aptly points out that many networks have Firefox installations running on machines, without the system administrator being fully aware of the instance of these installs.  Thus, despite the fact that most of the vulnerabilities looked at have been patched, the installs may not receive these patches immediately, until the employee upgrades to the next edition of the browser.

The study’s conclusions only marginally apply to the consumer market.  However, when it comes to the business market, the study argues that picking or allowing employees to run Firefox, even with its security plug-ins, is a ticket to the IT danger zone as malware increasingly targets application layer targets such as Firefox.

source: DailyTech