May 7, 2002 8:25 AM PDT
Allchin stands up for Windows security
- Related Stories
States' slip-up gives Microsoft leverageMay 6, 2002
Ballmer dropped from witness listMay 3, 2002
Can Microsoft play nice with PC makers?May 3, 2002
Microsoft shortens witness listApril 29, 2002
Gates vs. states: Who came out on top?April 25, 2002
Expert: Windows can be broken into partsApril 10, 2002
Breakaway states nix Microsoft pactNovember 6, 2001
The agreement: Devil's in the detailsNovember 2, 2001
Microsoft, Feds reach a dealNovember 2, 2001
Jim Allchin, Microsoft's senior vice president for Windows, warned in testimony Tuesday that too much disclosure of technical information in the wrong areas would benefit hackers and create more opportunity for virus attacks.
"The more creators of viruses know about how antivirus mechanisms in Windows operating systems work, the easier it will be to create viruses or disable or destroy those mechanisms," Allchin testified.
Allchin, one of Microsoft's highest-ranking managers, took the witness stand Tuesday in the eighth week of testimony in a federal antitrust hearing. He is one of the few Microsoft witnesses appearing at this proceeding who also testified in the main, or liability, phase of the trial, which concluded in September 1999.
Like other witnesses, Allchin submitted written testimony to the court before an attorney for the states began the cross-examination process. Written testimony carries the same weight as that given in court.
Allchin is one of the last witnesses that the software giant plans to call before concluding its portion of the proceeding, which could determine a remedy for the company's antitrust violations. Last week, the software giant twice shortened its witness list, first removing eight people and then whisking away CEO Steve Ballmer. Chairman Bill Gates testified two weeks ago.
Microsoft shortened its witness list in part to limit the amount of new evidence that attorneys for the states could introduce in court, say legal experts, including documents that supposedly show that the company is using a separate settlement to tighten its grip on PC makers.
Among other things, the states' remedy would compel Microsoft to give away for free the source code--that is, the software blueprint--to Internet Explorer and to sell a version of Windows without so-called middleware, such as Web browsing and media playback software.
Allchin focused the bulk of his testimony on the issue of technical disclosure, such as application programming interfaces (APIs), which are essential to making sure third-party software works well with Windows. Both the Justice Department settlement and the states' proposed remedy require expanded API disclosure, but the states want significantly more.
Allchin responded in part to the testimony of Andrew Appel, a computer science professor at Princeton University, who contends that Microsoft could hide behind security concerns to limit API disclosure. Other critics of the Justice Department settlement, which Microsoft submitted as its remedy proposal for this proceeding, have raised the issue of disclosure of technical information.
In his written testimony, Appel called the settlement's security provision "an unjustified security exemption" that would "significantly restrict" Microsoft's technical disclosure.
Allchin testified that ill-thought-out disclosure would greatly compromise Windows security at a time when the company has made a top priority of securing its software. He rebuffed what he termed the "security carve-out" as inconsequential to technical disclosure but important to large segments of Microsoft's customer base.
"Preventing this functionality from being compromised is in our customers' interests," he said.
The piracy threat
Too much disclosure also would lead to more digital piracy, Allchin testified. He noted that product activation, a feature introduced with Windows XP, essentially locks the software to a specific hardware configuration. Another area of concern: rampant theft of digital content.
Gartner analyst John Pescatore says open documentation and public review of program interfaces between operating systems and applications will lead to stronger security mechanisms.
Allchin warned that if Microsoft were compelled to disclose all the APIs and technical information the states are asking for, the mechanisms for managing digital rights, used to protect content, would be compromised.
Besides addressing Appel's testimony on security and technical disclosure, Allchin attempted to counter the testimony of Sun Microsystems executive Jonathan Schwartz. In written testimony and during cross-examination, Schwartz charged that Microsoft is using Windows XP as a catapult into Web services, noting, for example, that some XP features require people to sign up for Passport, Microsoft's authentication service and a linchpin of its .Net sofware-as-a-service strategy.
Allchin mainly directed his criticism at Schwartz's definition of Web services. But he also dealt with the larger issue of whether Microsoft is trying to lock consumers and businesses into the company's Web services and software.
"We are not trying to force anyone to use Microsoft products," he testified. "We are instead seeking to make our products more attractive through innovation and by increasing their ability to interoperate with a broad range of existing software code," he testified.
2 commentsJoin the conversation! Add your comment