Trustworthy Computing in 2002

2002 was the year that Linux made big news, and Microsoft admitted that Linux was its greatest threat. Microsoft’s continued attempts at spreading Fear, Uncertainty and Doubt (FUD) in an effort to turn people away from Linux and Open Source didn’t get anywhere. Microsoft’s major focus on increasing security didn’t get anywhere either. To top it off, Microsoft even ended up paying people to use its software.

Trustworthy computing?

The multitude of virus and security related issues that occurred in 2001 left Microsoft with plenty of egg on its face. As a result of such obvious failings, Microsoft initiated the ‘Trustworthy Computing’ scheme, with its positive focus on reliability, security, privacy and business integrity. 2002 saw Microsoft marketing many ‘initiatives’ such as this, using names which stood for the opposite of how people actually felt about the company and its software.

In a further bid to stop people from focusing on its failings, Microsoft decided to take a month out early in the year to perform a security review, apparently costing $100 Million. Although appearing dedicated to becoming more secure, the security-conscious ‘plans’ didn’t do much for Microsoft’s attitude. Not only did Microsoft continue taking months (literally) to patch the multitude of fresh bugs that were appearing, but it deemed incidents such as the SSL flaw in August as unimportant, and in the end it was forced (literally) to patch it. The attitude against any reported bug was that if it didn’t match Microsoft’s check-list criteria then it wouldn’t be fixed, even though it was in its power to do so.

Even by the end of the year Microsoft hadn’t shown any real signs of change. In December Microsoft provided a patch for a flaw in Internet Explorer, but downplayed its importance, rating it ‘moderate’ although experts said it was serious and could be exploited to take over a user’s machine. This came at a time where Microsoft had just earlier modified its rating service, so that fewer vulnerabilities would get the higher ratings. The flaw was one of many discovered by security company GreyMagic as early as October, and with the patch in December Microsoft still hadn’t fixed 18 flaws found at that time, six of which were reported to be serious.

Microsoft’s trustworthiness was questioned earlier in the year, as it voiced a desire to keep the discovery of bugs in its software hidden from public knowledge, wishing only to disclose the information after a fix had been made available. This meant that applications could remain vulnerable indefinitely, until Microsoft decided (if in fact it did decide) to fix the problems, and nobody would even be aware that a vulnerability existed – except maybe a few crackers and their friends. Needless to say, the vast majority of people were firmly against this stance.

The success of Microsoft’s Xbox game console was dependant on Microsoft maintaining full control over the Xbox and the software it would run (the same lock-in based situation that applies to all console manufacturers), as it was losing money producing the console and sought to make a profit from subsequent software sales.

Xbox used a hardware-based security system, consisting of chips that used encryption to deter people from running any software except what Microsoft wanted them to run, preventing piracy and maintaining Microsoft’s control over what the Xbox was used for.

The encryption was soon cracked, enabling the development of ‘Mod chips’ that removed any restrictions imposed by Microsoft. This also meant that the Xbox could be used as an inexpensive PC that would even run Linux, losing Microsoft valuable software sales. Shortly after the first Mod chips were available, Microsoft discarded its current stockpile of chips – at a further loss – and got nVidia (the supplier of the chips) to create new ones that were tougher to crack. About a week later the new chips were also cracked.

Obviously lacking in the area of security, near the end of the year Microsoft bought Liquid Audio’s digital rights and file transferral patents, and also bought the company XDegrees to secure its .Net core.

Microsoft openly admitted that security hadn’t been at the forefront of its business model, but came up with a weak excuse that this was due to people being unwilling to pay for it. With this statement Microsoft tried to paint a picture of security being an optional extra rather than a necessary component that had been neglected. Microsoft’s Craig Mundie even went so far as to say “The operating system is designed to run on machines that are not designed yet”, taking the blame from Windows and placing it with hardware manufacturers!

At this time Microsoft came out with the idea of Palladium, a combined software/hardware based security system. The idea was that only trusted and approved applications and data would be able to run on your computer. With 2002 seeing a great deal of conflict concerning digital rights, Microsoft jumped onto the scene pushing Palladium, as it also had the desire to maintain control of its own intellectual property. Palladium seemed a logical answer for digital rights, allowing the creator of an application or data to deny access to those things on any user’s hard disk, even allowing files to be remotely deleted. The idea of what this system could do caused concern, and the idea of Microsoft having control over it caused even more concern.

In October, Gartner said that Microsoft would be unlikely to have anything that comes close to secure software until 2004 at the earliest, and it was also around this time that Microsoft mentioned a desire to start selling security products! Later in October there was a security breach on the server operating the Windows Beta website, a repository for nearly all Microsoft software applications undergoing beta testing. Any number of applications currently in beta could have been compromised even though they weren’t (according to Microsoft). Regardless of whether or not any applications were compromised, this was a further blow to Microsoft’s increasingly poor security.

During the year there was a plethora of bugs in Microsoft’s SQL server, IIS, Outlook/Outlook Express and components of Microsoft Office. There were a barrage of news articles pointing out the vast number of security issues within Microsoft’s Internet Explorer (IE), some even going so far as to advise that people ditch IE altogether. While IE got bad press, Mozilla hit the press as it achieved it’s 1.0 milestone, producing a stable Open Source browser adhering to Web standards better than IE. Microsoft’s polluted Java implementation was reported to be full of holes, while the holes were not found in Sun’s original version of Java on which Microsoft had developed. In fact, it appeared that Microsoft had a kind of Midas touch, where everything it touched turned to holes.

Even some of the patches Microsoft provided for the holes were poorly developed. There was the IE patch that claimed to fix vulnerabilities that it didn’t, the IE patch that caused the browser to crash, the Outlook Express patch that wouldn’t install, the Win2K service pack that caused a Blue Screen Of Death and various other patches that appeared to cause problems. Also, there was WinXP service pack 1.

WinXP service pack 1 was supposed to fix some issues and implement changes brought about by the Anti-Trust case, including the allowing of OEMs to replace middleware such as Internet Explorer from being the default browser. The service pack proved too complex for OEMs to deploy easily, therefore most chose not to deploy it with their PCs. The service pack was alternatively available by download, but appeared to push the user to download it via Internet Explorer 5 or above. Accepting the End User License Agreement for the Windows XP service packs allowed Microsoft to legally access your data remotely, which in turn sparked privacy fears.

OEMs had previously been under contract with Microsoft that they should only sell PCs with Windows (whether or not the user wanted to use Windows, or already had a copy), and the price of any PC automatically included the price of Windows. As a result of the Anti-Trust case, August 1st saw new Microsoft licensing terms put in place which prevented Microsoft from retaliating against OEMs. The new terms were that PC makers must ship PCs with an operating system, and Dell took advantage of the new terms and subsequently sold PCs with a copy of FreeDOS.

Passport / .Net

Based on Microsoft’s Passport, its much hyped .Net service ‘Hailstorm’ was supposed to increase Windows’ appeal, attracting people to the .Net platform. The problem was that it would put everybody’s data in the hands of Microsoft, placing it in control of everybody’s security – something which Microsoft apparently wasn’t very good at. An attempt at renaming it from ‘Hailstorm’ to ‘.Net My Services’ didn’t fool anybody either, regardless of how nice the name was, people were not interested. In the end Microsoft pulled Hailstorm and took it back to the drawing board due to the obvious negativity towards it.

Earlier in the year, a poll by ZDNet to find out how many developers were considering developing for .Net showed that a large percentage of them were interested in it. It was later discovered by ZDNet that the poll was rigged by Microsoft employees voting multiple times and using automated scripts. To make things worse for both .Net and Microsoft’s new stance on “Trustworthy Computing”, the .Net Developer Kit was also found to have a security flaw in it.

In April Gartner produced information stating that users of Microsoft’s Passport doubled. Although this news could cause us to assume that it was highly successful and loved by all, the survey also revealed that 84% of customers had only registered with Passport as it was required to access other Microsoft services such as Hotmail, WinXP and Messenger.

Later in the year the FTC investigated Passport concerning false representation of security and privacy by Microsoft which, as usual, never even admitted that it had done anything wrong but agreed to do something about it.

Anti-Piracy

Microsoft started out with its anti-piracy scheme, late 2001, with the release of Windows XP and its dreaded Product Activation. The Product Activation technique meant that any significant change of hardware on your system would cause Windows to prompt you to contact Microsoft and verify your activation code, failure to do this would mean that you would be denied access to your software. This didn’t go down well with anybody, and drew attention to the fact that many people were using a copy of Windows on more than one PC, going against Microsoft’s licensing regulations.

In 2002 Microsoft looked to the nations where software piracy was strong, such as China, and made them do something about the problem. Rather than achieving the result where these nations repented, bought legitimate copies of Windows and increased Microsoft’s profits, they announced that they would be switching to the free Linux operating system and Open Source software. Countries such as Mexico and Peru also took this stance. Realizing the threat posed by this, Microsoft representatives flew out to these countries for talks with their governments and ended up handing out large amounts of cash, providing their education and software development sectors with free software worth millions of dollars. Although Microsoft would lose money short-term, it would make money in the long run, a similar strategy to that of the game console manufacturers. Software upgrades would ensure that Microsoft maintained its cash flow, and the threat of Linux would be significantly removed by the widespread use of Microsoft’s proprietary protocols and file formats (locking users into Windows due to compatibility issues).

Microsoft’s anti-piracy manoeuvres also focused on schools. In the USA, because Microsoft wanted to check that each machine was running fully licensed software, some schools were notified that an expensive software audit would need to be performed within 60 days. As this required documented evidence, it seemed impossible to comply, and Microsoft advised that schools should not accept any PC (donated or otherwise) unless documentation was provided. If the schools failed the software audit then they could register all of the computers running Microsoft software for an annual fee (something that Microsoft was later to force upon everybody via Licensing 6).

After this incident Microsoft itself ended up freely giving away money and software to third-world schools, under the commendable guise of bridging the digital divide (which itself was helped along by Microsoft’s extortionate prices, proprietary file formats and forced software upgrades – which usually required a hardware upgrade too). Microsoft appeared even more two-faced as it continued to overcharge western schools that were already using Microsoft software – except for where Microsoft gave millions in software to those schools or colleges that voiced interest in switching to Open Source.

One incident that caused controversy was that of the university of Waterloo in Canada, where a pro-Microsoft curriculum was announced at the same time as a large donation from Microsoft was made, ensuring that students would be learning .Net development. There was another incident concerning universities in Texas where, to extinguish the high amount of piracy, tuition fees were raised to cover the software costs and the students would pay less for Microsoft software. Of course, to those who didn’t use Microsoft software it meant that they were being charged unfairly, which is similar to Microsoft’s tactics towards OEMs of “you can’t sell a PC without selling a copy of Windows with it”. This would mean people were more likely to stick with Microsoft software because they’d already paid for it.
These situations all showed Microsoft as desperately attempting to get everybody using its software (even by offering it at a loss), and once hooked extracting as much cash from them as possible, or using the situation to promote development for the proprietary Windows environment.

Microsoft not doing itself any favors

Product Activation proved a bad start for Microsoft, late 2001, getting people on the defensive side. In 2002, to cause further turmoil, Microsoft brought out a new Windows licensing plan labelled Software Assurance/Licensing 6. This forced people to upgrade their operating systems by paying an annual subscription fee or face paying anywhere from 45% up to 107% more for licenses later on – and all this during a technology recession. This caused many to buy before the deadline and others signed new multi-year contracts, doubling Microsoft’s profits. Needless to say, this didn’t go down too well, even those who were pro-Microsoft were frustrated with the company’s attitude.

In late November Microsoft mentioned that the following year it would create a new “Open Value” licensing plan, due to the negativity generated by Licensing 6. Part of this new plan would mean that any sign of a large ‘defection’ from Microsoft products to Open Source products could get Microsoft to offer discounts of up to 50%.

The attempt at offering Microsoft Office as a subscription based service was dumped as nobody was interested. But Microsoft caused more than a stir when they later announced that Office 11, the upcoming version of Microsoft Office, would only run on Win2000 or above and would not be compatible with older versions. This was necessary (as reported by Microsoft) due to security issues.

To top it all, Craig Mundie stated that “Customers’ continued reliance on earlier versions of Windows, rather than the current Windows 2000 and Windows XP, is slowing down efforts to secure the global computing infrastructure”. This did little more than blame the bad state of computer security on those who were using older software, rather than the fact that Microsoft’s older software was created with very poor security that it wouldn’t freely fix.

Desperate measures

Open Source became the focus of everybody’s attention, becoming more of a viable option due to big names such as IBM, HP, Dell and SUN all backing Linux, helped along with the growing lack of trust in Microsoft. The Open Source PHP scripting language overtook Microsoft’s ASP, and Open Source Apache Web server overtook Microsoft’s IIS.

In March Microsoft CEO Steve Ballmer Wept for Windows during the Anti-Trust season. Microsoft released a video of it in both Windows Media Player and RealPlayer format, obviously wanting everybody to be able to access it – probably for the first time in history.

During the Anti-Trust case, the Alexis de Tocqueville Institution (a small think tank promoting free-market principles) published a white paper against the use of Open Source software. The paper was reported to be very weak and poorly-researched. The Alexis de Tocqueville Institution itself received a significant portion of its funding from Microsoft, and much of its research was aimed at issues important to Microsoft.

Microsoft’s Anti-Unix campaign wehavethewayout.com didn’t get much credit, as the Website was (at the time of release) discovered to be hosted on the Open Source Apache Web server, running on the FreeBSD operating system.

Microsoft got a taste of its own medicine when Open Source zealots in California and the Philippines called upon their governments for laws supporting the use of Open Source software. Microsoft didn’t like that and created the “Software Choice” movement, stating that it was unfair and that everybody should be free to choose what software they used. This was a very two-faced and self-condemning statement from Microsoft, considering its stand on proprietary formats that tie people to Microsoft products, the software bundling that gave it an unfair advantage and killed off its competitors, and the forced inclusion of Windows with every PC purchase (all things in which Microsoft has never admitted any wrongdoing).

Congressman Adam Smith, who’s biggest political contributor was Microsoft, began circulating a letter asking for signatures in a petition against the Open Source GPL license. This caused a major outcry from the Open Source community, and rather than doing any damage it made congress aware of the strong support behind Open Source. The letter was withdrawn, and most who signed the petition said that they didn’t even know what they were signing.

At one stage, around September, Microsoft repented about the FUD it had spread concerning Linux/Open Source, and proclaimed that it would instead turn to focusing on the strengths of Windows. From that point on, rather than focusing on the strengths of Windows, Microsoft expanded its attentions from the PC to other ways of spreading its grip: such as cellphones and PDAs, wireless networking, the Xbox game console, etc. (just to note, it was revealed in November that all of Microsoft’s other ventures had made losses). In October, after many news articles commenting on Microsoft’s poor security, Microsoft went back on its word and once again attempted to deride Open Source security via the medium of FUD.

Although criticising Open Source, Microsoft changed to accommodate some of the Open Source techniques, such as focusing on a development ‘community’ and opening its source code (although it was read-only). Microsoft created the Shared Source License, which allowed developers to view the code for purposes of developing, debugging and supporting both commercial and non-commercial products. While deriding Open Source it was back to stating how open code did nothing for security, and mentioning that not many people had shown an interest in Shared Source. This was quite strange as Microsoft stated in the first place that it had created Shared Source due to customer demand. A short while after this, Microsoft was again promoting Shared Source as though it were a great asset. Microsoft certainly did appear to be changing with the times.

Microsoft stated that it was focused on listening to the customers needs, and did indeed appear to be making changes to its plans due to customer demands. However, when your customers are constantly complaining about you and are considering dealing with your competition instead, what else do you do? Yet again, Microsoft appears to look good in a bad situation.

Nearer the end of 2002 Microsoft started an advertising campaign for the Macintosh version of Microsoft Office. The advertisements showed Macs and PCs getting along together, promoting compatibility between the two. Some could see this as Microsoft deciding to get along with its competitors, and as Microsoft said, it shows its commitment towards the Mac. But considering that until this time Microsoft had never shown any commitment to the Mac, and that disgruntled Windows users had at that time started to look towards an alternative operating system, I’m sure that Microsoft would rather they switch to the Macintosh than Linux. After all, Microsoft never said that the Macintosh was its greatest threat, and uncertainty of commitment had been one of the major reasons people were wary of any Open Source software.

India was becoming a key player in the tech/software market, and appeared to be looking towards Linux. In November, Bill Gates travelled to India, giving them (from the Bill and Melinda Gates Foundation) $100 million towards fighting AIDS. Bill also announced that Microsoft was investing $400 million in India over the next three years to promote the use of Microsoft solutions, and a further $20 million for e-learning (adding the Microsoft influence to schools). At that time Bill said that “India is of strategic importance”, appearing to openly admit that he was bribing India (via his self-owned charity) to go with Microsoft.

When critics accused him of bribery, and that he was doing it to make his company look good, Bill responded that this was not the case, the foundation was independent of Microsoft and was founded long before any claims of anti-trust. Still, one could question why the foundation always appeared to follow Microsoft around whenever it needed to coax governments into using Microsoft solutions. As Bill said, the foundation was independent from Microsoft; but, it wasn’t independent of Bill Gates, and when you think of Bill Gates you think Microsoft. And just because the foundation was created before the odor of anti-trust was found around Microsoft doesn’t mean that Bill couldn’t be using it in an impure way, Microsoft’s conduct had been questionable long before the Anti-Trust case started.

Giving money to fight AIDS was far from bad, however, Bill’s motives for doing this (especially at this critical time of ‘strategic importance’) would appear questionable. And if Bill’s giving of money to fight AIDS is considered to be generosity, shouldn’t we also consider why Bill gave four times that amount of cash towards investing in India’s tech sector?

Ironically Bill’s visit to India gave a huge publicity boost to Linux and Open Source, causing the Indian government to seriously consider the use of Linux.

In late December, users of Microsoft Office in Norway asked Microsoft to translate it into their New Norwegian, or Nynorsk, language. Microsoft declined, pointing out the large cost involved in such a task. Eventually Microsoft agreed to translate it after most of Norway’s high schools threatened to boycott all Microsoft software if it didn’t.

Anti-Trust

After the Anti-Trust case concluded, when Microsoft had been found guilty of acting as an illegal monopoly, and settlement plans had been made, Steve Ballmer said that Microsoft has “learned and grown through the experience of the last four years. We are committed to moving forward as a responsible leader in an industry that is constantly, constantly changing.”

Microsoft has treated everybody with contempt for years, and all it can say about this is that it has learned from it? Bill Gates proclaimed, “This settlement puts new responsibilities on Microsoft, and we accept them,” and also that he was “personally committed to full compliance.” It’s a pity that he wasn’t so happy to play fairly and responsibly for the past few years.

Again, Microsoft never admitted that it did anything wrong. Microsoft pleaded innocent, yet it was found guilty.

Leaked Memo

In November a memo leaked from Microsoft showed the results of a telephone survey of developers, sysadmins and business executives who make decisions on IT spending. This concluded that Microsoft’s efforts at turning people away from Linux/Open Source by attacking it were ineffective. In fact, it showed that most people were already quite familiar with Open Source, and were in favour of it. The main reasons why people were pro-Open Source was due to the Total Cost of Ownership being lower and also purely because it was an alternative to Microsoft products.

Sun v Microsoft

In December Sun Microsystems, the creator of the Java programming language, took Microsoft to court hoping to get its Java Virtual Machine (JVM) distributed with Windows. Previously Microsoft had distributed its own ‘doctored’ JVM but had been found guilty of polluting and de-fragmenting Java. During the court case Microsoft attorney David Tulchin said, “The antitrust laws were not promulgated so that one competitor could take a free ride on the back of another competitor”. But would this statement not confirm that Microsoft’s own software bundling with Windows was anti-competitive, giving its own separate products the advantage of this free ride? If the ‘free ride’ on Windows is worth so much, should Microsoft be allowed this advantage just because it owns Windows and is not in competition with itself?

Around this time Microsoft was preparing itself to face a separate anti-trust case by the European courts. If Microsoft was found guilty of anti-competitive practices by the European courts, one resolution being considered was to “unbundle” Windows Media Player from Windows. Microsoft didn’t like this idea at all, saying that removing Windows Media Player would damage Windows, and it was something it wasn’t prepared to consider. From this it was clear to see that Microsoft was desperate and determined to bundle its software with Windows, signifying that it was fully aware of the great advantage bundling gave.

Conclusion?

Microsoft has continually brushed off the big problems or unfavourable situations it has created with smooth sales talk, acting as if it’s the only company that has been wronged, and announcing extravagant plans to make everything better. Foolishly people continually come back to take another beating, still believing the hype that Microsoft thrives on.

Microsoft would like to put the past behind it, however, this is no reason for everybody to forget what it has done. The Microsoft we see now is still trying to force itself upon everybody, cutting out consumer choice and sucking as much money out of people as possible.

For Microsoft, 2002 was filled with failings, inadequacies, lies, cover-ups, passing-the-buck and (as usual) relentless pressure to upgrade. These are the actions of a company promoting ‘Trustworthy Computing’. But is it trustworthy?