Microsoft's Security Plan Causes Concern

Microsoft's Palladium security system has sparked concern among some of the company's competitors in the operating system market, as well as with consumer and digital-rights advocates, but lawyers and security companies are less troubled.

Palladium is the code-name for Microsoft's new security initiative, announced Monday, which is designed to create a "trusted space" within a PC for certain programs and other sensitive operations to run in.

The system will require security hardware, in the form of a chip, as well as software, the company said Monday. The combination of hardware and software security could let users create documents and e-mail messages that expire after a certain amount of time, Microsoft says. It could also let music and movie companies take advantage of native support for digital rights management software that could let them limit how their content is copied or shared, and could stop users from running code that isn't digitally signed, Microsoft says.

Windows Users Win?

Windows users will get the majority of Palladium's benefits, at first, though Microsoft says that it plans to make the system interoperable with other platforms. Microsoft may publish the source code to Palladium to allow third parties, including competitors, to create systems that interoperate with Palladium, the company says.

Some Microsoft competitors were, unsurprisingly, less-than-excited about the announcement of Palladium.

"Microsoft is enamored with the closed world they've built with the Xbox where they control what software can run. They believe they can use that strategy to restrict competition and increase their control in the PC arena," says Michael Robertson, chief executive officer of Linux desktop operating system startup Lindows.com, in a statement.

The Xbox includes a security system that restricts what kind of code the console will run.

Open or Closed

Lindows, based in San Diego, and Microsoft, based in Redmond, Washington, are currently engaged in a lawsuit in which Microsoft is asking a court to bar Lindows from using that name for its Linux-based operating system, saying that it infringes on Microsoft's Windows trademark.

"Open systems beat closed systems--it's what has made the PC and Internet so successful," he says.

"Microsoft is proposing reduced consumer freedom over their computer and their media while cleverly disguising it as improved privacy. I don't care what big companies they have extorted to endorse this strategy, consumers will see through it and reject it," he says.

Another Microsoft foe, Sun Microsystems says in a statement that "Sun watches with keen interest as Microsoft's Palladium initiative, whose technology is years away, unfolds. We look forward to Microsoft addressing its immense security issues: bug fixes are only a temporary treatment for the symptoms of flawed product design and is not a permanent cure for the disease. However, it is good to see Microsoft finally taking code quality seriously."

Gaining Support

Third-party security companies have long been the beneficiaries, and borne some of the burden, of the security flaws in Microsoft's operating systems and applications. Though Microsoft may now be moving into its market, one such company, RSA Security, welcomes Palladium.

Palladium is "a great thing for security," says John Worrall, vice president of product management at RSA, based in Bedford, Massachusetts.

RSA is "really pleased to see Microsoft taking a lead in security," he says, adding that "starting from the base hardware and building up is a great model."

Though Microsoft has said that further announcements about Palladium are certain, it is less certain, though possible, that some of those announcements could involve other vendors.

RSA will be making an announcement about its relationship with Microsoft in the near future, says Worrall. When asked whether Microsoft has consulted RSA in designing Palladium, Worrall declines comment. Microsoft said Monday that it was consulting with other companies on the design of the system.

Antitrust Concerns

Questions about the involvement of third party software and hardware developers aren't the only ones that hang over the venture.

With a judge poised to rule in Microsoft's antitrust suit with the nine states that did not agree to the company's deal with the U.S. Department of Justice, another broad, Windows-centric initiative may seem ill-timed to some. However, these concerns may not be well-founded, says Bob Schneider, a partner and the head of intellectual property department at the Chicago law firm Chapman & Cutler.

Palladium "could be [an extension of the Windows monopoly], but I don't think at this stage it has risen to that level," he says.

Because Palladium depends so much on the hardware component--something that is "outside the scope of what Microsoft does," in Schneider's words--the system, as currently described, may not become an antitrust concern, he says.

Opening Up?

Nonetheless "there is a possibility that it can" be used that way, he says. "The answer depends more on how it's developed and how Microsoft uses it."

"[Microsoft's] innovation often leads to detrimental results for their competitors," he says.

One step that could minimize that impact would be publishing Palladium's source code, Schneider says.

"By making it open, that would ... very, very substantially reduce any problems," he says.

Microsoft, however, may not pursue that path if the ruling in the states' antitrust case goes strongly against it, he says.

"That would dramatically affect how the whole company proceeds," he says.

A strong anti-Microsoft ruling, one which could lead to a less-feature-rich Windows or the publication of some Microsoft source code, might cause the company not to make Palladium as open, he says.

"If Microsoft gets hit very hard ... that's certainly going to modify drastically how [it] proceeds," he says.