Allchin stands up for Windows security

WASHINGTON--The antitrust remedy proposed by a number of states would weaken the security of Microsoft's operating systems and could further the illegal spread of music, movies and other digital content, according to the company's top Windows executive.

Jim Allchin, Microsoft's senior vice president for Windows, warned in testimony Tuesday that too much disclosure of technical information in the wrong areas would benefit hackers and create more opportunity for virus attacks.

"The more creators of viruses know about how antivirus mechanisms in Windows operating systems work, the easier it will be to create viruses or disable or destroy those mechanisms," Allchin testified.

Allchin, one of Microsoft's highest-ranking managers, took the witness stand Tuesday in the eighth week of testimony in a federal antitrust hearing. He is one of the few Microsoft witnesses appearing at this proceeding who also testified in the main, or liability, phase of the trial, which concluded in September 1999.

Like other witnesses, Allchin submitted written testimony to the court before an attorney for the states began the cross-examination process. Written testimony carries the same weight as that given in court.

Allchin is one of the last witnesses that the software giant plans to call before concluding its portion of the proceeding, which could determine a remedy for the company's antitrust violations. Last week, the software giant twice shortened its witness list, first removing eight people and then whisking away CEO Steve Ballmer. Chairman Bill Gates testified two weeks ago.

Microsoft shortened its witness list in part to limit the amount of new evidence that attorneys for the states could introduce in court, say legal experts, including documents that supposedly show that the company is using a separate settlement to tighten its grip on PC makers.

Nine states and the District of Columbia are seeking stiffer sanctions than a November settlement deal that Microsoft cut with the Justice Department and nine other states. The settlement, which U.S. District Judge Colleen Kollar-Kotelly has yet to approve, would largely put restrictions on Microsoft's business practices.

Among other things, the states' remedy would compel Microsoft to give away for free the source code--that is, the software blueprint--to Internet Explorer and to sell a version of Windows without so-called middleware, such as Web browsing and media playback software.

Allchin focused the bulk of his testimony on the issue of technical disclosure, such as application programming interfaces (APIs), which are essential to making sure third-party software works well with Windows. Both the Justice Department settlement and the states' proposed remedy require expanded API disclosure, but the states want significantly more.

Allchin responded in part to the testimony of Andrew Appel, a computer science professor at Princeton University, who contends that Microsoft could hide behind security concerns to limit API disclosure. Other critics of the Justice Department settlement, which Microsoft submitted as its remedy proposal for this proceeding, have raised the issue of disclosure of technical information.

In his written testimony, Appel called the settlement's security provision "an unjustified security exemption" that would "significantly restrict" Microsoft's technical disclosure.

Allchin testified that ill-thought-out disclosure would greatly compromise Windows security at a time when the company has made a top priority of securing its software. He rebuffed what he termed the "security carve-out" as inconsequential to technical disclosure but important to large segments of Microsoft's customer base.

"Preventing this functionality from being compromised is in our customers' interests," he said.

The piracy threat
Too much disclosure also would lead to more digital piracy, Allchin testified. He noted that product activation, a feature introduced with Windows XP, essentially locks the software to a specific hardware configuration. Another area of concern: rampant theft of digital content.

Gartner analyst John Pescatore says open documentation and public review of program interfaces between operating systems and applications will lead to stronger security mechanisms. see commentary

"Web systems such as BearShare and Morpheus enable users to exchange songs, music videos and other digital content over the Internet without necessarily paying any royalties," Allchin testified. "Owners of such digital content are...affected by the strength of the safeguards that...Windows can provide to prevent misappropriation of such content."

Allchin warned that if Microsoft were compelled to disclose all the APIs and technical information the states are asking for, the mechanisms for managing digital rights, used to protect content, would be compromised.

Besides addressing Appel's testimony on security and technical disclosure, Allchin attempted to counter the testimony of Sun Microsystems executive Jonathan Schwartz. In written testimony and during cross-examination, Schwartz charged that Microsoft is using Windows XP as a catapult into Web services, noting, for example, that some XP features require people to sign up for Passport, Microsoft's authentication service and a linchpin of its .Net sofware-as-a-service strategy.

Allchin mainly directed his criticism at Schwartz's definition of Web services. But he also dealt with the larger issue of whether Microsoft is trying to lock consumers and businesses into the company's Web services and software.

"We are not trying to force anyone to use Microsoft products," he testified. "We are instead seeking to make our products more attractive through innovation and by increasing their ability to interoperate with a broad range of existing software code," he testified.