The government tried once to break Microsoft's "monopoly" power -- and may have kicked off the collapse of the high-tech bubble in a classic example of the Law of Unintended Consequences. So which is worse in this case -- the disease or the cure?
Whatever Microsoft Corp.'s strengths or failings as a developer of reliable software, the mere existence of an operating-system monopoly is a critical security risk, argues a new report released Wednesday at a Computer & Communications Industry Association (CCIA) gathering in Washington, D.C.Posted by Alan at September 26, 2003 12:10 AMWritten by seven IT security researchers, "CyberInsecurity -- The Cost of Monopoly" calls on governments and businesses to consider in their buying decisions the dangers of homogenous systems, and to diversify the software mix deployed in their organizations. It also urges the U.S. government to counterbalance Microsoft's user lock-in tactics by forcing the company to offer multiplatform support for its dominant applications, including Internet Explorer and Microsoft Office products.
Microsoft's pledge to improve its products' reliability won't fix the underlying problem of the vulnerability inherent in a system that depends on just one architecture, said co-author Perry Metzger, a computer security consultant.
"It doesn't matter how hard Microsoft works on security. So long as they continue to be human beings, there will continue to be flaws -- and you don't want every machine on Earth to have the same flaw revealed at the same time," he said. "It's as though every person in the U.S. had the exact same genes."
Beyond recommending diversification, the paper suggests steps the U.S. government could take to mitigate the effects of Microsoft's monopoly position. Forced publication of APIs (application program interfaces) for Microsoft's Windows and Office software would help, as would requiring the company to work with other industry vendors on development of future specifications through a process similar to the Internet Society's RFC (request for comments) system, the report said.
via IDG
Full report available from CCIA (pdf)