The New Software Morality

When, two years ago, Microsoft purchased Romanian anti-virus vendor, GeCAD, as part of its Trustworthy Computing initiative, I warned the result might lead to a queue of anti-trust lawyers gathering around the Capitol building in Washington, as the thriving and lucrative anti-virus industry protested at the very notion of Microsoft including better security in its products.

Time has passed and the mutters of discontent seemed to have subsided following diplomatic expressions of co-existence with the Redmond giant from the largest Anti-virus companies. However, this month, Europe decided that the prospect of Microsoft marketing consumer security was an oxymoron that demanded further investigation and the Brussels anti-trust regulators have reportedly invited Symantec to volunteer its opinions on Microsoft OneCare a plan for comprehensive, subscription-based consumer PC health check service that will offer automatically updated anti-virus, anti-spyware and firewall protection.

There is however a moral slant on this story that makes me uncomfortable. In a rational world, a company, such a Microsoft, which many would regard as directly or indirectly responsible for the mess we now find ourselves in, might reasonably be expected to offer inclusive measures that would make the Windows platform more robust from a security perspective. Two years ago after a number of conversations with people at Microsoft, I was fairly satisfied that a number of people in the Trustworthy Computing group, would have been quite happy to bundle better and better security into Windows entirely free of charge. “The trouble is”, one person told me, “is that the anti-virus industry would scream anti-trust if we did. We would have to charge”, he said, referring to GEcAD, “because the rules won’t let us give it away free.”

Whether Microsoft has changed its position and would now prefer to milk the consumer instead I don’t know but I doubt it. In my own experience, Microsoft wants to be able to deliver the best possible security to the weakest link in its business, the millions upon millions of consumers who are unwittingly breeding tens of thousands of botnets and other nasties that threaten the economic fabric of the internet on a daily basis. But if I’m right, Microsoft can’t because the law won’t allow it for free software when you are as big as they are.

In some way, this is rather like saying that if you buy a new house; the builder is not permitted to make it burglar-proof. Of course you can have basic locks but double-glazing is certainly not permitted, neither is an inclusive burglar or fire-alarm. You have to go to the aftermarket for these and perhaps pay through the nose on a subscription basis if you want any peace of mind.

Without a doubt, Microsoft, through previous anti-trust actions which very nearly saw it broken-up, has created a moral dilemma which the courts cannot easily resolve. Instead, through vigorously protecting society against the risks of a software monopoly, the courts have unwittingly created something approaching a cartel of commercial security interests which run contrary to the interests of a billion or so internet users.

In theory, internet security should be free and transparent to the end user in much the same way as one takes for granted one’s television or telephone won’t be hacked. But this is an industry now worth in excess of $20 billion annually and it’s not one that you can expect to be given away to the man in the street or even Microsoft without a fight.