The European Commission warned Microsoft again Tuesday that planned security features in the upcoming Windows Vista operating system could run afoul of EU antitrust laws, prompting Microsoft to say that an adverse ruling from European regulators could further delay Vista's ship date.
In a statement Tuesday, EU Commission spokesman on competition Jonathan Todd said that the Commission believes that diversity and innovation in the security software market could be threatened if Microsoft doesn't allow reputable third-party security vendors to compete on an equal footing for customers.
The statements came in response to questions from journalists who had been briefed by Microsoft, Todd told InfoWorld.
Microsoft is reaching out to members of the press to express concern about the EC's stance on Vista security and to explain the reasoning that went into the company's decisions to integrate some security functions in the Vista operating system, according to Stephen Toulouse, of Microsoft's Security Technology Unit.
"We're doing what everyone asked us to do and making Vista secure," Toulouse told InfoWorld on Tuesday. "We believe we've set the security foundation higher in Vista than in other operating systems and we don't want to lower that," he said.
Microsoft is committed to delivering an EC-compliant operating system, and would abide by requests from the European Commission to remove security features if necessary, Toulouse said.
Unraveling security features such as the BitLocker drive encryption, Windows Defender and Windows Security Center from Vista at this late date would be a monumental task, however.
"I can't even speculate on how we'd deal with a request like that," Toulouse said, although he didn't rule out delays in the global release of Vista.
Todd rejected the idea that the EC would give a "green light" to any particular version of Vista, but said that Microsoft would have to produce a product that complies with EU competition rules, or risk an antitrust ruling from the Commission.
"We've made it clear to (Microsoft) for some time that it's up to Microsoft to make products that are fully compliant with EU competition rules, particularly in light of the March 2004 ruling on its abuse of its dominant market position," Todd said.
NeelieKroes, the European Commission's competition commissioner, wrote to Microsoft CEO Steve Ballmer in March to express concerns about the security features and requesting more information on them, but the company delayed responding to the letter until the end of August, Todd said.
Microsoft did a full court press on Tuesday to try to counter the EC's statements about antitrust concerns with Vista's security features, emphasizing the company's work with independent software vendors.
Speaking with InfoWorld, Toulouse, until recently program manager for Microsoft's Security Response Center (MSRC), explained the company's reasoning in adopting security features such as Patchguard, a feature on 64-bit versions of Vista that prevents applications from "patching," or modifying the Vista core processing center, or "kernel."
Patchguard was necessary to stop unauthorized applications and malicious programs from modifying the Vista kernel to take control of the operating system. Legitimate third party products, however, such as behavioral detection products, also need access to the kernel.