News
Microsoft Tells Some Users No on Vista
After years of delays and billions in development and marketing efforts, it would
seem that Microsoft Corp. would want anyone who possibly can to buy its new Windows
Vista operating system. Yet Microsoft is making it hard for Mac owners and other
potentially influential customers to adopt the software.
Microsoft says the blockade is necessary for security reasons. But that is
disputed. The circumstances might simply reflect a business decision Microsoft
doesn't want to explain.
The situation involves a technology known as virtualization. Essentially, it
lets one computer mimic multiple machines, even ones with different operating
systems. It does this by running multiple applications at the same time, but
in separate realms of the computer.
Virtualization has long been used in corporate data centers as a way to increase
server efficiency or to test programs in a walled-off portion of a machine.
The technology also has been available for home users, but often at the expense
of the computer's performance.
But now that Macintosh computers from Apple Inc. use Intel Corp. chips, just
like Windows-based PCs, virtualization programs let Mac users easily switch
back and forth between Apple's Mac OS X operating system and Windows. That could
appeal to Mac enthusiasts who want access to programs that only work on Windows,
including some games.
Consequently, the launch of Vista seemed to be a good opportunity for Parallels
Inc., a subsidiary of SWsoft Inc. that sells virtualization products.
Unlike Apple's free Boot Camp program that lets Windows run on a Mac, Parallels'
$80 virtualization product for Macs does not require users to have just one
operating system running at a time. Parallels runs Windows in a, well, window
on the Mac desktop.
Parallels also sells a $50 version for Windows PCs -- which would let people
run both Vista and its predecessor, Windows XP, so they can keep programs that
aren't yet Vista-compatible.
The price of the virtualization software does not include a copy of Windows.
And to get that copy, buyers have to agree to Vista's licensing rules -- a legally
binding document. Lurking in that 14-page agreement is a ban on using the least
expensive versions of Vista -- the $199 Home Basic edition and the $239 Home
Premium edition -- in virtualization engines.
Instead, people wanting to put Vista in a virtualized program have to buy the
$299 Business version or the $399 Ultimate package.
Macs account for less than 5 percent of personal computers in the U.S., but
Ben Rudolph, Parallels' marketing manager, says they nonetheless represent a
market he's surprised to see Microsoft present with roadblocks.
"Vista is undeniably cool and undeniably important," Rudolph said.
"This is really an opportunity to reach people who normally wouldn't be
using Windows, whether it would be Mac users or Linux users."
The least-expensive versions of Vista actually would work in virtualization
programs. But Microsoft wants to restrict it because of new security holes spawned
by the technology, according to Scott Woodgate, a director in Microsoft's Vista
team.
Lately Intel and rival chip-maker Advanced Micro Devices Inc. have built virtualization-friendly
hooks directly into microprocessors. The goal was to make virtualization work
better, but Woodgate argues that the move created a security flaw -- essentially
that malicious programs can run undetected alongside an operating system.
Indeed, last year a security analyst showed how AMD chips with virtualization
support made computers vulnerable to such an attack. (That researcher, Joanna
Rutkowska, said she presumed it would work on Intel-based systems as well, but
she didn't have time to try).
AMD challenged the feasibility of such an attack and said virtualization did
not decrease computer security. Intel concurred; spokesman Bill Calder called
Rutkowska's claims "overstated."
But Microsoft took notice. Woodgate said Microsoft considered banning virtualizing
Vista entirely, on all versions. But ultimately, he said, his team decided that
the most technically savvy users, or people in companies with tech support,
probably could handle Vista in virtualization programs, while home users should
be steered away.
The prohibition applies not only to third-party virtualization products like
Parallels, but also to Microsoft's own Virtual PC software, which is available
as a free download. (It does not apply to Apple's Boot Camp product, which is
not virtualization software.)
"We're balancing security and customer choice," Woodgate said.
However, there doesn't seem to be much evidence that technically savvy people
wouldn't want the less expensive versions of Vista. Rudolph at Parallels said
virtualization customers often just need the most basic version of Windows possible
to let some favored application run.
Plus, even though Microsoft will let virtualization products run the higher-priced
versions of Vista, some powerful features in those editions are also forbidden
in virtualization. The license agreement prohibits virtualization programs from
using Vista's BitLocker data-encryption service or from playing music, video
or other content wrapped in Microsoft's copyright-protection technology. Microsoft
says virtualization's security holes make those features dangerous as well.
Rudolph believes many users will be so confused that they avoid Vista altogether.
Of course, that's Microsoft's decision to make, and it seems logical if you
buy the security argument.
But not everyone agrees a virtualization lockdown is justified. In fact, virtualization
has been considered a security enhancement. If applications run within their
own walls, malicious code can be confined to that zone and not infect the rest
of the computer.
"Nobody's complained to us that there's security issues with our products,"
said Srinivas Krishnamurti, director of product management at EMC Corp. unit
VMWare, which plans to release a product for Macs this summer.
In a statement e-mailed after the interview, Krishnamurti added: "The
Vista licensing limitation is akin to the industry saying, `Hey, consumer, when
you connect your PC to the Internet, there is a chance you can download adware,
spyware or malware so we don't think you should connect to the Internet using
a browser.' The world would be a very different place if the industry made that
decision in the '90s."
Rudolph acknowledged that "there's always going to be a security risk
in any piece of software." But he added that if Parallels "was really
not that secure, we would have heard about it substantially."
And even Rutkowska, who argued that her virtualization attack last year --
which she called "Blue Pill" -- proved a glaring weakness in the technology,
said Microsoft's decision regarding Vista would make no difference. "I
really don't see how Microsoft could use this mechanism to prevent Blue Pill
from loading," she said.
Apple would not take a position: Spokeswoman Lynn Fox said Mac users who want
to run Windows in virtualized programs should ask the virtualization vendors
about security.
Michael Cherry, an analyst with Directions on Microsoft, said virtualization
may indeed introduce new complexities and security challenges. "But they're
not greater than the technical issues surrounding some of the other features
(Microsoft) decided to include," he said. "I don't buy that virtualization
is dangerous."
Cherry believes what's really going on is that Microsoft wanted to create more
differences between the multiple editions of Vista, presumably giving people
more reason to buy the most expensive versions.
But Microsoft's Woodgate insisted that this was not a marketing decision.
"We are absolutely working with our partners to resolve this security
issue," he said.