Hide It or Unbundle It: A Comparison of the Antitrust Investigations Against Microsoft in the U.S. and the E.U.

[Excerpt] Microsoft Corporation, the world’s largest software company, has been facing antitrust scrutiny globally. In the U.S., after what’s been called the antitrust trial of the century, a consent decree was reached between Microsoft, the United States government, and several states, that closely resembled the litigated remedy that the remaining states received. Only Massachusetts appealed the litigated remedy, which was approved by the appeals court on June 30, 2004. In the United States, Microsoft was required to hide, but not remove, the Internet Explorer browser on the Windows Operating System. While antitrust litigation was ongoing in the United States against Microsoft, the European Union (“E.U.”) was also investigating Microsoft under E.U. antitrust law. In March, 2004, after a five year investigation, the European Union Commission fined Microsoft 497 million euros, required Microsoft to offer the Windows operating system without Windows Media Player, and required Microsoft to disclose interfaces to competitors. On December 22, 2004, the E.U.’s Court of First Instance denied Microsoft’s request for a stay of this order, and ordered Microsoft to comply; the full appeal is pending at the time of this publication. This article will examine, compare, and contrast the protracted antitrust litigation that Microsoft has faced in the U.S. and the E.U. This article will then examine what further antitrust problems Microsoft may be facing

AdSplit: Separating smartphone advertising from applications

A wide variety of smartphone applications today rely on third-party advertising services, which provide libraries that are linked into the hosting application. This situation is undesirable for both the application author and the advertiser. Advertising libraries require additional permissions, resulting in additional permission requests to users. Likewise, a malicious application could simulate the behavior of the advertising library, forging the user's interaction and effectively stealing money from the advertiser. This paper describes AdSplit, where we extended Android to allow an application and its advertising to run as separate processes, under separate user-ids, eliminating the need for applications to request permissions on behalf of their advertising libraries. We also leverage mechanisms from Quire to allow the remote server to validate the authenticity of client-side behavior. In this paper, we quantify the degree of permission bloat caused by advertising, with a study of thousands of downloaded apps. AdSplit automatically recompiles apps to extract their ad services, and we measure minimal runtime overhead. We also observe that most ad libraries just embed an HTML widget within and describe how AdSplit can be designed with this in mind to avoid any need for ads to have native code

The Internet of Hackable Things

The Internet of Things makes possible to connect each everyday object to the Internet, making computing pervasive like never before. From a security and privacy perspective, this tsunami of connectivity represents a disaster, which makes each object remotely hackable. We claim that, in order to tackle this issue, we need to address a new challenge in security: education

Hardening the Browser: Protecting Patron Privacy on the Internet

As more and more time is spent accessing and producing content online, libraries need to position themselves to offer Internet privacy to patrons as well. This column details how to secure the web browser, from choosing state-of-the-art software to strong default settings to using add-ons to extend the capabilities of the browser

Using Control Frameworks to Map Risks in Web 2.0 Applications

Web 2.0 applications are continuously moving into the corporate mainstream. Each new development brings its own threats or new ways to deliver old attacks. The objective of this study is to develop a framework to identify the security issues an organisation is exposed to through Web 2.0 applications, with specific focus on unauthorised access. An extensive literature review was performed to obtain an understanding of the technologies driving Web 2.0 applications. Thereafter, the technologies were mapped against Control Objectives for Information and related Technology and Trust Service Principles and Criteria and associated control objectives relating to security risks. These objectives were used to develop a framework which can be used to identify risks and formulate appropriate internal control measures in any organisation using Web 2.0 applications. Every organisation, technology and application is unique and the safeguards depend on the nature of the organisation, information at stake, degree of vulnerability and risks. A comprehensive security program should include a multi-layer approach comprising of a control framework, combined with a control model considering the control processes in order to identify the appropriate control techniques.Web 2.0, Security risks, Control framework, Control Objectives for Information and related Technology (CobiT), Trust Service Principles and Criteria