They are known for their operating system, Microsoft Windows, which became quite popular after version three, especially the Workgroups edition.  Their office suite, Microsoft Office, and web browser, Internet Explorer, are widely used as well.  However, ever since Windows 95 and the release of Internet Explorer version 3, a massive amount of controversy has surrounded the company, and it has been indicated that there is indeed a dark side to the Redmond Software Giant.

At the beginning of 2006, LUKE of Revere Radio Network posted on the Revere Radio forums about a report of a possible backdoor in the Windows Operating System.  Steve Gibson of Security Now discovered that the Windows Metafile vulnerability, which required a third party patch while waiting for Microsoft to respond, did not appear to be an ordinary bug.  It appeared to be a feature that would allow for certain metafiles to execute programming code, a no-no security-wise in the IT field.

Well, okay. First of all, it makes no sense at all in a metafile device context. In the context of processing a metafile, setting a printer abort is crazy because it's not a printer context. You don't print metafile contexts in this way. It's just not the way it's done in Windows. So it doesn't make sense. But it's like, okay, well, so maybe, you know, it's there anyway; they didn't think to remove it or take it out. Except that, when I was pursuing this and finally got it to work, what Windows did when it encountered this Escape function, followed by the SETABORTPROC metafile record, was it jumped immediately to the next byte of code and began to execute it. That is, it was no longer interpreting my metafile records record by record, which is the way metafiles are supposed to be processed. You don't actually execute the metafile. As we said before last week, and I think the week before, it's sort of a script. It's a script of Windows graphics calls that allow you to specify, you know, draw a rectangle from here to here, draw a line from there to there. And it's in a nice sort of device-independent fashion. So you don't run the code in the metafile. But what Windows did when it encountered this particular nonsensical sequence was to start executing the next byte of code in the metafile. --Steve Gibson: Security Now Episode #22

It was then pondered whether or not there was indeed a backdoor in Windows itself, but in the next episode of Security Now, Gibson downgraded his claim, due to the malicious sound of the word "backdoor."  However, it is important to understand that backdoors can sometimes be unintentional.  Rick Duncan, a Microsoft employee told me in a classroom on UCM's campus during a special event that he was not aware of the Windows Metafile vulnerability, which is also indicative of the problem of compartmentalization in a large software corporation.  Either way, to date, Microsoft has offered no explaination as to why such a feature would be allowed in their operating system and what the purpose was.  The issue died down, but controversy rose up again due to anti-piracy efforts on the software giant's part.

On April 25, 2006, Microsoft implemented a new feature in Windows Update called WGA (Windows Genuine Advantage) that determined whether a copy of Windows XP was legitimately licensed or not.  There was just one small problem: the program would contact Microsoft's servers at every boot-up.  Brian Livingston of Windows Secrets accurately called it as it was: spyware.

"I was not asked for consent when the WGA Validation Tool — the one that, like spyware, phones home — installed itself. In fact, as can be seen from this screenshot which immediately preceded the automatic download and installation of the WGA Validation Tool, I could easily argue that I was misled into thinking I was going to download and install something else when in fact, I was downloading and installing, without my consent, software that apparently phones home."  David Berlind, ZDNET Blogger

High priority updates are essentially updates that are viewed as critical.  Often enough, it is due to security vulnerabilities.  However, according to David Berlind, the description of WGA was lacking to say the least.  Also, the software itself was a test release, so naturally, there were bugs.  Some computers that were legitimately licensed were seen as invalid for example.  It is generally a bad idea for an everyday user of software to install pre-release software, and often enough, if it is alpha, or even beta, they will opt not to use it.  With WGA, no choice was given.

WGA comes in the toolkit and notification tool.  The toolkit phoned home to Microsoft on every startup, while the notification tool told the user whether or not their software was valid.  As can be guessed, this spelled trouble for technicians servicing computers.  False positives in this pre-release software caused headaches.  The controversy doesn't end there.

Although the idea has been suggested many times in the past, in August of 2006, a company got into trouble due to a system administrator using illegal copies of Microsoft software, and that admin was fired.  However, the company itself became a potential target of the Business Software Alliance (BSA) in which Microsoft is a prominent member.

Without saying anything, he gestured with his head that I should pick them up and look them over. It was a bid from Microsoft for license upgrades. What caught my eye was the second page. This company had been the focus of a BSA audit four months ago. It seemed that the fellow who had been taking care of his system had used a pirated copy of Windows Server 2003 and Windows XP Professional on most of the desktop units. It was my turn to look over the top of my glasses at him. It's a middle-age thing...we think it's cool and makes us look wiser. Shhhh, just let us keep the illusion, ok? Besides 162 baseball games a year and a new bar-b-que grill, we have little else. I shook my head and put the papers back down on the desk face-down. I wouldn't want anyone else seeing them either. MS had him in a bit of a pickle. The alluded-to deal was simple. Sign a contract agreeing to the afore-mentioned licensing upgrades, and Microsoft would overlook the trangression. The way they made it sound was that Microsoft had little to do with the BSA-imposed fines...they were being thier buddy in making the offer. This CEO had done his research and knew the that little seperated the BSA from Microsoft. --Blog of Helios, August 25, 2006.

Again, such a concept is not new.  In the past Microsoft has been accused of blackmailing businesses overseas in the past after the BSA caught them using pirated versions of their software.

"If you call BSA, you will reach Microsoft," he says. "They shield Microsoft's actions with the BSA name. It's bad for us and [for] the software industry." --Mario Tucci: Novell's Latin America country manager [Source: Mother Jones January/February issue 1998]

James Love, who at the time of publication of Mother Jones in 1998 stated that, "...these seem to be stories of blackmail."  Other companies, such as Novell and Lotus refused to join the BSA due to the preferential treatment Microsoft was getting.  In some of the cases cited in Mother Jones, there were individuals who were working for both the BSA and Microsoft.

Anti-trust issues aside, the conflict of interest with the BSA and Microsoft fighting piracy efforts was added to at the end of 2006 with the "patent covenent" with Novell and Microsoft, in which some people referred to it as Hell freezing over.  Not everyone was enthusiastic at such a deal however.  Jeremy Allison, cofounder of the Samba Project, left his paid position at Novell due to the covenent.  In response to this, Mark Shuttleworth, founder of the Ubuntu Linux project, opened his hand to OpenSuSe developers by saying, "If you have an interest in being part of a vibrant community that cares about keeping free software widely available and protecting the rights of people to get it free of charge, free to modify, free of murky encumbrances and “undisclosed balance sheet liabilities”, then please do join us."  In response to critics who argued that he was being opportunistic, Mark Shuttleworth stated, "No offense was intended to SuSE - it’s a great distribution. This is about Novell’s extraordinary decision to legitimise Microsoft’s IP claims over Linux in general."

"Novell delivered the head of Linus to Bill Gates on a silver platter." --Anonymous Novell employee, Blog of Helios

One has to wonder.  What's next?  Is there the potential for FUD (Fear, Uncertainty, and Doubt) to be placed on other distributions of Linux?  Steve Ballmer of Microsoft did state that there were "undisclosed balance sheet liabilities."  Would distributions be infiltrated one by one, as developers abandoned ship to other distributions until most of them were decayed from the inside out with proprietary code?  From the reading of articles and blogs, this does appear to be a big fear, even though it is not said directly.

The controversy did not end with the end of 2006.  At the end of 2006 Ken Starks, author of Blog of Helios, was placed under a gag order by a judge who was not identified in one of the final blog posts of 2006.  As a result of much of the controversy, the Free Software Foundation has become more of an activist group, having recently launched badvista.org, a site campaigning against Windows Vista.  The FSF has also campaigned against Digital Rights Management arguing that DRM technology restricts the rights of consumers who use digital devices everyday.

Ironically enough, even Bill Gates himself has criticized DRM.

"People should just buy a cd and rip it. You are legal then." --Bill Gates, December 14, 2006 quoted in Tech Crunch.

The software giant appears to be staying the course, despite criticism on the part of Peter Gutmann concerning DRM.  On episode #74 of Security Now, Gutmann appeared as a guest and explained the problem with Windows Vista and DRM.

"And so it’s one thing for that to be in an HD-DVD player. And in fact we’ve already seen, consumers have seen the consequence of that when they stuck a DVD into their first-generation players, it would take up to or in some cases more than a minute for the player and the disk to negotiate all of the crypto going on just internally within the player. And Leo, I was thinking about how you had commented that, when you stuck your HD-DVD on your Xbox 360, it didn’t take long." --Steve Gibson: Security Now!  Episode #74

In episode 74 of Security Now, it was mentioned on numerous occasions that the new protection scheme for HD content was going to be very expensive and very impossible.  Gutmann noted that hardware manufacturers were still trying to rush to get their drivers out before Vista ships in February of this year (which is not too far off).  Also, concerns with NSA involvement may cause even more people to not adopt Windows Vista.

"A few years ago I was ready to believe the NSA recognized we're all safer with more secure general-purpose computers and networks, but in the post-9/11 take-the-gloves-off eavesdrop-on-everybody environment, I simply don't trust the NSA to do the right thing." --Bruce Schneier: January 09, 2007 in his own blog!

The Washington Post recently reported on Microsoft acknowledging that the NSA assisted them in determining the security of the upcoming OS.  Infoworld has also reported that it was the first time that the NSA evaluated an Operating System before release.  Marc Rotenberg of the Electronic Frontier Foundation expressed concerns as did Bruce Schneier on his own blog.

"With Vista expected to eventually power the majority of the world's personal computers, it would be tempting for the government agency to push for a way to gain access to data on these systems, privacy advocates say." --Infoworld: January 10, 2007