In December, the European Commission and Microsoft arrived at a resolution of a number of long-standing competition law issues. Microsoft made a legally binding commitment that PC manufacturers and users will continue to be able to install any browser on Windows, to make any browser the default browser, and to turn access to Internet Explorer on or off. In addition, Microsoft agreed to use Windows Update to provide a browser choice screen to Windows users in Europe who are running Internet Explorer as their default browser.

So, when I install shiny new Windows 7 machines for my clients with a perfectly serviceable browser (IE8) with some great security features such as protected mode, I make sure the Windows Update has brought everything up to date and BAM! An icon appears on their desktop and prompts them to choose what browser they want.

So I choose IE, delete the icon and everyone is happy.

This is a complete waste of everyone’s time and money. The users who want an alternative still go and download the browser of their choice. Most don’t bother. Making a bad choice from the popup screen and deciding a while later you want to switch, or revert to IE is just a waste of people’s time, and in business this time will cost money. Across Europe this hidden cost will be huge.

The choice screen is currently only being pushed to users in UK, Belgium and France, but later will cover the whole of the European Economic Area. Just like the pointless “Windows N” without media player, this panders to niche software vendors without delivering any real value to anyone that cares. Pushing this out via Windows Update will only serve to confuse huge numbers of consumers. Many consumers are perfectly happy with the browser, media player, calculator and notepad that come with their computer. A few are not, and may go out and freely choose to install any software they wish, and pretty easily make it their default. Should we take away the simplicity of buying a PC, turning it on and using it? Why not strip out all of these free applications and make people go and download only the ones they choose? Once upon a time it was seen as a great idea that Microsoft (and Apple, and anyone else) gave away free software with their OS so you could just get up and running; this is now seen as anti-competitive.

There is lots of media buzz around Firefox, Chrome and other alternatives. Anyone that cares has probably read about these and can easily find out more and make their own choice. Presenting them with a screen in this way makes it feel like they have to make a choice, and then gives them options which are virtually impossible to distinguish – the fastest, shiniest, safest, most standards-compliant, most popular browser. How is any of this helping them to make an informed decision?

Next time you buy a box of cornflakes should it have a money-off voucher on the side which gives you a discount from any brand of breakfast cereal? Should it have helpful descriptions so you can choose an alternative to your normal shopping option? How would they differentiate themselves? The tastiest? Crispiest? Sugariest? Healthiest?

Is Internet Explorer really all that bad anyway?

Yes, I know some users will never hear about, or understand, or care enough to change their browser to an alternative. So what? IE8 is really a pretty good browser. I’ve been a Firefox user for years, and still use it as my main browser on a regular basis, mainly for some of the add-ons like NoScript and AdBlock Plus, but I do find myself using IE more often for sites that don’t load properly. In fact, the main thing which keeps me from using IE8 as my default browser is probably that I use IE for my Dynamics CRM work, and it is much easier for me to mentally separate by application than merely by tabs or sessions. The jump list for IE on Windows 7 makes more sense than for FF (frequent sites rather than local pages) and the ability to jump straight to a tab or open window from a list would be useful if I didn’t tend to have several dozen open tabs at any given time. I do find that Firefox seems to recover better than IE from crashes (of the app or of Windows) and get my tabs back more reliably (my laptop sometimes locks up when undocking and has to be forcibly powered off and cold started, and FF usually picks up where it left off).

I understand that publicly funded institutions like the BBC should not be in the business of advertising, and need to have disclaimers like “other listings magazines are available” (just in case you did not know there are alternatives to the Radio Times because you have lived in a cave and never visited a newsagent or supermarket in the last 25 years). I just don’t get why this should apply to a company whose prime objective is (and should be) to increase shareholder value. It’s that simple – their shareholders want to earn money, not make the world a fluffier warmer cuddlier place.

I tried Opera a year or so ago and at the time it was no better than Firefox (and worse in some ways), so inertia won out and I stuck with what I had been using for a few years. I would need a compelling reason to change, and I have not seen one yet from Opera. IE8 is beginning to convince me that Microsoft has the best alternative for me. Firefox went from nothing to holding a significant market share. Google Chrome is following nicely, albeit with a much bigger marketing budget and established brand.

Arguments may be made about which browser is the most secure – for me probably the biggest reason choose one over another right now since drive-by malware infections seem to be getting more frequent and worse to remove. There is certainly a discussion to be had about whether the same ruling should be made about Apple’s software bundling – I don’t care if they ship Safari and IE, should they not also be forced to provide the same breadth of choice as MS? What about their productivity applications? Should you get the choice to install OpenOffice (or some other third party option)? I have nothing against Apple, but they do seem remarkably immune to these sorts of legal challenges (because of their market share) when they are actually a much more closed shop bundling hardware and software together.

I wish the European Commission had better things to do with their time and my taxes than this kind of nonsense. I wonder if it makes any difference that the company making the noise about it (Opera) is European, and they felt duty bound to stand up to the perceived might of a US software giant.

What about non-MS applications bundled with new PCs?

A much better use of their time would be considering banning PC manufacturers from bundling trialware with PCs, or at least restricting this in a variety of possible ways:

• all trialware must come NOT installed, but give the user the choice to install it as part of their setup. This is NOT the same as giving them a choice not to register and run it.
• trialware must be free for at least the period of warranty of the hardware, usually at least a year
• before installing, the consumer should be told the current cost of continuing their subscription for longer than that trial
• if we can’t force them to not install it in the first place, there must be penalties for having uninstall routines which fail since the hardware is not fit for purpose with a half-uninstalled Norton suite on it which prevents other AV products working properly. Been there, sworn at that. Forcing me to download a separate removal tool is not an option unless you pay for my time in doing this. About £100 penalty should suffice.

I even object to bundling of unnecessary applications, browser toolbars, gadgets and other crapware, and double FAIL points for those which insist on trying to update themselves every day. Some are arguably designed to get the most out of your hardware (such as a utility to selectively switch off WLAN, Bluetooth or 3G connections), while others are just generic fluff. If a system builder installs Google toolbar I am surely less likely to feel a need for Yahoo toolbar. Isn’t this just the same anti-competitive behaviour MS is being accused of? Please at least give me the choice at the time of purchase to avoid all non-essential apps, especially those I could easily install later for free if I choose to. And while we are on the subject, Acrobat reader is NOT an essential app, and in light of recent security vulnerabilities, not far away from installing a backdoor for malware.

What do you think? Is this a big waste of money or an important decision for fair business practices? What browser(s) are you using right now and why?

The Court of First Instance essentially upholds the Commission’s decision finding that Microsoft abused its dominant position…The Court criticises, in particular, the obligation imposed on Microsoft to allow the monitoring trustee, independently of the Commission, access to its information, documents, premises and employees and also to the source code of its relevant products.

Microsoft had previously been fined EUR497 million for anti-competitive practices in the way they write and sell their software. Specifically they were found to be less than forthcoming in giving away information on APIs in their operating system products (particularly Windows server), which prevented other software authors from writing code which would operate and interact with the OS as successfully as Microsoft’s own offerings.

They were also found guilty and for bundling applications which stifled competition since end-users would be less likely to download a third-party alternative even if were better, since in most cases they simply would not feel the need to. The hugely important bundled software in question? Media Player. Yawn. I have used other players for various reasons such as different formats (QuickTime, Real Player), improved control of audio ripping and better looks (WinAmp), and I know lots of people who use iTunes because – oh yes, it came bundled with some popular music device (I forget the iName of it). Can we really get all that excited about this? Apparently the lawyers can. Microsoft were obliged under the original ruling to produce and offer for sale a version of Windows which did not have Media Player built in.

When they failed to do everything the court had asked to their satisfaction they were penalised on a daily basis, which soon added up more than 50% on top of the original fine, although payment was deferred due to the ongoing case. A year ago Microsoft were claiming that the court’s failure to clarify some issues might delay the European launch of Vista. Although Vista was not specifically a subject of the ongoing case, it was obvious that some parallels between the features of XP and Vista might lead to an obvious extension of the previous ruling.

Microsoft now have about 60 days to appeal the decision, but this has to be on a point of law, rather than any of the detailed technical matters and grey areas of opinion which made the original case and this appeal too esoteric for many outside commentators.

Read the rulings on the various stages of the case against Microsoft at the CURIA website (Court of Justice of the European Communities)

So, is this a storm in a teacup?

Microsoft face huge fines and have to pay 80% of the court’s costs as well as their own. Perhaps some people won’t feel too much sympathy here and cynics would argue that this cost will simply be passed on to their customers anyway in order to protect the shareholders, as any decent publicly-traded company should.

The question is: who really gains from this apart from the lawyers? Will this really make a difference to Microsoft? Will we see a radical shift in the functionality and stability of third-party products? Will everyone stop using Media Player (and who really cares if they do)? Who will be next now that this precedent has been set?

Let me know what you think (and rate your apathy on a scale of “mildly interested” to “yeah, whatever”). Comment form below.

Spread the word :

Anyway, despite the fact that these are a licence to print money, it seems this was not enough for the aptly named Cheetah, a subsidiary of TV production company Endemol.

In a ruling by Ofcom today against Channel 5, the broadcaster was fined £300,000 – a record for Ofcom’s Content Sanctions Committee. The basis for the fine was that competitions were not run fairly on several occasions as fake winners were announced and no prize money given away.

…between January and March 2007, Brainteaser had on three occasions entered fake names as competition winners and on two occasions production staff posed, on air, as ‘winners’.

Viewers were misled into believing that genuine winners had been awarded a prize when in some cases no-one had actually won the competition in accordance with the programme’s rules.

During its investigation, Ofcom was also informed by Channel 5 that … this had happened on seven separate occasions between January 2003 and November 2006. Further, another four similar or identical instances of unfair conduct had occurred in the programme Memory Bank (a spin-off of Brainteaser) during 2004.

The size of the fine reflects the serious loss of trust in public broadcasters that this sort of behaviour can cause, as well as acting as a warning to others to ensure their procedures are much more tightly controlled.

In a ruling yesterday the Information Commissioner’s Office decided that allowing staff to access data without proper controls (by using each other’s passwords) is not in compliance with the Act. This kind of lax IT management does not ensure that personal information will only be accessed by authorised people who have a good reason to do so. This does not meet the Act’s requirements that a Data Controller should have appropriate “technical and operational measures” to ensure data is processed in line with the Data Protection Principles.

The DPA is often mis-applied to situations in which it is entirely inappropriate. We have all come up against a call centre drone who won’t tell you whether your gas bill has been paid because it is in your spouse’s name and they “can’t because of Data Protection, you know”. While this kind of rubbish has perhaps reduced some people’s respect for it’s application, the Act does provide some very powerful protection for the man in the street, and (in theory at least) some real repercussions for businesses that choose to abuse the information they hold about you.

However, at its core it places obligations on business who store and use personal data to ensure that this is processed in a manner which affords a suitable level of confidentiality. One area in which this affects IT is in discussion of data security – you might interpret it to mean that your backups must use encryption, for example.

This latest ruling covers breaches by two companies, but the one of most interest from an IT perspective is the part which concerns Orange (emphasis mine):

The ICO received a complaint regarding the way in which Orange processed personal information, and in particular the way in which new members of staff were allowed to share user names and passwords when accessing the company IT system. Following its investigation, the ICO found that Orange was not keeping its customers’ personal information secure and therefore was in breach of the Data Protection Act.

I have lost count of the number of times I have patiently explained to someone why it is not smart to just give the new person (sometimes a temp) their own credentials.

In one case I found that the second temp covering a position during holiday leave was using the username and password the first one handed on to them – which was the personal logon the PA of a department head had given to temp one in the first place. This gave them access to all sorts of emails and appraisal information which were entirely inappropriate for someone who had not necessarily been vetted thoroughly nor had time to build up a level of trust within the organisation. IT had not been told of either of these people, and only became aware because of a helpdesk call which was logged by the second temp.

When explaining these things you may have to resort to making it personal rather than talking about corporate responsibility. “Lack of individual accountability within the system” means little or nothing to the average office worker; “you might get blamed for anything bad they do” gets through in most cases.

Now, I do live in the real world. I know that no matter how much I harp on about this to my clients and their individual employees, they will always find a reason why they feel that today’s special circumstances justified them breaking this rule. So, to meet this real-world challenge I have a number of tactics:

• make sure that people understand that with appropriate authority I can give someone else access to things they need using their own credentials. Don’t let Alice log on as Bob to access his home drive, I can give Alice those permissions and temporarily map a drive, for example, assuming I have Bob’s say so.
• use a sensible password expiry period so that even when (NB: not if, this is the real world) Charlie gives Dianne his password, it will stop working after a while. If Dianne leaves this protects external access methods (such as OWA, say). It also addresses my principle that if something breaks now and again (Dianne finds the password does not work) then the user will come to IT to find out why and you get to find out about these practices and re-educate the person appropriately.
• write a computer use policy, publish it, and get explicit agreement to it from all staff. Make clear in that policy that anything done with their user account is sufficient to hold them responsible for it. You don’t have to prove it was them – they are responsible for any activity in just the same way that they would be if they gave someone the keys to the office safe.

So now I get to add another angle to this: tell the directors (who are ultimately liable under DPA if found to be negligent) that they are personally as well as corporately liable to a substantial fine if found guilty of an offence under the Act. This means if they do not put in place appropriate measures to ensure their employees do not share passwords they could be found in breach of the DPA. While an enforcement notice is the most likely outcome for a first offence, frequent or badly negligent offenders may find themselves paying out.

The full text can be found on the DTI website – Waste Electrical and Electronic Equipment Regulations 2006 (pdf).

If you are involved in the manufacture or resale of goods which fall under the definition of the act you need to ensure you have the right labelling, and agreements with your suppliers and customers which make clear who is responsible for disposal issues. These agreements may have to treat consumers (“private households”) differently from business purchasers. Ultimately most businesses will be responsible for the management and cost of proper disposal, although part 6 makes it clear that there is nothing to prevent a business making other contractual arrangements with their suppliers.

If you are an IT manager planning a major replacement or upgrade programme, it would be worth including the disposal of old equipment in the scope you define before going out to tender for a supplier. If you don’t make sure this is covered you may come into work one Monday morning to find a large pile of PC’s and monitors on your office doorstep. Worse still, it might be an inspector from the Environment Agency paying a visit…

Of course, it is not just about planning at work, we all need to be a bit more considerate in the way we get rid of out of date consumer products anyway with our glut of mobile phones, music players and games consoles. Hopefully this regulation will give us real alternatives so we can comply with the instructions on the box that state “this product must not be disposed of in your household waste”. The downside of course is that ultimately these costs will get passed on down the chain and end up raising prices to the consumer. But maybe if you paid twice as much for that new iPod you would think twice before upgrading and this might slow some of the waste production and the use of raw materials and finite resources.

As a minimum this should include:

• the company’s full legal name and trading names (eg “Bloggs Ltd trading as Bloggs the Decorators”)
• the jurisdiction of the company’s registration (eg “England and Wales”) and company number
• the registered office address, labelled as such (not just included as a correspondence address)
• VAT number if applicable

The simplest way to deal with email would be in the email footer or signature put on by every individual, but in a big organisation this is hard to audit properly, adds up to large amounts of staff time to maintain and wastes a lot of storage space when included on internal emails.

Alternatively use your email server (such as MS Exchange) to add a corporate-approved wording to the bottom of all mails, or program your email gateway (which might be a spam and anti-virus filter too) to do this on emails as they leave the organisation. You may want to include other information such as the company website address or a legal disclaimer as well.