| HN Mirror

I don't think those extra rings would be useful for what is needed anyway.

ghusto 682 days ago

Couldn't you just ask some OS APIs provided by something in kernelspace for what you need? In fact, isn't this how macOS does things?

You could, and in fact this is what Microsoft wanted to do. The EU said that they couldn't.

And the reason why not is simple. Anything that Microsoft thinks is a good thing to add to the API, they'll add for themselves. When the new API is released, their software is released with it. This gives them a competitive advantage over competitors who have to wait for Microsoft to have the idea that they want, and then scramble to implement it after Microsoft does.

The EU is suspicious of this for the simple reason that Microsoft has a several decade history of doing exactly that. Repeatedly. My favorite example being the release of Windows 95 with Microsoft Word available at the same time, and with WordPerfect unable to run. By the time WordPerfect had figured out how to port their software to Windows 95, they were no longer the market leader.

> Windows 95 with Microsoft Word available at the same time, and with WordPerfect unable to run

That is somewhat revisionist history. WordPerfect admitted at the time they saw OS/2 as the future and were focused on that. Only in hindsight did they realize OS/2 was going nowhere (too bad, it was better than 95) and had to rush to get a WordPerfect for 95. Worse for them, they wrote each release of WordPefect in platform specific code (mostly assembly) so it wasn't a case of port to 95 it was a case of start over mostly from scratch.

Yes WordPerfect lost to Word with 95 - but it was bad decisions on WordPerfect's part. They had opportunity to get WordPerfect on 95 much faster. I don't know if it would have been fast enough, but they didn't even try until it was too late.

Sorry, who is being revisionist here?

The use of platform specific code was a performance necessity at the time, everyone did it. Part of the promise of Windows 95 was that it could run your Windows 3.1 programs. They bent over backwards for a ton of programs, but not WordPerfect. Microsoft also had an early access program to Windows 95. WordPerfect applied for it - and was denied access. After that the OS/2 bet was their only real hope.

The truth is that Microsoft had a long and documented history of using one monopoly to leverage into another. Over and over again they lost antitrust lawsuits, but internally regarded them as speeding tickets on the way to greater monopoly power. This history showed up in court. The internal documentation on the WordPerfect case showed up in the Netscape case, and is part of why Mocrosoft won.

It wasn't until the EU started charging Microsoft over $400 million per day for noncompliance in 2006 that Microsoft's attitude started to change. Now I see them as just normal big guys with a worse than average history. But back in the 90s and early 2000s? They EARNED the title of "evil empire".

diffuse_l 682 days ago

There is another point to consider here. The state of anti-virus solutions before Microsoft released Defender was horrible (probably still is).

It was full of ad infested solutions, which would crash your computer from time to time.

Defender at least was reasonably performant and tended to be stable.

You could say that since they had access to kernel source, they were better informed, but I guess if there was an API, the provided documentation would solve the issue (not necessarily, not everyone bothers to read the docs).

But then you get back on how to enforce equal and open access for everyone (the EU did try to make Microsoft open the Word file format, but turned out it was so complicated and documented in legacy code only, that Micorsoft had trouble giving useful docs)

Anyway, as you said, it's complicated...

Yes. Defender was legitimately better than the alternatives. In fact no AV at all was better - which is something that I learned from Google's Project Zero.

crmd 682 days ago

This is why tech conglomerates are anti-competitive and need to be broken up. There is no reason a leading operating system company should be allowed to also be a word processing, video conferencing, and music-selling company. They will leverage their control of the operating system business to gain unearned competitive advantage in the unrelated markets.

> There is no reason a leading operating system company should be allowed to also be a word processing, video conferencing, and music-selling company.

If I write a new OS how will you force the "word processing, video conferencing, and music-selling" companies to write code for it? If they don't write the above my OS is worthless, but if my OS fails in the market anyway they just wasted a lot of money. This is why OS companies tend to have the other things, their OS cannot exist in a vacuum and the only way to ensure they have those needed tools is to write them themselves.

You work deals for early access to your OS, and work to make your OS backwards compatible.

Nobody wants to try to be selling consumer software that is optimized for the out of date and unsupported version of the OS.

That only works if you are big enough. If you are BeOS trying to get your new better OS going you don't have the power to make any deals. For that matter Microsoft wasn't big enough, WordPerfect was going after IBM's OS/2.

lucianbr 682 days ago

The way I see it, Microsoft sells some antivirus software, and also gets to decide who is allowed or not to compete with their antivirus software, by providing or denying access to the API. Obviously unfair.

I think anti-virus should be part of the core os. This does kill all third party vendors - good riddance to most of them, sorry if there is one that isn't evil (I'm not aware of it)

lucianbr 682 days ago

Once the AV vendors exist, killing them, especially by Microsoft, is clearly anticompetitive.

If you could prevail on a government to decide that, maybe it could work.

One thing I see, is that AV has a component of maintaining a DB of signatures of bad things. This does not seem at all the job of the core os. Would the Debian team maintain such a DB?

It happens all the time that the big companies take something in house and kill a market. The car radio market is all but dead now that manufactures ship decent radios.

davidgerard 682 days ago

Don't believe the hype from MS. If this was really an unreasonable requirement MS could have just done it in an EU edition. But they didn't.

ghusto 682 days ago

Interesting! I guess there's no way to fix this with further regulation either, since it would be some work to prove MS had access to the API contracts before they released them.

The ultimate lesson then is to stop using MS stuff.

mywittyname 682 days ago

Microsoft was on their way to doing this, but was shot down by EU regulators because the APIs weren't available to all third-party vendors.

armada651 682 days ago

I think it's kind of ridiculous to then blame the regulators for the fact that Microsoft decided not to go ahead with a more competitor-friendly design.

The fact that Microsoft abandoned it as soon as a regulator pointed out how anti-competitive the design of the API was makes you wonder what Microsoft's true intention was. To me that implies the anti-competitive design was its main feature and to Microsoft it would've been pointless to continue without it.

mywittyname 682 days ago

Maybe. Not working at MS I can't say what their reasons were.

But another way of looking at this would be that perhaps they wanted to be the beta testers of the API themselves because opening it up would have been a maintenance liability for the company. Microsoft tends to be pretty good about backwards compatibility in ways that Apple is not.

We also don't know that these APIs were cancelled, they may make it into future versions of windows.

jen20 682 days ago

> With the current model kernel level access is required.

On Windows.

c0balt 682 days ago

Note: At least on Linux the main alternatives for this, either eBPF (e.g., pulsar or falcon) or a kernel module, both require this too.

kelnos 682 days ago

eBPF is at least somewhat sandboxed, no? So it doesn't quite have the access required to accidentally stomp on any portion of kernel memory it wants?

c0balt 682 days ago

Indeed it's executed via a Jit on something like a VM. However it can still, make your system quite disfunctional if, e.g., all filesystem or network calls are blocked.

vel0city 682 days ago

The version of the CrowdStrike sensor that caused kernel panics on RHEL/Rocky was using eBPF. It living in eBPF doesn't mean it can't cause system instability.

And as mentioned elsewhere, an eBPF module behaving badly but in valid ways can still make your system pretty unusable.

jen20 682 days ago

macOS does not require this however.