Which raises the question - barring EU legislation, what exactly is the issue with Microsoft reserving kernel access for themselves while blocking every other third party vendor from being able to access it? Some misguided notion of “fairness”?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
EU Has 'No Intention' to Repeal DMA Following Apple Challenge
- Thread starter MacRumors
- Start date
- Sort by reaction score
Which raises the question - barring EU legislation, what exactly is the issue with Microsoft reserving kernel access for themselves while blocking every other third party vendor from being able to access it? Some misguided notion of “fairness”?
Think about it from the perspective of users of security software. I'm not talking about consumers, but huge corporations who have to manage and secure thousands if not millions of PCs in their orgs. Do they want another tech monopoly in this crucial area? Or do they prefer to have a range of competing vendors to choose from. MS can't possibly provide security solutions that will cover all the needs that those organisations might have. It's much better to have some competition and a range of vendors to choose from.
Just as an aside. Apple already has similar APIs for the kernel/OS that MS is now developing. It's called Endpoint Security. Third party vendors can plug into it and provide the services large corporations need to manage their fleets of Macs.
In 2006 Microsoft tried to lock down Vista!
AV companies complained to the EU , the EU publicly warned Microsoft, and in response Microsoft created new kernel-level interfaces so AV companies could still operate under PatchGuard rather than locking the door like Microsoft had wanted to do.
That decision, made under duress in response to the EU, made widespread third-party kernel drivers the norm, which I guess was good for competition, but is terrible for users when a vendor pushes a bad update.
So now, 20 years later, years after Apple did so, and it’s clear even to the EU the harms of not doing so, Microsoft is moving out of the kernel, which they could have done earlier if EU pressure hadn’t pushed them to keep third-party drivers deep in the OS.
Here is the wording of the EU-MS agreement:
Do you see kernel-level access mentioned here? No. Nothing prevented Microsoft from implementing out-of-kernel APIs to mitigate what happened with Crowdstrike. Why did they not do it? Who knows. It would have been the prudent thing to do as we now know.
Source: https://www.theregister.com/2024/07/22/windows_crowdstrike_kernel_eu/
Another quote by the journalist who wrote the article above:
Last edited:
Part of me wonders if the reason why Microsoft did nothing pre-Crowdstrike was the fear of antitrust lawsuits. It's kinda ironic if Crowdstrike had to happen in order to provide the conditions that would let Microsoft justify what they are doing right now with zero pushback from legislators, now that everyone knows what is at stake.
Again, Microsoft tried in Vista, AV companies pushed back and the EU publicly warned Microsoft not to.
Just because the text doesn’t say “shall provide kernel access” doesn’t mean the EU regulations discouraged Microsoft from doing the right thing. Because they literally did. Remember “spirit of the law”, not what the text says.
This idea that there are literally no downsides to regulations and negative consequences are never the regulations’ fault, but rather the company’s fault is insane.
Putting all the blame of one (admittedly huge and rather public) security incident solely on regulation is also insane. There is no panacea for human error. You can't run huge fleets of PCs without security software. Do you know for sure, that such an incident would not have happened, if Microsoft locked out all competing security vendors out of the operating system?
And living in a non-EU country puts iPhone owners at risk of not being able to install the software they want on the devices they own.
A far greater risk than malware infection, which shouldn’t be possible anyway if iOS was secure by design.
I don’t put all of the blame on the regulation. But it literally wouldn’t have happened had the regulation not been in place. Which means a very large part of the blame does indeed fall on the EU, despite their and their defenders’ protestations otherwise.
"by increasing the feature set to be comparable to an alternate platform, with more features, the user is faced with fewer choices"
"More choice is actually less choice. Also, war is peace. And freedom is subjugation"
Welcome to upside-down-land, where water is dry, black is white and down is up.
That’s not a risk. You own the hardware not the software.
If Microsoft cant secure windows after so many years, what makes you believe that 100% operating systems are capable of being programmed.
They’re ABSOLUTELY correct here. By taking away an option for a safe and secure closed option, consumers lose it. Less choice for consumers.
If Apple installed Android on iPhones then all of their DMA problems go away. And consumers would have no choice whatsoever.
The DMA isn’t about choice. It’s about an ideological opposition to closed ecosystems. They said Apple had to change because they’d go out of business, and when it turned out a profitable subset of consumers preferred it, they bamboozled regulators to ban it because it was “too anticompetitive”.
Isn't the issue that viruses and malware had access to the kernel, thereby necessitating security software with the same degree of access? At the same time, we also have people complaining about anti-cheat software like Denuvo which accesses the kernel as well (even when it arguably has no legitimate reason to), but it doesn't seem like anyone can reasonably do anything about that, because it's not technically against the law. Not even the EU.
It's like not allowing me to lock my doors at night, while still making it my responsibility to keep burglars out at my own expense. I guess it could still be done so long as I throw sufficient time and money at the problem, but I am not happy that you have just made my job that much harder for me, so what exactly is the incentive for me to go that extra mile again when there's zero benefit to me?
I mean, I can't guarantee there will be zero security issues whatsoever, but it certainly feels like there would be a lot fewer occurrences (because a major vector of attack simply wouldn't be accessible to most bad actors). I also get that no government will ever voluntarily admit fault for an issue if they absolutely didn't have to.Right now, everybody here seems to be treating EU government legislation as gospel, just because it's attacking a public company everybody loves to hate on right now (Apple).
Whatever the EU says is perfect and will have absolutely zero downsides whatsoever, and if something does cock up, it must be the fault of the parent company for not having done more or going out of their way to prevent said incident from happening. At the end of the day, government organisations are still made up of people, and the effectiveness of said legislations are only as good as the people writing them (and their ability to forecast and pre-empt future problems).
What I am trying to say is - more often than not, there is good in bad, just as there is bad in good. So long as people residing in the EU are cognisant of the tradeoffs involved (both present and future), and are fine with certain Apple ecosystem features either coming late or not coming at all.
At the end of the day, what is life, if not a bundle of tradeoffs.
Amen!
The EU’s cookie regulation is a perfect example. The regulation said that sites had to get “informed consent” for tracking, but it didn’t provide a clear, simple mechanism for doing so. That left companies with two choices: either make their sites function without tracking (in most cases, a literally impossible adjustment given ad-driven models) or build consent banners that strongly nudge users toward “accept.”
Unsurprisingly, most went with the latter. I see people on here all the time say “Well actually, it’s the websites’ fault, not the EU’s” as if we live in some magical universe where advertising isn’t the lifeblood for the free web.
And sure, I’ll give you the text of the regulation doesn’t mandate ugly, disruptive popups, but it absolutely incentivized them. Anyone who worked in tech could have told you that this would be the end result, and honestly the fact that the EU didn’t understand that is proof positive they’re not qualified to be regulating tech. I don’t work in tech, and have never worked in tech, and I could have told you it’d be the end result. Yet those in charge of regulating tech couldn’t figure that out? Or, did realize it out but thought “that’s fine” and then pretend “it’s not our fault” rather than have the courage to say “yes it makes things worse but we think it’s a small price to pay.” How on Earth can anyone defend that?!?!
And not only do many of you defend it, here we are fifteen years later and it hasn’t been fixed despite it being very clear for well over fifteen years it made the web much more annoying to use. “We can’t admit a mistake and therefore can’t learn from it, but this time, with the DMA, it’ll be different”. Please.
As you correctly point out, legislation isn’t written by omniscient, infallible beings. It’s written by people with limited foresight, under political and bureaucratic pressures, who often don’t have real-world experience and who don’t understand how real-world actors will follow the rules. They’ve never worked in business and, pardon the pun, have no business dictating to companies how to design their products.
I mean, many of you are literally defending a regulator who saw Lightning and said, “we still think everyone should have to use Micro-USB.” Are you insane? This mindset is why Europe can’t compete. And still, when Apple releases a portless phone, many of you currently cheering on the EU USB-C mandate will be outraged at Apple for doing so despite physics preventing a USB-C port on the device. Well, maybe if they were allowed to put a smaller port on the device they would have. But no, the EU know better.
And again, we see this with the DMA. Like with the cookie law, when something goes wrong, defenders rush to say “the regulation was perfect, companies just implemented it badly” when Apple rationally follows the text and spirit of the law. But that ignores the core fact: regulations shape behavior.
If a policy predictably results in universally annoying UX patterns, or companies choosing not to releasing a feature because they’re worried get fined if they’re not letting their competitors use it for free, that’s not corporate misbehavior or “malicious compliance.” It’s evidence the policy design was flawed.
Last edited:
You remind me of my principal. She's very fond of the phrase "systems shape behaviour". For example, in my school, staff have to check in and check out at this fingerprint-scanner device in the main office. At first, she thought of moving the scanner to a more central location to make it more convenient for staff so they didn't need to make a detour to the office before heading towards the staff room or the exit of the school.
It worked, but this also had an unforeseen consequence - because staff now had even less reason to go into the general office, this resulted in them not checking their in-trays and missing out on important letters and announcements. In the end, the fingerprint scanner was moved back into the office. The small detour staff had to make was crucial to ensuring the teachers visited the office daily (thereby creating the opportunity for them to check and clear their trays on a regular basis).
Oh, I am not calling for Apple to break the rules. The fun, as always, is how to get as close to obeying the letter of the law, while giving up as little power and / or profits as possible in the process.
I think you are missing the point here. Mobile/cell phones ... hardware and software ... are a COMMODITY now. It's not like 20+ years ago, when they were a new technology. More people in the World now have access to a mobile/cell phone than to clean water.
So I repeat the analogy I gave earlier: what if your electricity supply company told you that only a certain brand of appliance could be connected to their supply, and not competing brands? (This is technically feasible, by the way, but will never happen because those much-maligned regulators will step in to prevent it!)
Phone hardware and software is a commodity and there has to be a degree of interoperability. Apple has fought and lost knee-jerk battles on the Lightning/USB-C connector, and on opening up Messages to non-Apple phones. In fact Apple automatically fight anything that they perceive as reducing their profit-margin ... their staggeringly large profit margin!
I like my iPhone but why should I have to buy an expensive iMac ... instead of a lower cost PC for example ... to enjoy the phone-computer interface? As many others have pointed out, this is not a technical issue of security or privacy, it's about Apple creating a prison for purchasers of its products. Prison is a more accurate term for what you call "ecosystem".
Profit motive is precisely what incentivises these companies to deliver extra on their products. Apple is willing to invest the time and resources into developing features like airdrop, airplay, iPhone mirroring, continuity, universal control and the ability to unlock your Mac with your Apple Watch because like you said, this integration adds value to their various apple devices and help to sell more hardware overall.
What exactly is the incentive for Apple to allow users to unlock any other brand of laptop with their Apple Watch? First, they don't control how other companies manufacture their computers. Second, they are spending extra resources to make their products work with a competitor's offering (possibly helping them even), at no benefit to themselves.
The flip side is that apart from Apple, no other company is going out of their way to say, let your android phones and windows laptops integrate better together. I certainly don't see Microsoft and Google shaking hands and joining forces in this regard. Everyone's just content to do their own stuff. Maybe there's a way to hack together a solution using enough third party software, but it's not a mass market solution that's feasible for the majority of users who are less tech savvy and want something which "just works" right out of the box.
I am not entitled to the ability to make calls from my Mac, but I am happy that the option is there at least for the people willing to pay for the feature, even if it means that I need to own an iPhone and a Mac.
Exactly. There is some sort of magical thinking among DMA proponents that “Apple gets forced open, but they’ll keep doing exactly what they’re doing and everyone gets to benefit.” That’s not how business works. And the reason they scream “malicious compliance” and the laughable “Apple is withholding feature out of spite” is because they are upset that their regulations have negative consequences and their magical world where Apple does things for its competitors out of the goodness of its heart, even though it hurts Apple’s users and Apple itself, is make believe .
Last edited:
As I said, phone SW and HW is a commodity now. The rules are different from 20 years ago.
Progressive companies move with the times. But some big companies hate change, and Apple has become one of them (it wasn't like that 30-40 years ago).
I think Apple’s success shows that’s not true. Just because the EU wants that to be the case doesn’t mean it should be.
European consumers will over time pivot away from Apple if the services lack compared with Asian competition. Just as it's been already doing so in other markets.
Why are you shilling so hard against actually owning your ~$2000 device instead of renting it forever
Obviously we’re not talking about source code (yet) or distribution rights. Just the basic human decency of letting an intelligent grown-up human being living in a free country run the software they choose on their own computer.
(which is even more important if you don't live in a free country, btw)
I genuinely believe that because I see virtualisation being used everywhere on a daily basis (VMs, Docker and Kubernetes, etc). Apple could easily implement something similar to Windows Sandbox — just let users run unsigned code in some sort of VM with 10% performance penalty, that's it, no more problems and no more legal scrutiny.
But instead, Apple keeps actively choosing higher profit margins over treating users with respect; I can’t accept that, and neither should you.
Certainly could be!
Honestly, given how things are going, the EU would be smart to double down on tech investments and dispense with US tech as soon as is practical.