Microsoft faces new EU antitrust probe as Linux group files complaint

Argues that Windows 8's Secure Boot and UEFI requirement are 'technical barrier' and anti-competitive

A Spanish association of Linux users today accused Microsoft of anti-competitive practices, charging that Windows 8's Secure Boot blocks users from installing rival operating systems on new PCs.

Hispalinux, which represents some 8,000 open-source users and developers in Spain, lodged a formal complaint with the European Commission, the EU's antitrust agency, early Tuesday, the group said in a blog post.

The association accused Microsoft of "obstruction," "unfair competition" and "irreparable damage to the European software industry" by locking new PCs to Windows 8 through the operating system's Secure Boot feature.

UEFI, or Unified Extensible Firmware Interface, is a replacement for the older BIOS boot technology built into PCs. UEFI is designed to protect PCs against some forms of malware, notably rootkits, by requiring a trusted key before booting the operating system.

Secure Boot is Microsoft's label for UEFI support in Windows 8; the company requires the new firmware to run the five-month-old OS, and provides the necessary key to computer makers, or OEMs (original equipment manufacturers). That effectively blocks non-Microsoft operating systems -- Linux, primarily -- from running on new Windows 8 machines without keys of their own or software tweaks.

The biggest Linux distributors -- including SUSE, Fedora and Canonical -- have come up with work-arounds of their own to deal with UEFI and Windows 8's. Small or home-built Linux distributions, however, have been locked out of those solutions, and have balked at the $50 one-time fee that Microsoft charges for a key.

Hispalinux argued that Microsoft's dominant position gave it enough leverage with OEMs to demand UEFI support, then abused that power to prevent customers from running alternate operating systems on those PCs. The group also dismissed Microsoft's claim that Secure Boot is necessary to protect users.

"The exclusionary behavior of the new model contains no innovation for the consumer," the association wrote on its blog today. "The requirement of a digital signature to access the computer's startup system is a technical barrier, which would benefit [only] the vulnerable Windows and its ecosystem, [which is] plagued by malware."

Antoine Colombani, a spokesman for Joaquin Almunia, the Commission's top antitrust regulator, declined to comment on Hispalinux's accusations today, or to confirm that the Spanish group had filed a complaint.

Microsoft downplayed the threat. "UEFI is an industry standard aimed at improving computer security and the approach has been public for some time," said Robin Koch, a Brussels-based Microsoft spokesman, in an email. "We're happy to answer any additional questions, but we are confident our approach complies with the law and helps keep customers safe."

Hispalinux may have a tough time getting regulators interested in its complaint.

In January, Almunia responded in writing to UEFI and Secure Boot questions raised in the European Parliament, essentially saying he didn't see a problem.

"The Commission is aware of the Microsoft Windows 8 security requirements," said Almunia of the operating system's UEFI requirement. "The Commission is currently not in possession of evidence suggesting that the Windows 8 security requirements would result in practices in violation of EU competition rules."

Almunia penned an almost identical response in March, but changed some of the language. "In particular, on the basis of the information currently available to the Commission, it appears that the OEMs are required to give end users the option to disable the UEFI secure boot," he said.

The original question was posed in Parliament by Amelia Andersdotter, a member of Sweden's Pirate Party, which advocates radical changes to copyright and patent laws. For several years, the Pirate Party hosted the website of the Pirate Bay file-sharing service.

Pirate Bay has announced it was granted "virtual asylum" by the North Korean government, and claimed that its servers were being hosted by the internationally-shunned country.

But the Commission could change its mind and put Microsoft back in its crosshairs. Earlier this month, Almunia fined Microsoft $732 million for failing to abide by a 2009 settlement that required it to offer Windows users a choice of alternate browsers.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at  @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

Join the discussion
Be the first to comment on this article. Our Commenting Policies