Bruce Schneier has often commented on the tendency for hidden agendas to masquarade behind excuses for security. “For security reasons, we must do …” or “due to security concerns, we do not alow…” The classic example in Beyond Fear was the prohibition against bringing beverages into a baseball park: is it really about safety inside the park in the heightened awareness of 9/11 or a boost to the soft-drinks sales inside which goes to lining the club’s pocket at the end of the day?
The latest MSFT one-eighty around virtualization is starting to look like another one. To recap, in June last year MSFT announced that it was expanding virtualization options for Vista to allow Home Basic and Home Premium skews to run in a VM. This was shortly reversed by a change of course, now requiring users to fork for the more expensive business editions due to unstated security reasons. More recently MSFT announced that it is again allowing virtualization of the less expensive varieties. What to make of this? If this was a politician running for a coveted nomination on super primary Tuesday this type of change in policy would be understandable. Ruling that out, two other options remain:
- It was decided that customers can live with lower security assurances for the scenario. That is to say, after spending 5 years to ship the most secure version of Windows to date in Vista, break backwards compatibility and even sink untold amounts of R&D into inane, useless features such as UAC to prove this commitment, Microsoft is now letting go of a strategic advantage by allowing the operating system to be run in a vulnerable configuration.
- Security excuse was a ruse all along, intended to push customers towards more expensive Vista skews until the company itself could develop a proper response to the disruptive nature of virtualization.
#2 is looking like the smarter bet at the moment. It is not clear that virtualization is necessarily a short term revenue threat. Virtualized or not those copies of Windows must still be licensed. In other words the Mac user running Vista under Parallels of VMware Fusion is still paying for a full-license as if they had installed it natively. (Granted there might be a small uptick in piracy since pre-activated/genuine-advantage-validated VM images make for a convenient way to distribute pirated copies.) This scenario might be of greater concern to Dell or HP since it means that consumers have the option to purchase a Mac instead of a PC. Meanwhile server consolidation, the other major business case for virtualization is not affected by the Vista licensing arrangements because Vista is a client OS. Windows Server 2003 and 2008 are the relevant products for virtualized data-center environments, and it’s primarily the virtualization policies around these products that have to be carefully crafted to protect server business revenue.
Long term however there is a strategic threat. Parallels and VMware might be great for getting the best of both worlds from Linux/Mac + Windows but if Vista is increasingly seen as a “secondary” OS to run alongside a primary, purely for compatibility with applications written for the venerable Win32/64 API, it raises the question of how long before those applications can be finally ported to the other platforms so they do not need virtualization as a crutch. More than any short term risks around piracy or missed revenue from consumers opting for the inexpensive Vista skews, this is the great danger of undercutting the platform that MSFT has to contend with.