Network Computingwww.networkcomputing.com

After perusing the hundreds of APIs released by Microsoft as part of its settlement with the Department of Justice, I'm compelled to agree with the vendor's assessment: Easy access to some of these APIs represents a security risk.

Take the IWMSInternalAdminNetSource interface, which manages cached passwords and finds proxy servers. There are several function calls in this interface, and they all allow the manipulation of user credentials and connections. Hard-core hackers have long had access to most of the secrets of the Win32 platform, but the release of these APIs will make it easier for wannabe h4x0rs -- those not technically strong enough to find the previously undocumented calls -- to manipulate user credentials.

The rest of the newly available APIs are hooks into Internet Explorer, Windows Media Player, Outlook Express and Microsoft's Java Virtual Machine. The only benefit to third-party developers is the ability to customize and provide personalized and possibly paid-for extensions to the products. Third-party developers are already providing connectivity to open standards groupware suites via Outlook, so opening these APIs isn't much to get excited about. Microsoft's JVM is a nonissue, since no one who can avoid it uses it. Most companies using Java distribute or force installation of a Sun or IBM JVM.

But the security-related APIs are worrisome. The potential for viruses and hacks just grew tenfold -- and this for a vendor with many security-related vulnerabilities already. Expect new viruses that are much more dangerous in their ability to render Windows inoperable and to compromise privacy.

While it wasn't a bad decision all the way around to force Microsoft to release its APIs, I can think of better remedies to the vendor's anticompetitive behavior that wouldn't have opened this Pandora's box.