[ISN] Suit Holds Microsoft Responsible for Worm Holes

From: InfoSec News (isn@private)
Date: Thu Oct 02 2003 - 22:39:37 PDT

  • Next message: InfoSec News: "[ISN] Tests show hackers could access resident registry network"

    http://www.washingtonpost.com/wp-dyn/articles/A37244-2003Oct2.html
    
    By Jonathan Krim
    Washington Post Staff Writer
    Friday, October 3, 2003
    
    Microsoft Corp. is engaging in unfair business practices for its 
    failure to better secure its software against computer viruses, worms 
    and other cyberattacks, according to a lawsuit filed in Los Angeles.
    
    The suit, filed late Tuesday in a California court, is on behalf of a 
    single consumer who claims to be the victim of identity theft as a 
    result of a hacking incident. 
    
    But it is designed to be a class-action case if other consumers with 
    similar claims step forward, and will be closely watched as a steep 
    rise in cybercrime raises questions about whether software makers 
    should be held responsible when their programs are compromised.
    
    In general, software manufacturers have not been liable for security 
    and other product failures because users are required to sign license 
    agreements that insulate the companies from legal responsibility.
    
    But a recent spate of worms and viruses that crippled hundreds of 
    thousands of computers worldwide has led to a growing clamor for 
    holding software makers more accountable.
    
    Microsoft's Windows operating system, which powers more than 90 
    percent of personal computers, has been a particular target of 
    hackers. With seeming ease, hackers have stayed one step ahead of the 
    company in exploiting vulnerabilities in Windows, e-mail software and 
    other Microsoft programs.
    
    "The vast majority of successful Internet attacks are attributable to 
    major vulnerabilities in Microsoft's . . . software," the suit 
    alleges, adding that the company does an inadequate job of warning 
    customers about the problems and helping to fix them.
    
    The suit takes a different tack from previous efforts to claim damages 
    due to software flaws. It argues that because consumers have little 
    choice other than Microsoft software, its failure to provide secure 
    programs constitutes an unfair business practice under California law.
    
    "If you live in the modern world, you must use Microsoft," said Dana 
    B. Taschner, a Newport Beach lawyer who filed the case on behalf of a 
    Los Angeles woman who is a film editor. "You can't on the other hand 
    say, 'We're not responsible.' "
    
    Microsoft spokesman Sean Sundwall said the company is still reviewing 
    the suit but would fight against allowing it to become a class action. 
    Adding numerous additional plaintiffs -- with the potential of 
    multiple damages -- is typically the way law firms fund litigation 
    against large corporations.
    
    "This complaint misses the point," Sundwall said. "The problems caused 
    by viruses and other security attacks are the result of criminal acts 
    by the people who write viruses." Still, he said, "Microsoft has made 
    security a top priority and is committed to developing the most secure 
    software possible."
    
    The suit echoes a position paper issued last week by a group of 
    computer security executives who argued that Microsoft's ubiquity 
    poses a national security risk because one attack can do such 
    widespread damage.
    
    The authors said that policymakers should consider the current 
    "monoculture" of software when evaluating ways to improve computer 
    security.
    
    In addition to compensation for losses, the suit seeks to require 
    Microsoft to improve security notification.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Oct 03 2003 - 01:20:26 PDT