http://www.washingtonpost.com/wp-dyn/articles/A37244-2003Oct2.html By Jonathan Krim Washington Post Staff Writer Friday, October 3, 2003 Microsoft Corp. is engaging in unfair business practices for its failure to better secure its software against computer viruses, worms and other cyberattacks, according to a lawsuit filed in Los Angeles. The suit, filed late Tuesday in a California court, is on behalf of a single consumer who claims to be the victim of identity theft as a result of a hacking incident. But it is designed to be a class-action case if other consumers with similar claims step forward, and will be closely watched as a steep rise in cybercrime raises questions about whether software makers should be held responsible when their programs are compromised. In general, software manufacturers have not been liable for security and other product failures because users are required to sign license agreements that insulate the companies from legal responsibility. But a recent spate of worms and viruses that crippled hundreds of thousands of computers worldwide has led to a growing clamor for holding software makers more accountable. Microsoft's Windows operating system, which powers more than 90 percent of personal computers, has been a particular target of hackers. With seeming ease, hackers have stayed one step ahead of the company in exploiting vulnerabilities in Windows, e-mail software and other Microsoft programs. "The vast majority of successful Internet attacks are attributable to major vulnerabilities in Microsoft's . . . software," the suit alleges, adding that the company does an inadequate job of warning customers about the problems and helping to fix them. The suit takes a different tack from previous efforts to claim damages due to software flaws. It argues that because consumers have little choice other than Microsoft software, its failure to provide secure programs constitutes an unfair business practice under California law. "If you live in the modern world, you must use Microsoft," said Dana B. Taschner, a Newport Beach lawyer who filed the case on behalf of a Los Angeles woman who is a film editor. "You can't on the other hand say, 'We're not responsible.' " Microsoft spokesman Sean Sundwall said the company is still reviewing the suit but would fight against allowing it to become a class action. Adding numerous additional plaintiffs -- with the potential of multiple damages -- is typically the way law firms fund litigation against large corporations. "This complaint misses the point," Sundwall said. "The problems caused by viruses and other security attacks are the result of criminal acts by the people who write viruses." Still, he said, "Microsoft has made security a top priority and is committed to developing the most secure software possible." The suit echoes a position paper issued last week by a group of computer security executives who argued that Microsoft's ubiquity poses a national security risk because one attack can do such widespread damage. The authors said that policymakers should consider the current "monoculture" of software when evaluating ways to improve computer security. In addition to compensation for losses, the suit seeks to require Microsoft to improve security notification. - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Oct 03 2003 - 01:20:26 PDT