• silicon.com
• Management
• CIO Insights

By Robert Lemos, 6 October 2003 16:17

NEWS A lawsuit faulting Microsoft for security defects in its products has added a new front in the software giant's battle against vulnerabilities in its software. The proposed class action suit, filed this week in Los Angeles Superior Court, comes as the company is admitting that its reliance on software patches for fixing security problems hasn't worked. The suit contends that by failing to secure its software, Microsoft subjected its customers to having their private data made public. The lawsuit was filed on behalf of Marcy Hamilton, a Los Angeles resident, who claims a flaw allowed a digital thief to steal her personal information. Microsoft said on Friday that it plans to fight the action on several legal grounds, noting that it has invested considerable resources in responding to problems and trying to prevent future vulnerabilities. A Microsoft spokesman said: "It is pretty clear that Microsoft has made security a priority." However, those efforts have failed to stop a rash of recent attacks, with the company itself set to announce next week a revised strategy that moves beyond the notion that customers will take responsibility for patching their own systems. On the legal front, Microsoft's first step will be to fight the effort to have the case certified as a class action suit. The company is expected to point out that not everyone hit by hackers has been affected in the same way - a pretty good argument, according to one legal expert, who wished to remain anonymous. "Each person is going to be vastly differently affected by the theft of personal information," said the lawyer, who regularly fights such class action suits. Microsoft is also taking issue with the notion that it is liable for the actions of hackers, saying the company has taken reasonable steps to secure its software. In January 2001, Microsoft kicked off its Trustworthy Computing Initiative, a companywide move to increase the security of its products, better handle customer privacy, and repair the giant's tarnished image in those areas. Next week, Microsoft also intends to announce new plans for helping users of its products more easily secure their systems. From a legal standpoint, the lawsuit raises a number of key issues, including whether Microsoft faces special obligations because of its monopoly position in the operating systems market. Historically, courts have upheld software makers' right to subject customers to licence agreements that waive the right to sue over defects. One law professor recently said that unless someone is killed or injured, it is basically impossible to win a case against a software publisher. But those bringing the suit argue that Microsoft may not enjoy the same right to make such a restrictive contract, since consumers have limited choices when it comes to choosing the operating system for their PC. Dana Taschner, the attorney who filed the case against Microsoft, said: "If you had 20 vendors of a product, and there was broad consumer and business choice, and people could evaluate them on their merit, that would be one factual setting. Instead, you have one company that is dominating the marketplace to such an extent that you really have no choice." Robert Lemos writes for News.com.