| window of woes
Los Angeles/Seattle, Oct. 3 (Reuters): Microsoft Corp faces a proposed class-action lawsuit in California based on the claim that its market-dominant software is vulnerable to viruses capable of triggering “massive, cascading failures” in global computer networks.
The lawsuit, filed on Tuesday in Los Angeles Superior Court, also claims that Microsoft’s security warnings are too complex to be understood by the general public and serve instead to tip off “fast-moving” hackers on how to exploit flaws in its operating system.
The lawsuit claims unfair competition and the violation of two California consumer rights laws, one of which took effect earlier this year and is intended to protect the privacy of personal information in computer databases.
Microsoft, which received and reviewed the complaint, said it would fight the attempt to certify the lawsuit as a class action.
“This complaint misses the point. The problems caused by viruses are the result of criminal acts by people who write viruses,” said Microsoft spokeswoman Stacy Drake, adding that Microsoft was working with authorities to bring malicious code writers to justice.
Nevertheless, the lawsuit would reignite a simmering debate over whether the computer software industry should be held to the same standard of liability as other companies, such as automakers.
The result could be to make computer software more secure — and more expensive, computer security experts said.
“It’s obvious Microsoft does not bear 100 per cent of the responsibility for these problems, but it’s just as obvious that they don’t bear zero per cent,” said Bruce Schneier, chief technology officer at Counterpane Internet Security.
The lawsuit is the first proposed class-action against Microsoft for lapses in security and to test its practices against a new state law requiring that users be notified whenever their private information has been compromised by computer attacks, the lawyer for the plaintiff said.
Attorney Dana Taschner of Newport Beach, California, filed the lawsuit on behalf of Marcy Levitas Hamilton, a film editor and “garden variety” PC user who had her social security number and bank details stolen over the internet.
“Something fundamental has to change to protect consumers and businesses,” Taschner said.
The lawsuit, which could include millions of plaintiffs if allowed to proceed as a class action, seeks unspecified damages and legal costs, as well as an injunction against Microsoft barring it from alleged unfair business practices.
Many of the arguments in the lawsuit and some of its language echoed a report issued by computer security experts in late September, which warned that the ubiquitous reach of Microsoft’s software on desktops worldwide had made computer networks a national security risk.
That report distributed by the Computer and Communications Industry Association, a trade group representing Microsoft’s rivals, said the complexity of Microsoft’s software made it particularly vulnerable to cyber-attack.
“Microsoft’s eclipsing dominance in desktop software has created a global security risk,” the lawsuit said. “As a result of Microsoft’s concerted effort to strengthen and expand its monopolies by tightly integrating applications with its operating system ... the world’s computer networks are now susceptible to massive, cascading failure.”