Article

Microsoft suit could set precedent for bad software

Shawna McAlearney, Information Security Magazine Online Editor

A Los Angeles filmmaker's lawsuit targeting Microsoft's vulnerable software could signal a sea change for the software industry if judges and jurors decide that vendors should be legally responsible for damages caused by flaws in their products.

Alleging that "Microsoft's virtual monopoly

    Requires Free Membership to View

has created a global security risk" and that its "integration and complexity promotes vulnerability," the court papers call for more adequate and effective notification of security vulnerabilities and injunctive relief to prevent the violation of laws and deceptive trade practices.

"We think it's fundamentally unfair for a company to so dominate the marketplace that consumers don't have an option and yet say it's not going to be responsible or provide warranties if you have a problem," says Dana Taschner, attorney for plaintiff Marcy Levitas Hamilton.

The litigation says the vast majority of successful Internet attacks are attributable to major vulnerabilities in Microsoft's operating system software, which is used by more than 90% of computer users.

"They have a number of pretty good legal arguments," says Stewart Baker, technology department head at legal firm Steptoe & Johnson. "The risk that they face is that the climate will turn against them."

Baker compares the litigation to that faced by the tobacco industry. He says tobacco companies won cases for 20 or 30 years because the climate of opinion at the time was that people knew tobacco was bad for them prior to using it. Over time, opinion changed and juries came into cases predisposed to believe that tobacco companies deserved to pay a big chunk of the damage the product did.

"The risk here is that if security problems get worse and worse, juries and judges will be less willing to listen to arguments from software companies and more and more inclined to make them pay for the problems everyone is encountering," says Baker. "It's not a straight legal analysis, it's the standing of the company in the public eye."

Though the litigation targets only Microsoft, legal experts say the case may impact vendors across the industry.

"I think it sends a wake-up call to other vendors who maybe aren't quite as quick in sending advisories and providing patches as Microsoft," Michael Overly, a partner in the IT group at Foley & Lardner, says in regard to notification provisions in California Senate Bill 1386.

Baker says the litigation will face at least a few significant obstacles. Chief among them, a legal disclaimer in the end-user license agreement. He also notes that proving legal liability for failing to prevent bad acts by someone else is far more difficult to prove than liability for an injury caused by negligence.

FOR MORE INFORMATION:

Best Web Links on key cases, precedents

SearchSecurity.com technical tip: "Windows 2000's SP4 can be a mine field"

FEEDBACK:
Send your feedback to the SearchSecurity.com news team.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: