Microsoft faces class action on security

news.com ^ | 02-October-2003

[stainlessbanner]

Microsoft faces a proposed class-action lawsuit in California based on the claim that market dominance and vulnerability to viruses in its software could lead to "massive, cascading failures" in global computer networks.

		Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.

The lawsuit, filed Tuesday in Los Angeles Superior Court, also claims that Microsoft's security warnings are too complex to be understood by the general public and serve instead to tip off "fast-moving" hackers on how to exploit flaws in its operating system.

The suit claims unfair competition and the violation of two California consumer rights laws, one of which is intended to protect the privacy of personal information in computer databases. It asks for unspecified damages and legal costs, as well as an injunction against Microsoft barring it from unfair business practices.

Many of the arguments in the lawsuit and some of its language echoed a report issued by computer security experts in late September, which warned that the all-but-total reach of Microsoft's software on desktops worldwide had made computer networks a national security risk.

That report, presented to the Computer and Communications Industry Association, a trade group representing Microsoft's rivals, said the complexity of Microsoft's software made it particularly vulnerable.

Microsoft said it had received a copy of the lawsuit and that its lawyers were reviewing it.

Dana Taschner, a Newport Beach, Calif., lawyer who filed the lawsuit on behalf of a single plaintiff and a potential class of millions of Microsoft customers, could not be immediately reached for comment.

"Microsoft's eclipsing dominance in desktop software has created a global security risk," the lawsuit said. "As a result of Microsoft's concerted effort to strengthen and expand its monopolies by tightly integrating applications with its operating system...the world's computer networks are now susceptible to massive, cascading failure."

With some $49 billion in cash and more than 90 percent of the market in PC operating systems, Microsoft has long been seen as a potential target for massive liability lawsuits.

But some say the company, which has been moving to settle antitrust claims that it abused its monopoly on PC software, is shielded from liability actions by disclaimers contained in the licenses to which users must agree when installing software.

The lawsuit comes in the wake of two major viruses that have taken advantage of flaws in Microsoft software.

The MSBlast worm recently burrowed through hundreds of thousands of computers, destroying data and launching attacks on other computers.

Slammer, meanwhile, which targeted computers running Microsoft's server-based software for databases, slowed down Internet traffic across the globe and shut down flight reservation systems and cash machines in the United States.

Since early 2002 Microsoft has made computer security a top priority under a "Trustworthy Computing" initiative spearheaded by company Chairman Bill Gates.

Story Copyright  © 2003 Reuters Limited.  All rights reserved.

Related News
• Digital-rights group knocks 'trusted' PCs  October 2, 2003
  http://news.com.com/2100-7355-5085442.html

• Microsoft moves beyond patches  October 1, 2003
  http://news.com.com/2100-1002-5085251.html

• Report: Flaws quickly spawn Net attacks  October 1, 2003
  http://news.com.com/2100-7349-5084992.html

• MSBlast echoes across the Net  August 15, 2003
  http://news.com.com/2009-1002-5063226.html

• Damage control  February 6, 2003
  http://news.com.com/2009-1001-983540.html

• Get this story's "Big Picture"
  http://news.com.com/2104-1009-5085730.html

 

Copyright ©1995-2003 CNET Networks, Inc. All rights reserved.

[IncPen]

Comments?

[HAL9000]

But some say the company, which has been moving to settle antitrust claims that it abused its monopoly on PC software, is shielded from liability actions by disclaimers contained in the licenses to which users must agree when installing software.

That license agreement won't protect Microsoft from lawsuits by Linux and Mac users.

[Support Free Republic]

These Guys Don't Want You To Donate!
	Tick them off! Donate Here By Secure Server Or mail checks to FreeRepublic , LLC PO BOX 9771 FRESNO, CA 93794 or you can use PayPal at Jimrob@psnw.com
STOP BY AND BUMP THE FUNDRAISER THREAD- It is in the breaking news sidebar!

[irv]

Microsoft faces a proposed class-action lawsuit in California based on the claim that market dominance and vulnerability to viruses in its software could lead to "massive, cascading failures" in global computer networks.

IOW, they're being sued for having sold a lot of product.

I'm about as far from a Microsoft fan as you'll find but this is unreasonable.

[CodeMonkey]

You don't even have to read the article to know that the plaintiffs are dumb as a box of rocks for relying on "Microsoft security." Let Microsoft have this one, these failed abortions have no legitimate case.....

[TechJunkYard]

That license agreement won't protect Microsoft from lawsuits by Linux and Mac users.

What basis would non-MS-customers have to sue? It's not our data and machines at risk from their software.

I could see where the backbones and ISPs might have a case.

[irv]

What basis would non-MS-customers have to sue? It's not our data and machines at risk from their software.

Systems knocked out by thousands of emails sent out by infected MS boxes.

I run Linux. Someone I know (or someone who knows me) who runs Windows is infected. I have to clean up the crap they send me every day. Still haven't been able to figure out who it is.

[TechJunkYard]

How do you handle spam? Look at the headers, figure out where it's from and block it -- either at the firewall or within sendmail.

[TomServo]

Gee - the budget deficit in Calif. must be huge...

[irv]

How do you handle spam? Look at the headers, figure out where it's from and block it -- either at the firewall or within sendmail.

Forged headers. Static blocking doesn't work.

I've been using procmail/spamassassin for a little while now and it does a nice job. But I'm paranoid and don't let it dump bad messages for a few days, so they take up space.

On my home system, this is only a minor nuisance. At work, where Spamassassin is blocking thousands of spams a day, and Procmail is also weeding out hundreds of virus-related garbage messages, the impact is greater.

[TechJunkYard]

Forged headers. Static blocking doesn't work.

Bummer. If you're using sendmail, you can look in /var/log/maillog for the real IP addys.

[PatrioticAmerican]

"claims that Microsoft's security warnings are too complex to be understood by the general public and serve instead to tip off "fast-moving" hackers on how to exploit flaws in its operating system. "

MS should return the favor with a massive suit that bankrupts them all for being so stupid.

[irv]

If you're using sendmail, you can look in /var/log/maillog for the real IP addys.

Assuming there's no firewall in between (there is) and no relay (there might be).

What works for some things, doesn't work for others. And when you're dealing with 10,000+ emails a day, you don't have time to hunt down the origins of every offending message.

[HAL9000]

What basis would non-MS-customers have to sue? It's not our data and machines at risk from their software. I could see where the backbones and ISPs might have a case.

For instance, when a Microsoft SQL server starts spewing out several hundred Slammer worms per second, it can kill the Internet connection for everyone on the router's subnet.

Here is an actual example - I asked my ISP to shutdown someone's connection recently. My understanding is that he is a clueless Microsoft Certified "Engineer" and his MSSQL server was saturating the subnet with Slammer UDP virus packets. He was completely ignorant about how to patch MSSQL to avoid it, so the worm always returned soon after he restarted his computer.

Since the MSCE's computer was killing the Internet connection for everyone in town, if it caused someone to miss a deadline or prevent them from attending to a critical task, they would have a good case to sue the MSCE and Microsoft and the Slammer author.

[TechJunkYard]

Sigh. Most of the computers on broadband in this town (prolly yours too) are Windows boxen. Lots of them batting around the Slammer worm and Code Red and NIMDA still. Even with that, nobody's yet been able to saturate the subnet. I can still get through with an e-mail to abuse, listing the offending IPs. It's costing TWC to deal with this mess. It just slows me down a little. No biggie.

But if you want to pay the bucks to retain a lawyer and file suit, feel free.

[Coral Snake]

Time to petition the rest of the computer industry for a Microsoft buyout folks.

In the meantime however:

Guns, Linux and Liberty. ;c)

[Bush2000]

Systems knocked out by thousands of emails sent out by infected MS boxes.

Read for comprehension. The plaintiff is a MS customer. This suit has nothing to do with Linux and Mac users.

Dana Taschner, a Newport Beach, Calif., lawyer who filed the lawsuit on behalf of a single plaintiff and a potential class of millions of Microsoft customers

Bad news: You're irrelevant.

[irv]

Read for comprehension.

My comprehension was entirely adequate. I was responding to a post that went off on a hypothetical tangent.

Try reading all the words before criticizing other people.

[kevkrom]

I will criticize Microsoft for poor security any day, but this legal action is patently insane...