/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsBy Kevin Krolicki and Reed Stevenson
LOS ANGELES/SEATTLE: Microsoft Corp. faces a proposed class-action lawsuit in California based on the claim that its market-dominant software is vulnerable to viruses capable of triggering "massive, cascading failures" in global computer networks.
The lawsuit, filed on Tuesday in Los Angeles Superior Court, also claims that Microsoft's security warnings are too complex to be understood by the general public and serve instead to tip off "fast-moving" hackers on how to exploit flaws in its operating system.
The lawsuit claims unfair competition and the violation of two California consumer rights laws, one of which took effect earlier this year and is intended to protect the privacy of personal information in computer databases.
Microsoft, which received and reviewed the complaint, said it would fight the attempt to certify the lawsuit as a class action.
"This complaint misses the point. The problems caused by viruses are the result of criminal acts by people who write viruses," said Microsoft spokeswoman Stacy Drake, adding that Microsoft was working with authorities to bring malicious code writers to justice.
Nevertheless, the lawsuit would reignite a simmering debate over whether the computer software industry should be held to the same standard of liability as other companies, such as automakers. The result could be to make computer software more secure -- and more expensive, computer security experts said.
BEARS RESPONSIBILITY
"It's obvious Microsoft does not bear 100 percent of the responsibility for these problems, but it's just as obvious that they don't bear zero percent," said Bruce Schneier, chief technology officer at Counterpane Internet Security.
The lawsuit is the first proposed class-action against Microsoft for lapses in security and to test its practices against a new state law requiring that users be notified whenever their private information has been compromised by computer attacks, the lawyer for the plaintiff said.
Attorney Dana Taschner of Newport Beach, California, filed the lawsuit on behalf of Marcy Levitas Hamilton, a film editor and "garden variety" PC user who had her social security number and bank details stolen over the Internet.
"Something fundamental has to change to protect consumers and businesses," Taschner said.
The lawsuit, which could include millions of plaintiffs if allowed to proceed as a class action, seeks unspecified damages and legal costs, as well as an injunction against Microsoft barring it from alleged unfair business practices.
Many of the arguments in the lawsuit and some of its language echoed a report issued by computer security experts in late September, which warned that the ubiquitous reach of Microsoft's software on desktops worldwide had made computer networks a national security risk.
That report distributed by the Computer and Communications Industry Association, a trade group representing Microsoft's rivals, said the complexity of Microsoft's software made it particularly vulnerable to cyber-attack.
'GLOBAL SECURITY RISK'
"Microsoft's eclipsing dominance in desktop software has created a global security risk," the lawsuit said. "As a result of Microsoft's concerted effort to strengthen and expand its monopolies by tightly integrating applications with its operating system ... the world's computer networks are now susceptible to massive, cascading failure."
With some $49 billion in cash and more than 90 percent of the market in PC operating systems, Microsoft has long been seen as a potential target for massive liability lawsuits.
But the company, which has been moving to settle anti-trust claims that it abused its monopoly on PC software, has been seen as shielded from liability claims by disclaimers contained in the licenses that users must agree to when installing software, according to experts.
Taschner said Microsoft's "terms of use" constituted a "fundamentally unfair" condition barred by California law given the market dominance of the world's largest software maker.
Making that argument stick in court will not be a "slam dunk" but could have far-reaching implications, said Mark Rasch, a former head of the U.S. Department of Justice computer crime unit, now with security firm Solutionary.
"This represents the first salvo for consumers to say to software makers 'Wait a second, if you are going to put out software that needs be patched three times a week, take responsibility for it,"' Rasch said.
The lawsuit comes in the wake of two major viruses that have recently taken advantage of flaws in Microsoft software.
© Reuters