P
Paul Tattaglia
http://www.nj.com/business/ledger/index.ssf?/base/columns-0/1064123645277820.xml
Sunday, September 21, 2003
Another week, another security flaw shows up in personal computers
running Windows.
Many PC owners were caught off guard by the most recent attacks, known
as "Blaster" and "Sobig." Many people opened e-mail attachments, only
to learn they were infecting their PCs with malicious code and
spreading a virus. Others found their computers shutting down
unexpectedly.
Frustrated, virus-plagued PC users might wonder why Microsoft isn't
being deluged with lawsuits stemming from vulnerabilities in its
Windows operating software. Despite Microsoft's much-hyped
"Trustworthy Computing" campaign, flaws in Windows have allowed
hackers to strike computers around the world.
If other companies are subject to lawsuits arising from product
defects, why not Microsoft?
According to legal experts, the agreements computer users click and
approve when they install software, known as "end-user license
agreements," essentially immunize the product's manufacturer from
liability for everything from crashes to viruses. Think about that the
next time you click "I agree" when installing a game or spreadsheet.
You aren't just proceeding to the next step in the installation -- you
are also approving an agreement with legal consequences.
Other products, such as toys or cars, don't come with a mechanism to
require consumers to okay written agreements before using them. In
such cases, consumers may be able sue for damages by claiming the
manufacturer was negligent. And fear of those suits and monetary
damages give the product makers a big incentive to fix problems.
But the wording of software license agreements, which have been
enforced by various courts, raises the bar considerably for any legal
action against software makers.
"If you take the time to read the thousands of words in a typical End
User License Agreement -- and many people don't -- you'll see that by
installing and using the software, you indemnify the vendor against
any claims, losses, or problems," Richard Forno, a computer book
author and security consultant, wrote in a commentary, "Forget
California, It's Time to Recall Microsoft."
Cem Kaner, an attorney and professor of computer science at the
Florida Institute of Technology, says end-user license agreements,
standard with consumer software, have become nearly foolproof in
immunizing companies from lawsuits.
Your only option? "When Microsoft says 'patch,' you salute and say
'how soon?'" says Forno, referring to the fixes offered by Microsoft
(www.microsoft.com/protect).
While these license agreements protect almost all software companies,
the case of Windows security problems is one of outsized magnitude,
given its marketplace dominance.
"The ongoing worldwide disruptions are the result of vulnerabilities
in a monopolist's product," says Kaner, suggesting further antitrust
action against Microsoft. "Competition drives innovation. If
Microsoft's market was actually at risk, they would have found a way
to deal with many of these problems long ago."
To be sure, there is no easy solution to software security
vulnerabilities. But the state of the market, requiring typical
computer users to become pros at installing "firewalls" and updating
"virus definitions," is completely unworkable, given the way PCs are
hawked as easy-to-use entertainment and gaming devices.
People who create and spread viruses must be prosecuted, no doubt
about that -- they bear the ultimate responsibility. But Microsoft
deserves a share of the blame, too. Microsoft's monopoly on PC
operating systems carries with it a certain responsibility, and the
company hasn't lived up to that responsibility. Not by a long shot.
Sunday, September 21, 2003
Another week, another security flaw shows up in personal computers
running Windows.
Many PC owners were caught off guard by the most recent attacks, known
as "Blaster" and "Sobig." Many people opened e-mail attachments, only
to learn they were infecting their PCs with malicious code and
spreading a virus. Others found their computers shutting down
unexpectedly.
Frustrated, virus-plagued PC users might wonder why Microsoft isn't
being deluged with lawsuits stemming from vulnerabilities in its
Windows operating software. Despite Microsoft's much-hyped
"Trustworthy Computing" campaign, flaws in Windows have allowed
hackers to strike computers around the world.
If other companies are subject to lawsuits arising from product
defects, why not Microsoft?
According to legal experts, the agreements computer users click and
approve when they install software, known as "end-user license
agreements," essentially immunize the product's manufacturer from
liability for everything from crashes to viruses. Think about that the
next time you click "I agree" when installing a game or spreadsheet.
You aren't just proceeding to the next step in the installation -- you
are also approving an agreement with legal consequences.
Other products, such as toys or cars, don't come with a mechanism to
require consumers to okay written agreements before using them. In
such cases, consumers may be able sue for damages by claiming the
manufacturer was negligent. And fear of those suits and monetary
damages give the product makers a big incentive to fix problems.
But the wording of software license agreements, which have been
enforced by various courts, raises the bar considerably for any legal
action against software makers.
"If you take the time to read the thousands of words in a typical End
User License Agreement -- and many people don't -- you'll see that by
installing and using the software, you indemnify the vendor against
any claims, losses, or problems," Richard Forno, a computer book
author and security consultant, wrote in a commentary, "Forget
California, It's Time to Recall Microsoft."
Cem Kaner, an attorney and professor of computer science at the
Florida Institute of Technology, says end-user license agreements,
standard with consumer software, have become nearly foolproof in
immunizing companies from lawsuits.
Your only option? "When Microsoft says 'patch,' you salute and say
'how soon?'" says Forno, referring to the fixes offered by Microsoft
(www.microsoft.com/protect).
While these license agreements protect almost all software companies,
the case of Windows security problems is one of outsized magnitude,
given its marketplace dominance.
"The ongoing worldwide disruptions are the result of vulnerabilities
in a monopolist's product," says Kaner, suggesting further antitrust
action against Microsoft. "Competition drives innovation. If
Microsoft's market was actually at risk, they would have found a way
to deal with many of these problems long ago."
To be sure, there is no easy solution to software security
vulnerabilities. But the state of the market, requiring typical
computer users to become pros at installing "firewalls" and updating
"virus definitions," is completely unworkable, given the way PCs are
hawked as easy-to-use entertainment and gaming devices.
People who create and spread viruses must be prosecuted, no doubt
about that -- they bear the ultimate responsibility. But Microsoft
deserves a share of the blame, too. Microsoft's monopoly on PC
operating systems carries with it a certain responsibility, and the
company hasn't lived up to that responsibility. Not by a long shot.