Patch Backlash

Is Microsoft doing enough to fix its security mess? We asked its users, who wonder how things got this bad in the first place.

Stuart J. Johnston
From the January 2004 issue of PC World magazine

It's like having a car where the locks don't work.

Patches ad nauseam!

I would join any class-action suit against Microsoft and feel [such a lawsuit] is completely warranted.

Angry, frustrated, fed up: That's how many PCWorld.com visitors feel about the seemingly endless revelations of security holes in Windows and the cavalcade of patches Microsoft issues to fix them. How do we know? We asked.

We invited PCWorld.com visitors to tell us what they thought about Microsoft's security muddle--and whether they believed the company was meeting its obligations to the millions of people who use its products. The overwhelming majority of those who replied said that they're sick of constantly having to fix software they paid good money for. And more than a few said that Microsoft should be held accountable for the damage resulting from weaknesses in its software--a point of view that has prompted at least one angry customer to sue the company.


Lawsuit Filed
Filing in part under a new California privacy law, Los Angeles film editor Marcy Levitas Hamilton alleges that because of Windows security vulnerabilities that were exploited by last summer's SoBig worm, thieves were able to steal her Social Security number and bank details. She is seeking to represent all Windows users in her suit.

If successful, the lawsuit would achieve something unprecedented by holding Microsoft legally liable for damages linked to flaws in its products--even though the company's customers surrender this right under the terms of Microsoft's end-user license agreements.

We've had [PC] software for two decades, but only now are we getting to the question of, are developers liable for their products? says Dana Taschner, Hamilton's attorney, of Newport Beach, California. In the case of Microsoft, the question is especially critical because the company controls more than 90 percent of the market for operating systems, the lawsuit notes.

Taschner says that since he filed the suit in late September, he has received nearly 3000 calls and e-mail messages, many from users who want to join the suit.

Regardless of what happens in Hamilton's case, it's clear from our readers' responses--not to mention the barrage of headlines about security flaws since last summer's devastating Blaster and SoBig attacks--that Microsoft may have already lost this round in the court of public opinion.

Microsoft is not even coming close to meeting its obligations to consumers, observes Jim Rochelle, a longtime PC user in Thompson Falls, Montana. They rush products into production too quickly and do not take enough time to better ensure the security of the products they are putting out.


Microsoft's Response......................
More at PCWorld