In a sign of users increasing frustration with the security shortcomings of many software applications, a civic group in South Korea has made good on their threat to file a lawsuit against Microsoft Corp.s Korean subsidiary, a Korean ISP and the countrys Information Ministry.
The suit is the direct result of the havoc caused by the SQL Slammer worm in January. The worm infected thousands of machines all over the world running Microsofts SQL Server 2000 software, but it hit South Korea particularly hard. Some ISPs in the country were knocked off-line for extended periods of time thanks to huge amounts of network traffic generated by the worm. Damage in the U.S. was mostly limited to smaller network outages, but at least one banks ATM machines were affected, as was the 911 system in one locality.
Slammer exploited a known flaw in the database software for which Microsoft, based in Redmond, Wash., had released a patch six months prior to the outbreak of the worm. But that apparently wasnt sufficient to satisfy the plaintiffs in the Korean lawsuit. The Peoples Solidarity for Participatory Democracy, suing on behalf of more than 1,500 Internet users, 70 Internet café owners and an online shopping site, says that Microsoft is at fault for allowing the vulnerability into the SQL Server software in the first place, according to a story in the Korean-language Chosun Ilbo newspaper. The group had been threatening to file the suit for several months.
The action is predicated on the countrys Product Liability Act, which enables consumers to sue for damage resulting from products. There is some question, however, as to whether software qualifies as a product under the terms of the law.
Such lawsuits—especially those that name software vendors as defendants—are relatively rare, thanks to the terms of the user license agreements that accompany virtually every commercial application sold today. License agreements typically require that users agree to use the software as-is and surrender any rights to hold the manufacturer liable for defects or damage caused by the application.
In some cases, large corporate customers have service level agreements that give them the ability to hold their ISPs liable for network outages that affect the companies ability to do business. But individual consumers dont enjoy such protections and are essentially left to their own devices when it comes to problems such as Slammer.
Latest Security News:
Search for more stories by Dennis Fisher.
Find white papers on security.