Software makers may be targets of lawsuits


March 30, 1992|By Richard Burnett | Richard Burnett,Orlando Sentinel

Computer viruses may be coming soon to a courtroom near you.

In the wake of the Michelangelo and Jerusalem electronic diseases, computer experts are talking about the litigation that eventually may result from the growing virus phenomenon.

Product liability is the issue.

Put simply, if companies or home computer users suffer damage from computer viruses that can be traced to a particular software product, the software maker could be liable for the loss.

"We may be talking about actual negligence by some software companies," said Padgett Peterson, a computer security expert in Orlando, Fla.

"I have been wondering where all the lawyers are on this one. You'd think this area would be wide open for suits," he said.

Until recently, computer viruses have spread mostly through electronic bulletin boards or bootlegged diskettes of games, word processing or other programs, experts said. In such cases, it is hard to pin liability on anyone. Computer users bootleg and download at their own risk.

But some electronic infections are now infiltrating software that consumers can buy at their local retail outlets. Responsibility for damage from those products can be more directly determined.

"The law would apply to the computer industry in terms of product liability just as it would in any other industry," said John Venator, chief executive officer of the Microcomputer Industry Association, a national trade group based in Chicago. "But this is an industry that hasn't faced that type of thing before."

Last month, an estimated 40 companies shipped out software that may have been infected with the Michelangelo virus, according to the U.S. Computer Virus Industry Association, a trade group based in Santa Clara, Calif.

Some companies announced that the software had slipped through their security checks and was inadvertently sent to distributors.

Intel Corp. of Santa Clara, Access Software Inc. of Salt Lake City and Leading Edge Products Inc. of Westborough, Mass., were among the companies alerting distributors that the virus had infiltrated some software products.

Leading Edge officials said they received no reports of damage from Michelangelo on March 6, the Renaissance artist's birthday and detonation day for the virus.

The recall effort worked, and the company either stopped the units from reaching the shelf or sent out anti-virus software disks to users who bought the systems, said Susan Zephir, Leading Edge spokeswoman.

"We were all surprised, but it was a very quiet day," she said of March 6.

"We made a good-faith effort to reach all who purchased the systems, and we believe we have done everything we could to deal with the situation."

Ms. Zephir said Leading Edge has determined that the Michelangelo infection came from one of the company's suppliers, which she would not identify.

Leading Edge's action was similar to a conventional recall by automakers or food processors that find a flaw in their products, Mr. Venator said.

"Instead of taking a chance, they went very public with it and took a pro-active stance," he said. "I think this was commendable and very responsible on their part."

It is possible, however, that Leading Edge or other companies in a similar position could still be held liable for damages if their recall effort failed, computer experts said.

"If a breakdown in quality control results in you using an infected diskette that trashes your hard drive, then I would think a lawyer could show responsibility with the company," said Harley Myler, associate professor of computer engineering at the University of Central Florida.

There may be an even larger issue of responsibility in the battle against computer viruses, said Mr. Peterson, who is a member of the U.S. Computer Virus Industry Association.

The major software companies should be able to prevent the spread of virus infection by including anti-virus programs on their retail software packages, Mr. Peterson said.

Microsoft Corp. of Redmond, Wash., the leading U.S. software company and author of the DOS program, could be a major force in the fight, Mr. Peterson said.

"Microsoft hasn't done anything bad; they just haven't done anything," he said. "It would be simple for them to eliminate the spread of most of the known viruses."

A spokeswoman for Microsoft said the company was not commenting on the computer virus issue.

Some producers of anti-virus software said, however, that it was not practical for Microsoft and others to include generic virus protection programs on their software.

Generic anti-virus software can miss too many of the estimated 1,000 viruses that have been identified worldwide, said John McAfee, president of McAfee Associates, an anti-virus software company in Santa Clara.

So-called "stealth" viruses can easily evade software that isn't written to detect it, Mr. McAfee said. Continually updating the generic anti-virus software would be time-consuming, ineffective and impractical for Microsoft, he said.

"Companies can ensure virus-free software through product quality control, so if you ship infected software, you should be held liable," McAfee said. "But I don't think you should be held liable if you don't provide generic virus detection."

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.