Microsoft has been hit with a lawsuit by a victim of identity theft, who claims that the prevalence of Microsoft software "creates a global security risk".

The litigant is seeking class action status for the suit. The news follows last month's apology by Microsoft senior security strategist Steven Adler, who told delegates at the Gartner Security Summit that the company was sorry for the loss and damage caused by the recent onslaught of computer viruses that have attacked his company's software.

Adler, like other top IT executives, said that the company had not done enough in the past to protect its customers from security vulnerabilities but has pledged to mend its ways, and its software. Microsoft recently adopted a "trusted computing" strategy, which aims to build more-secure software from the outset, although the effort is not expected to produce significant results until the company releases its new operating system, codenamed Longhorn, in 2005.

'Wide of the mark'

A UK Microsoft representative said on Friday that the Los Angeles lawsuit "misses the point" by accusing Microsoft instead of the people who write the viruses. She added that the company has recently taken measures to streamline its security process and advise users of new patches and vulnerabilities.

Crossville Ceramics network administrator Dale Sweitzer observed: "I'd be happy if Microsoft put the same standards in trustworthy computing that we put into we put into our work in the field".

"If I did the job Microsoft currently does, I'd be fired," he added.

Sweitzer oversees the security of 160 geographically separated PCs and spends most of his time applying patches. Although he is frustrated with the patching process, he sees no better alternative for the short-term, saying that it would be too difficult to re-train users to use more-secure platforms such as Linux.

Microsoft's dominance of the desktop market is increasingly coming under scrutiny when it comes to evaluating software security.


UK security researcher mi2g issued a report last week saying that viruses and worms aimed mostly at Microsoft systems cost users $64.5 billion in productivity loss, hardware and software upgrades and recovery in the third-quarter of this year.

Mi2g Chief Executive DK Matai said on Friday that this kind of damage is likely to continue if the problem of "biodiversity" – the adoption of multiple software platforms and systems – is not addressed.

"In order to slow down the rapid spread of viruses, it's important to have a diverse range of operating systems and servers in a corporation," he said.

Diversity looks unlikely to happen in the short-to-medium term, given Microsoft's hold on the software market. In the meantime, it remains to be seen if Microsoft and other major IT vendors will be held accountable for losses that occur because of attacks targeting their systems, or if the virus and worm writers are taken more to task.

"We are doing all we can to improve the security of our software," Adler said at the Gartner Summit. But then, he conceded, the security situation is still "a bit of a mess."