The mainstream media is going nuts over a new security warning. Probably the worst reaction came from Dan Gillmor of the San Jose Mercury-News, who is one of the most reasonable people in the world until he hears the word “Microsoft.” In Yet More Microsoft Insecurity Outrages, he quotes a BBC News story that claims: “Users are being told to avoid using Internet Explorer until Microsoft patches a serious security hole in it.”
Then he adds:
How many billions of dollars of damage is Microsoft’s inadequately secure software causing every year? Why is the company not liable for any of its nonfeasance?
Where are the trial lawyers on this one? I don’t get it.
Oh yeah. That’s what we need. More lawyers. Sheesh.
Read Microsoft’s official warning on this issue. If you use Windows XP, consider installing Windows XP Service Pack 2, which is available as a very stable Release Candidate beta. I can confirm from personal testing that it blocks this type of exploit effectively.
Update your antivirus software. Trend Micro’s PC-Cillin (my favorite) protects against this exploit. So does Norton AntiVirus. So, I presume, does just about every other maker of antivirus software. If your virus definitions are up to date, you’re protected. If they’re not, well, you’re vulnerable to this and many other attacks.
If you run a Web server using Windows 2000 and IIS, install the latest patches. This exploit depends on Web servers that are running without the proper attention to security.
If you don’t think Microsoft can handle security, you have lots of alternatives, starting with Mozilla and ending with Linux. But please, don’t start talking about lawsuits and lawyers. Class action suits make lawyers richer. They won’t make you safer. Not one bit.
Ed Bott 
“Class action suits make lawyers richer. They won’t make you safer.” On the contrary, Ed.
Class action suits are responsible for many change in products that are safety related. Can you say “seat belts”?
That’s just one example.
While I hate to see more litigation, I kind of agree with Dan here … Someone needs to start holding Microsoft’s legal feet to the fire on this.
Well, I’m certainly not suggesting that lawsuits in general are a complete waste of time. But reserve them for those occasions when a business is actively abrogating its responsibility.
I spend a lot of time looking at security issues. In my opinion, Microsoft is treating security as its absolute top priority right now. I absolutely guarantee you that the best minds at Microsoft’s security team (and those are talented people) are looking at this issue virtually around the clock, trying to figure out the best response.
How would a lawsuit improve that response? Both SP2 (short term) and Longhorn (long term) represent fundamental improvements to the Windows security model. Yes, it was broken in previous versions, and I yelled about it as loud as anyone. But how will a lawsuit make Windows or Longhorn users more secure?
Calling for class action lawsuits three years ago might have been appropriate. Doing so now is just misguided, in my opinion.