Companies should ensure virus protection

Software companies should take full responsibility to assure that their products are safe from virus attacks, the Consumers' Foundation (消基會) said yesterday.

These companies should also provide proper measures to repair damage caused by flaws in their products, the foundation's secretary-general, Cheng Jen-hung, (程仁宏) said at a press conference.

"A series of virus attacks, which aimed to cripple Microsoft's operating system, have created great damage around the world including Taiwan," Cheng said. "Microsoft should take action to protect consumers."

The US software giant has been the favorite target of computer hackers for years. Two recent examples of virus attacks in the past two months, the "occurBlaster" and "Sobig" worms, slowed corporate networks -- ? as well as home-user and small business machines -- worldwide.

Although Microsoft has provided support programs to block the viruses, Cheng said the efforts have not been quick enough or efficient enough.

"Microsoft should give free anti-virus software to consumers who purchased its products... The company should provide better service when glitches occur," Cheng said.

In response, Microsoft said it has done as much as it could. "We've been working hard to improve our product security, and also posted on the Web the updated fixes for the flaws in our products," said Pamela Chang (張培蕾), a public-relations official at Microsoft Taiwan.

Furthermore, the company is investing US$6.8 billion in advancing product security, Chang said.

Microsoft last year launched what it says will be a 10- to 15-year program, "Trustworthy Computing Initiative," aimed at refocusing the company's strategy on security and reliability, so as to regain the public's trust and confidence.

American consumers, however, are reluctant to wait for so long. The <> reported on Monday. Many security experts and policy makers in the US have started to advocate direct regulation: They want legislation that makes software companies liable for damage caused by security flaws in their products.

A model for regulation might be a California law that went into effect in July. That law requires companies conducting business in the state to disclose computer security breaches if they result in unauthorized access to residents' personal information. Businesses that violate the new law can be sued for damages, the New York Times said.

Asked if similar legislation could be introduced in Taiwan, Yeh Ping (葉平), managing director of Software Liberty Association of Taiwan (軟體自由協會), said yesterday that such a law could protect consumers, but would frustrate software development in this country.

"For now, no software company in the world can assure that there is no single defect in its products," Yeh said.

"With only one glitch, the company that produces the software could go bankrupt," he said.

If all companies are required to improve product security to a certain degree, the retail price of software products -- already considered high by most consumers -- will be driven up.

That, in turn, would lead to even more software piracy and have a negative effect on the development of software in this country, Yeh said.

He suggested that consumers need to look out for themselves and not wait for software companies to make any commitments on product security.

"First of all, consumers need to read the terms and conditions carefully when making purchase decisions," Yeh said.

"They also need to keep updating their software to prevent potential virus attacks," he said.