Comment Articles

Who's to blame when hackers hack?

David Coursey AnchorDesk

Published: 05 Feb 2002 15:40 GMT

Should software companies be more liable for problems caused when software breaks or some malicious outsider breaks it? The National Academy of Sciences, in a security paper released last month, says yes. But I'm not sure our nation's supposedly brightest minds have really thought this out.

First, let me make one thing very clear: I don't understand why I have to buy antivirus and security software. Not that I hold anything against the companies that make those products; actually, I think McAfee and -- especially -- Norton do a pretty good job.

But if all this software does is protect me against vulnerabilities in Microsoft's operating systems, technologies, and applications, why doesn't Microsoft just give me the protection for free? Or perhaps as a subscription (I know readers hate the word) that includes operating system updates and upgrades as well?

To be sure, Microsoft does provide a great many free patches and fixes as security problems are encountered. And its turnaround time from discovery of a problem to distribution of a fix is usually pretty good. The same can be said for the antivirus vendors, who seem to discover a virus in the morning and have a fix out the same afternoon. (I wonder how they do that!)

Of course, all this is for naught if users don't actually download and apply these fixes. I've written about this before, but if you run Windows Update on your machine, Microsoft will automatically send you the fixes you need. That still won't take care of your antivirus software -- the basic protection EVERY computer needs -- and those programs offer automatic downloads as well.