Some of these breaches were quite serious. One such defect in Windows XP could have permitted scam artists to make use of the operating systems' Universal Plug and Play feature to take over victims' computers. Another major flaw, this time in Microsoft's Internet Explorer 6, would have allowed an attacker to access private files, steal cookies and even redirect the targeted user along the World Wide Web. Additionally, privacy guru Richard M. Smith demonstrated how a hole within Windows Media Player can be used to track users of IE6, even if they have Microsoft's vaunted P3P (Platform for Privacy Preferences) technology on a high setting. The software giant has released patches for most but not all of these vulnerabilities, and Smith has criticized Microsoft's approach to fixing the Media Player hole in particular as inadequate: "There are many people who have never run Windows Media Player yet they are still vulnerable to the problem."

These discoveries have made many observers wonder whether the company is doing enough to protect the privacy of its customers. Indeed, several organizations, including GILC members the Electronic Privacy Information Center, Computer Professionals for Social Responsibility, the Electronic Frontier Foundation and NetAction, had made similar points in a series of complaints to the United States Federal Trade Commission. Meanwhile, a few insurance companies have taken the unusual step of charging policyholders who use a large number of Microsoft products higher premiums.

For more on the P3P/Media Player flaw, see Stefanie Olsen, "Privacy flaw continues to dig IE hole," CNet News, Jan. 15, 2002

Read Robert Lemos, "Microsoft failing security test?" ZDNet News, Jan. 11, 2002

See also "Software security law call," BBC News Online, Jan. 16, 2002

For more on the Microsoft FTC privacy complaints, click here.