Slashdot Mirror
Microsoft Sued for Defective Software
Door-opening Fascist writes "eWeek is reporting that a South Korean citizen action group, People's Solidarity for Participatory Democracy, is suing Microsoft for putting the SQL Slammer vulnerability into Windows. They are doing so on behalf of the South Korean people and businesses affected by SQL Slammer."
Shut up and patch your systems like the rest of the planet.
Software isn't a physical thing so it's impossible to make it bug-free.
You knew about this vulnerability for months, there was a patch for it, and you did nothing about it."
Pick a defense, any defense...
- A.P.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
Let it be noted that Microsoft already had SQL SP3 out which fixed the problem before it ever occurred. PSPD should try using a vulnerability that could actually hold water in court like Code Red or it's dirivative, or any other Word ActiveX open-execution macro vulernability.
Opponents of open source frequently argue that proprietary products are better then open source because "you can sue somebody".
Here somebody is suing MS. Let's see how that works out.
War is necrophilia.
Anyway there is a very important point about *incidents* like this : they get people's attention about the completly crazy EULAs that some SW companies (namely Micosoft) and content providers (RIAA/Hollywood mob) are currently imposing to they 're costumers ...
imposing a bit of regulation about the limits of what could be put in a EULA is IMHO a very good think ...
if the ppl who launched this lawsuit make the
Cheers from Portugal
Except MS has the same wording in their license.
Michael Loves Me!
(I am not a Korean laywer)
Does anybody know if the click-through license is worth a rat's ass in Korea? Does Korean law give the plantifs an edge that they wouldn't have in the US? Any Korean laywers out there?
Actually, even tho Microsoft had a patch available for the SQL vulnerability months before Slammer hit, a subsequent patch re-opened the vulnerability. Maybe their techs did all the patches when they were released.
I don't believe they ignored the problem or didn't fix it. IIRC they had a patch out 6 months beforehand.
You want to sue someone, sue the sysadmins who
A) Didn't patch
B) Left MS SQL right out on the open internet
C) In short didn't do their jobs.
If you're running MS products it might not be by choice, but there is no excuse for not being aware of patches and the state of your firewall. They were all probably too busy rebooting Windows desktops to have time, but still.
-- taking over the world, we are.
First, if Microsoft's EULA already prevents them from being sued, software is as-is, why do they release patches in the first place?
This isn't a question about whether or not a user can sue, but a more basic matter of accountability and responsibility. These are the most fundamental issues in selling anything to the public.
Microsoft is responsible for this snafu, but they have never been held accountable. Their bugs, their glitches, their crashes. Its become a running joke with techies. It shouldn't.
When Slammer first hit, people said installing the patches required taking down the servers, running several patches, and praying it still worked. No garunatees about anything. What's the justification? Time wasn't available. Who could afford to do this? How high was it on MS list of things that had to be done?
But no one is mentioning those same arguments now. Its South Korea's fault for not doing the updates.
As I recall weren't the patches buggy enough to cause another major security hole?
We know Microsoft is responsible. We know who should be held accountable. But MS throws in a disclaimer and all is good. The disclaimer is not a silver bullet. There must be accountability for faulty software, no matter who wrote it.
Will it stifle open source development? Probably scare off crap coders is what it will do. If everyone working together reviews, checks, and verifies, they are going to catch most of the bugs before it goes out the door. The remaining bugs are fixed with patches.
I honestly don't see anything wrong with suing them. The EULA is not a catch all. The EULA should be thrown out, and rewritten. Users have the right to hold developers accountable.
Its about time someone figure out how.
Ok, fine, that's not what I'm worried about. I'm worried about how this will affect the closed source that I develop. You know, the kind that I get paid to write? You mean a customer can now sue me or the company I work for, even though they insisted on having the software completed in an unreasonable amount of time without testing, and put it into production well before it was ready for that? Wonderful.
--Drunk as in Beer
"haven't noticed the NO WARRANTEE blurb in the MS EULA."
On the other hand, Microsoft software is "leased (not sold)," which means any damage done was done by Microsoft property.
If there is any legal eagles in the audience, what is the precedent involving a seriously defective car that causes injury/death/damage? This defect would have a notice sent out somewhere/somehow offering the capacity to take the car back to the shop and replace the defective part, but the user either didn't know or didn't follow through with the effort involved.
This seems to be what this software has done: there was a defect and a capacity for a customer to do work to fix it, they didn't do it, and damage resulted.
Any cases like this with products in the automotive area, and did they favour the defendant or the plantiff?
Best wishes,
Robert
-----
Cast a Cold Eye
On Life, on Death
Horseman, pass by
--W.B. Yeats' gravestone
the eWeek article is refering to this Chosun Ilbo article in a Korean daily newspaper. The lawsuit is part of the 3 way lawsuit against the South Korean Information Minister, ISPs, and the South Korean division of Microsoft. Again this is the SOUTH KOREAN division of Microsoft for failing to inform Korean ISPs of the patch and its signifigance. These are people and businesses who were knocked off the grid for days and had nothign to do with microsoft's licensing. Thus a class action lawsuit. The idiot poster makes it sound completelly different.
yet if your car was to suddenly veer off the road from a known defect you'd expect the auto company to deal with it! Driving the car down the road doesn't generally cause the wheels to just 'fall-off'! That is the issue with MS.
Maytag repair guys are what 100,000-to-1 with their insalled base? even doctors are about 100-200-to-1. yet PCs are supposed to be 10 or 20-to-1 for admins. It's a crock! If any other business system was this terrible, it would be bankrupt in a year! And MS only answer is that the admin should run around and babysit the system? They offer automated updates, then again blame the admin for not "testing". You all check the gas quality going in your car before you fill up right. Or, you consult medical texts after going to the doctor just to be sure he called your illness right.
I'm sorry, this stuff should just work. Compaies have invested 10 years and billions of dollars into windows and it still doesn't just work! Billy designed the system so that MS had 'plausable deniability' After all, they don't make hardware [not their fault], or drivers [not their fault], or systems [oems didn't test, not our fault], or software [sure we have Secret APIs but not their fault], they pretend to train admins [but not their fault if admin shamans don't dance right], and of course users because they make the computer do "stuff" MS might not have planned! [if MS did plan it, they'd charge more!] They have no techincal support without outrageous fees [Linux cost is mostly support--and you can afford to use it!] Well, it's basicly like OSS only costs more. They offer the same package of benifits!
That said, I don't think a lawsuit is the way to go either. We're trying to get rid of stupid IP laws, not tie ourselves to them more! If the liability cost of software goes up, then free software will die a horrible death. We're not sophisticated enough to have software "building codes" yet and license "Software Accountants" to set them up. Even then without 100% control of a system, you just can't have that kind of liability...Then again, maybe that's what MS wants [OK we know they want it] total control of the systems and your wallets!
This is a good point, and might make something good come of what otherwise sounds like a ludicrous lawsuit. If retaining "ownership" of the software, and only "licensing" it to us, makes software companies liable for bugs, maybe they'll start letting us actually buy the stuff we pay for.
Not bloody likely, though. This lawsuit is being brought in South Korea, so that even if they win, the precedent doesn't really apply over here (here being U.S. in my case).
I found the meaning of life the other day, but I had write-only access.
Sidebar from an article on Slammer in the Feb.3, 2003 issue, page 12:
... it's only with Service Pack 3 that it became easy to install".
"...many IT departments did not install the initial patch because installation could not be scripted. Instead, DBAs were required to manually stop each instance of the software running in their organizations, rename or remove some files, and paste the patch files into each instance
~REZ~ #43301. Who'd fake being me anyway?