Slashdot Mirror
Lawsuit Against Microsoft Over Insecure Software
Cinematique writes "Reuters reports that a California-based lawsuit alleges the Redmond software giant produces software with little concern for security and that their products are highly susceptible to, "massive, cascading failures." Should Microsoft's software be treated any differently than, say, automobiles?"
Valve might want to take a look at this lawsuit considering their potentially devestaing loss reported earlier today. According to Gabe Newell, from whom the source code of their latest was stolen, a hacker gained access to his machine "via a buffer overflow in Outlook's preview pane." Read his entire message here.
"I can not bring myself to believe that if knowledge presents danger, the solution is ignorance" - Isaac Asimov
The problem is : if Microsoft is judged responsible, what would happen to others in the same situation ? Especially to free software ?
{{.sig}}
http://www.shacknews.com/onearticle.x/28619
Though I'm not sure what they were thinking having the preview pane enabled.
More like Firestones...
How long before SCO joins in and sues Microsoft? "Your honor, this code is so crappy, it *clearly* had to come from us!"
...no one gets killed when Dr. Watson pops up and you have to restart Word. When your tire explodes and you flip and burn, well...let's just say it seems more severe.
(Besides, I think almost no one here would enjoy being held accountable for all the bugs they've written over the years...)
"A great democracy must be progressive or it will soon cease to be a great democracy." --Theodore Roosevelt
Perhaps an "incentive" could be established for commercial software manufacturers to not throw in that horrid clause in their EULAs disclaiming all liability.
Hopefully the decision will be intelligent enough to exclude free, take-it-as-it-is software.
Use ISO 8601 dates [YYYY-MM-DD]
Besides, every time I see an exploit, it's after Microsoft has already issued a patch. This would seem to suggest that they aren't as responsible for the problems as many seem to think they are; as soon as they're aware of an issue, they fix it. Maybe they could design the stuff secure out of the box, but they'd be the first manufacturer to accomplish such a feat.
Stop using it if it's a problem. There are alternatives now.
Try not. Do or do not, there is no try.
-- Dr. Spock, stardate 2822-3.
It specifically says in M$'s TOS that the software is not to be used for any life-critical applications. In fact, QNX is the only compnay that will license software for life critical stuff. Microsoft also has a non-responsability clause in their TOS. This is going to be a long, drawn out fight, like the one against tobacco companies.
Statistically, one could probably claim that Microsoft products have killed people in an indirect manner.
Sig (appended to the end of comments you post, 120 chars)
More free computers for all! :p
You agreed to the product being sold AS IS. Yeah, so Microsoft does operate like a used car dealer, but I doubt that Canada has any legal cause here.
...someone finally grew enough testicles to stand up and bring this problem to the courts. I sadly predict it will be swiftly quashed, however.
Note all the one line comments above: they want to get the FP but, sadly, also want Karma so prefer to spill a single line comment or something mildly provoking, rather than something meaningful.
--
FreeNET user? Comfortable with the adverse selection?
...the 9th circus of appeals...
"The problem with socialism is eventually you run out of other people's money" - Thatcher.
... focused on Security, a great deal of public information on the subject, influence with a wide array of standards bodies and a published strategy covering the topic I'm guessing that this will be a tough case to win in a court.
Well... think of the world we'd be in if this suit succeeds. No matter what you think of Microsoft, the precedent set would be dangerous to the software industry as a whole and even individual open source developers. Who do I sue if a Linux vulnerability causes damages? Sure Linux developers disclaim responsibility for these kind of problems... but so does Microsoft. I guess I'd have to go after Linus or his equivelants depending on the project at fault. Maybe I should quit technology and just become a lawyer... I'd make more money if this thing goes through.
What are the costs to the user when software vendors are held to the same reliability standards as auto makers?
Should there be differentiation between operating system stability and application stability?
What responsibility does the user have for securing their own property?
How will different countries answer these questions, and what is the implication for US software vendors if there are 80 separate standards of culpability for an operating system?
And since I should have at least one answer, the speed of light is slower in materials with a higher index of refraction.
...Should *all* software be treated any differently than, say, automobiles?
Don't want others to think we're baised, after all... :)
(And yes, I know MicroSoft is the worst culprit.....)
Matt
Should Microsoft's software be treated any differently than, say, automobiles?
Que all the "If your car was designed by Microsoft" jokes. It would crash every day, you wouldn't be able to open the hood, blah blah blah, shut up people.
Seriously though, I think that not just Microsoft, but all "critical" level systems should be held accountable. Obviously machinery for hospitals are held accountable - if an XRay machine overdoses a patient with radiation and kills them you better believe the manufacturer is in deep shit.
Obviously games/etc don't have much at steak, but any product that is intended to have people depend on it (an Operating System, or a rendering package used in Hollywood, etc) should be aware of the dependency its costomers have on it, and yes - it should be held accountable if infact it causes the customers conciderable financial (or health, or whatever) damage.
no comment
Any ruling making Microsoft liable could be used by the legal system as a precendent to make ALL software companies and/or individuals who produce software *personally* liable damages arising from use. This may look like a "we've got 'em now" scenario, but it might come back to bit us.
Later, GJC
Gregory Casamento
## Chief Maintainer for GNUstep
Can any motivated and talented enough 16-year-old car theif break into your car and steal it? Probably, the answer is yes. Sufficiently motivated people can find ways around security. What do you do if you own a car that you don't want stolen? Buy an alarm system and have it installed. Similarly, you buy a firewall and antivirus and install that on Windows.
Communism was just a red herring.
If you wish for them to be held liable, remember it's only fair that Apple, or even Linus be held liable as well when Linux or OSX get's hacked (and don't even mention that it could never happen - it already has, many times). Anything else would be hyposcrisy.
as much as i think their products are crap, i don't like lawsuits. it's simply legal lottery. when they violated anti-trust laws, nail 'em to the wall. but this is really asinine. last time i checked, they never marketed windows with security being one of the features. if they purposely left holes in their software, then go after them. go after the people who made the decision. negligence is punishable. incompetence shouldn't be. just don't buy their crap. i realize the option isn't there for desktops, but it is for servers. and i am sure it will be for desktops soon.
My problem? I was perfectly gruntled, until some numbnuts came by and dissed me.
With the horrible network congestion and system compromisation that has come with the recent rash of massive MS worms, you do not have to have agreed to a EULA in order to be harmed by Microsoft's poor design and blatant disregard for security.
In other words: it has reached the point where even people who are not Microsoft product users are harmed by Microsoft's irresponsibility. The messes created by the holes in MS products make EVERYONE a possible target for collateral damage.
Your car explodes, people die. Windows crashes, you lose a bit of work. Of course they should be treated the same, I mean the similarities are obvious [1]. Second, I hope this passes, then I can sue Redhat and mandrake for exploits in VI -> $$$.
1. Anyone who runs life criticial (hospital equipment for example) stuff on an OS not designed for that deserves to be shot.
Maybe their software should just come with a big sticker "don't depend on this product"...
See, automobiles can hurt you when using it, but Office cannot.
What are could the charges be?
Of course it should, they're different things.
Macintoshes would be suspect to "massive, cascading failures" if they accounted for 96% of the personal computers in the world. ;)
Car manufacturers must make their cars safe because there are already laws in place that apply to everyone. You can't all of a sudden decide to pick on one companies' product. They are not breaking any existing regulations, and so they shouldn't be held liable. Moreover, they could certainly claim that they did not intend for their product to be insecure, so they had no malicious intent. Lastly, they can always play the end-user license card.
Gabe held a number of positions in the Systems, Applications, and Advanced Technology divisions during his 13 years at Microsoft. His responsibilities included running program management for the first two releases of Windows, starting the company's multimedia division, and, most recently, leading the company's efforts on the Information Highway PC. His most significant contribution to Half-Life was his statement "C'mon, people, you can't show the player a really big bomb and not let them blow it up."
I wonder if he signed a contract that prevents him from joining a lawsuit against MS since it was their software that allowed his next big project to go buh-bye.
I think that the lawyers should have stopped to read the license agreement instead of being so click happy.
...what disclaimers are for?
If we had a real government concerned about abusive monopolies then Microsoft marketshare would be curbed at 50% . We would then have an OS market. More companies would make operating systems or use opensource. I do enjoy these lawsuits against Monopolysoft. How many of you would participate in a lawsuit against the computer manufacturers to force them to stop participating in microsofts monopoly by giving their os with new computers. Force people to buy the new microsoft os for a couple of hundred dollars and lets see if people select opensource over criminalware. Most would select Linux for free.
I'm up for some MS-bashing as much as the next slashdotter, but this isn't the way to beat Microsoft or get them to release secure code.
Capitalism holds the answer - provide a better alternative that takes away their market share forcing them to improve or be left behind. With them being a monopoly, this problem is far greater in difficulty, but progress is always being made. Free software is getting viably close to many of the roles that many people use Windows for.
I'd rather wait for that to happen than have another frivolous lawsuit like this. I'll feel better about the successs of better software all around if MS gets to be better because of competition from free software getting better.
-N
I've nothing to say here...
I am concerned that distributions like debian could be hit with insecure software lawsuits. As most people know Debian (gnu/)Linux by default uses software a few versions back due to stability purposes, but sometimes they are obsolete packages that are not supported by developers of the software. If, for example a secruity hole pops up in kde 2.2 (current kde version in Woody), which is no longer supported by Mainstream distros, should the Debian organisation take the blame for using dangerous old components?
At first I though that this could be a very interesting case for many points. But its central argument appears to be poorly constructed. They are suing microsoft because their monopoly makes their insecurity a bigger problem. I'm all in agreement with the "monoculture is bad" argument for many reasons, but you can't sue someone for being a monopoly, or for the bad effects being a monopoly. Companies can only be held accountable for leveraging a monopoly, and this case has already been heard and decided on. The fact that we know more bad stuff that can happen because of their monopoly does not provide any more evidence that they are indeed leveraging their monopoly, so why do they think bringing them to court again over the same issues will result in a different ruling. Do they really think they have more resources and motivation to pursue this than the US and state governments combined?
The other two claims are the interesting ones. Can software writers be held accountable for damages caused by flaws in their software? Even if they put an "anti-warrantee" in their license? (I hope not) Are click-through licenses agreements valid in this case? These are all question that would have to be asked.
follow the link and read the story, the case is built "on the claim that its market-dominant software is vulnerable to viruses". It does not say that the case "alleges the Redmond software giant produces software with little concern for security" as the /. article suggests.
I'm not aware of an OS that isn't vulnerable to viruses. Precedent is a dangerous thing.
No matter what the EULA, or any warranty, expressed or implied states, the only proof needed to hold sofware makers responsible for their creations is to prove that the software was vulnerable due to negligence on the manufacturers part. There are many states and possibly even US law that dictates that you cannot disclaim responsibility due to negligence...
Oh yeah.. AIANAL...
Fire in the hands of the village idiot is no tool, but a weapon of mass destruction
.. have for FP, but windows crashed and I had to reboot. :(
..you should ditch what you are using, no matter how convinient it is..
the story on shacknews for example on how valve got trojaned.. why on earth did they keep using software they knew was suspectible to be trojaned? or kept using webmail that was compromised(why did they use webmail, and outlook, in the first place is beyond me too if they really were trying to keep a lid on things, they're quite awful to trust)?
**Shortly afterwards my machine started acting weird (right-clicking on executables would crash explorer). I was unable to find a virus or trojan on my machine, I reformatted my hard drive, and reinstalled.**
do i have to take it as that he felt something fishy was going and yet didn't secure his webmail?
fuck, a company that suspectible for hacking should be really paranoid and read the mail first on some other platform than one that has had a history of buffer overflows exploitable even without opening the attachment..
world was created 5 seconds before this post as it is.
What about the vertical vendors that claim that Windows is secure enough and that since the vendor only wrote the software to run on Windows, it is what the customer should trust with sensative data?
What about the consumer that despite wide availablity of documentation show security problems with Windows choose to go with it anyways?
If you buy fireworks and they explode, is there something wrong with the company that produced them?
I haven't had the fortune of reading any of Microsoft's licenses, but I would be willing to bet that there is a clause that limits thier liability.
-= alphaFlight =-
How complex is it to look at a security warning and click on windows update? As much as I like MS being sued, this is just for the lawyers to get rich.
This user makes a flippant one line comment and gets +5 for saying what everyone thinks already. How about some productive thinging rather than mods responding to blatant whorness.
--
FreeNET user? Comfortable with the adverse selection?
They're claiming that releasing a security fix is "unfair competition." The people sueing don't want Microsoft to release security fixes at all...
What kind of crap is that?
I like the usage of the toilet plunger and toilet brush.
Great at presenting a restroom setting, and very powerful imagery.
Here in Australia we take things into account like the price of the goods and the purpose for which they were intended. You're not, for example, going to have much luck suing someone over those $2 scissors you were using to conduct major surgery, but you may succeed with the $200 surgical variety.
Now if MS were happy charging a reasonable (given the price of hardware, say, $100 - 10% of a machine's value rather than $1500 and 150%!) price for their software, and weren't running around trying to force their way into everything with a processor then they'd probably be safer from such claims than they are now.
Back in the 1980s, a Japanese worker was killed by a robot on an assembly line due to a software failure. And robot control systems are very throughly tested before a new model of robot is released. Microsoft is trying to muscle their way into the embedded marketplace; do you want software that has plenty of known defects/security issues running your robot?
If "disco" means "I learn" in Latin, does "discothèque" mean "I learn technology"?
were you using X12 Windowmaker again??? DON'T SEASONALLY ADJUST YOUR WINDOWS!!!
lameness filter enounted: Reason: Don't use so many caps. It's like YELLING.
--
FreeNET user? Comfortable with the adverse selection?
Capitalism and lax government under republicans with Microsoft stock created this MESS.
.
You could make a better OS and no one would fucking buy it.
Why ? Because of compatibility reasons. Microsofts does what other EVIL businesses do that have leverage by buying themselves onto shelf space like grocer suppliers. But with Microsoft , they buy themselves onto everyones computer with deals with the computer manufacturers. They then lock in other software companies into their OS just because they are at the top of the mountain
This has NOTHING to do with competition making the best product.
It's a about and Evil person,Bill Gates and their tyrannical business practices that hold their market share.
Whoever modded you a 5 needs Metamoderating down and have their moderating rights revoked for good.
It shouldn't be held to the same liabilities as an automobile. An automobile has the potential to hurt or kill people in it if it has defects. It is the responsibility of the auto company to make sure their cars will not hurt people due to their engineering flaws. In the case of Windows, no one is stopping you from using another operating system if theirs is not stable enough for your use. I think you should be able to get a refund if their software doesn't do what it says it can and then move to Linux, OS X or whatever else you would like to use. Suing MS for bad software is like saying you cannot use something else. I use something else so why can't California?
"If you are a dreamer, a wisher, a liar, A hope-er, a pray-er, a magic bean buyer
If their EULA/T&C says they are not liable then they are not liable. Its the responsibility of who-ever buys/installs the software to check, but no-one does, and if they did they would probably find no alternative software that had more liability. When a whole company gets hit with some stupid vb-script email virus its definately the equivilent of someone leaving the back door open and a burgler walking in - whos fault is that? (well actually its the equivilent of the builders not putting the door on and no-one noticing. If Microsoft forgets to put the door on but says that you agree they are not liable if you click "yes" then are they liable?
Its almost impossible to regulate software like you regulate health and safety for example.
This comment does not represent the views or opinions of the user.
Not Secure? Your kidding me? My Microsoft consultant told me those were features not security exploits!
This is my sig. There are many like it but this one is mine.
From the article: "Microsoft's eclipsing dominance in desktop software has created a global security risk," the lawsuit filed in Los Angeles said. "As a result of Microsoft's concerted effort to strengthen and expand its monopolies by tightly integrating applications with its operating system ... the world's computer networks are now susceptible to massive, cascading failure."
I think the above statement is pretty interesting. What it says (to me) is that the issue isn't that there are bugs or security problems with Microsoft products, nor is the issue that Microsoft dominates (or weighs heavily in) many software markets. The issue seems to be that Microsoft does both of these things, which results in a ubiquitous and totally insecure majority around the world.
This reminds me of the general pattern where Microsoft is busted for doing something that another company did first or is also guilty of. The non-Microsoft instance (could be a small company, or a large company with a small component) can usually can get away with it because of scale, whereas Microsoft cannot since it's on such a large scale that everyone notices and cannot ignore it. One of many examples is the "OS integrated with the browser" war. Nobody gave a shit when IBM shipped OS/2 warp with built-in browser support even though in principle it was the same thing Microsoft did with Internet Explorer. IBM's reach was minimal with OS/2, so it was rather irrelevant what they did. Not so with Microsoft.
So is this class-action suit setting a precedent that bugs in your software will lead to lawsuits? I don't think so. I also don't think it claims that being a gigantic, far-reaching company is bad. Just don't mix the two, or the wolves will come after you.
"Should Microsoft's software be treated any differently than, say, automobiles?" Great... Here come the Ralph Nader jokes...
If you experience loss due to Windows' flakiness in 1990, it is Microsoft's fault. If you experience loss due to Windows' flakiness in 2003, it is your fault.
Don't buy something that is infamous for being a piece of crap, and then pretend that you don't know what you're getting into. There simply aren't any rocks big enough in this solar system, for you to have lived under them and not be informed about Microsoft's reputation.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
You know, there is a simple solution to all of this.
M$ files a patent for insecure and buggy software.
It then becomes a "feature".
And just think of the possible income streams to be gained from lawsuits over infringement.
Bill, I would have much kinder words for your company if you would adopt me (or at least put me in your will). I'm such a sellout!
"Kittens give Morbo gas!"
Should anyone's software be treated differently from the auto industry?
I figure when MS can start charging $20,000 per OS license, then maybe we can expect bullet proof software safety. The kind of engineering required to give some kind of guarantee or waranty against "bad things" that these people are expecting would cause the cost of software to be prohibitive. Heck it may not even be possible if the software is complex enough. At some point you have to say well we've gotten it as hardened as is feasible, but there will always be some risk.
Sure MS stuff could be better engineered, but there's a point of diminishing returns for everyone involved. If YOU want guarantees, YOU pay to develop your own unbreakable system and use that. Otherwise the old "buyer beware" caveat still holds - especially in the case where the licensing agreement TELLS YOU they are not liable. If you don't like that by all means don't use the software. But don't sue the manufacturer of the car when they warn you in advance that the car could get stolen, that they're not liable if it gets stolen, you don't do what's required to prevent it getting stolen and then by gum it gets stolen!
This whole shuffling of responsibility through litigation is sinking this country faster than any liberal welfare policy or conservative defense budget.
I don't think cases like this are good for the industry in general, MS or no MS.
is going to change the world of software fundamentally.
Anyone who purchases Microsoft software without a guarantee that it is secure should have no grounds to sue for it not being secure.
Seriously, all of these companies who are bitching about worms and viruses hitting them need to either demand a guarantee from Microsoft or just accept the costs of the damages.
"Should Microsoft's software be treated any differently than, say, automobiles?"
This question says it all. Why should the makers of software that has the potential to do great harm in may ways, be treated differently than an auto maker, or a structural engineer?
Stay tuned, because as society becomes more and more dependent on technology, this question will be asked more and more.
Suing MS because there was a buffer overflow exploit in Outlook, is like suing Ford, because some guy hotwired the car and stole it.
Even if I installed the best security system money can buy, the car can still get stolen by a determined theif, much in the same way, an OS will get compromised by a determined cracker/hacker.
for building locks that are not perfect, allowing thieves to break into homes. How long before car manufacturers are sued because their security isn't perfect, resulting in stolen cars. etc.
I realize it's very amusing to most everybody here to see MS drawn into court for anything at all, but this is actually much worse for the free software community than it is for MS. Think about the following very carefully:
If the lawsuit is succesful then software authors can be held responsible for damages caused by flaws in their programs.
How many of us here are software authors? How many of us want to be sued because our software, which by it's very nature isn't 100% secure, was made to malfunction by a malicious third party? How many people will stay way the hell away from contributing to open source software if they can reasonable expect to be litigated upon if the software somehow becomes vulnerable?
If MS loses this case it's not a big deal for them. They pay a fine, they change a practice or two, life goes on. OSS, though, could very likely die.
If I was MS I would be trying to lose this case.
-Bren
Who will pay for failures? RedHat?
... this was never really a very big issue for most people until Microsoft starting issuing security bulletins.
Now they issue a bulletin, somebody exploits its, somebody else does not bother to read it.
The law suit claims that the update process is too complex, yet these are the same people who complain that no software company has the right to make an update process automatic.
They have enjoyed their stranglehold over the computer industry and stood in the way of real innovation for some time. Come on all you free market true believers! Where's your gripe with Microsoft?! How come you're not crying foul in regard to them??! If you actually believe in what you preach, then competition is being stifled here and something needs to be done about it. I propose the Microsoft be broken up in an OS company, an internet applications company, an office application company, an internet services company and a hardware company. Then they will have to compete against the rest of the software industry like any other player. It will put them on even footing with other companies of the same caliber. In addition, there should be an extra limitation preventing each of these companies from giving any of the other resultant companies a preferential relationship. This is what it would amount to:
Netscape = Internet applications company
Wordperfect = Office applications company
AOL = Internet services company
Logitech/Linksys = Hardware company
Novell/Redhat=OS company
Then you would have real competition. Not the fake illusion of competition that your corporate masters have brainwashed you into seeing. As it is, the "free market" is broken, but it's especially broken in the computer industry.
All software sold today is sold as unsuitable for any purpose. It says that, right in the license. So claiming your software is insecure is moot; you didn't buy secure software. You just bought some crap off the shelf and expected it to meet your needs. It didn't; and nobody's surprised.
But this case is even worse than that -- It involves Microsoft's ware, which is known to be insecure. It's in the news every single day. Trusting your corporate secrets to of-the-shelf software is just stupid, doubly so for MS ware.
Not that this wasn't entirely predictable.
to link their trustworthy computing platform to the security overflow issues...C'mon meatheads, one has very little to do with the other. The trust wrothy computing crap will cover locking the user out of their own PC. The security holes almost exclusivly derive from their STUPID decision to 'mingle' the code from IE and the local file explorer. The locl file handles had years of secure testing while the internet call were coded by nitwits on the fly after 27 hours of caffienated creativity. They work usually but had NO security, on convience in mind...
errr....umm...*whooosh* *whoosh* Is this thing on ?
So you realy think that the government should FORCE consumers to buy a non MS product? Will we see black clad shock troopers in the isles of Comp USA ready to enforce such laws? Bottom line is that at the end of the day, for whatever reason, consumers want Windows and Office. Who are you to say their choice is wrong just because its not the same as yours?
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
Firstly, software is your choice. Your complaints about MS software may be worthy of attention. However, you chose to use MS. And now that this is /., we all know there are alternatives. You can buy them on the Internet and even in some stores.
"The lawsuit, which was filed on Tuesday in Los Angeles Superior Court, also claims that Microsoft's security warnings are too complex to be understood by the general public and serve instead to tip off "fast-moving" hackers on how to exploit flaws in its operating system."
If you cannot interpret the information MS provides you, there are thousands of web pages and forums to help you. These are free as well. There are services which you can contract to do the work for you. Using computers has a cost. Using machines connected to the Internet has a cost. It is not the fault of MS that someone exploited the OS. They were irresponsible for leaving the vulnerabilities there, but unless you want to make the claim that they intentionally attempted to provide you with an insecure OS, then I do not understand the argument. XP does not say on the box "hack-proof: Try It!".
I have a little idea:
Software that directly controls physical devices (automobiles for example) which are themselves regulated should be held accountable to similar standards as the device which the software controls. They should be legally linked.
Software that does word processing, serves web pages, browses the Internet, sends email, etc. would not fall into this trap. We have disclaimers on lots of things saying don't use x with y or p as a q. So mark your software accordingly.
you'll notice the case seems to hinge on Microsoft's monopoly status.
... I don't know. Since I'm not a lawyer, this is where the case falls apart for me.
If they did not have a monopoly on desktop computer systems, this type of lawsuit wouldn't be a problem for them. Since, due to all sorts of vendor lock-in promoted by Microsoft itself, it is difficult for users to pick a different desktop, the lack of security in their software ( i.e. buffer overflows everywhere )
But maybe a monopolist which continues to abuse it's position _should_ be held to a higher standard than others ? Is it not arguable that MS has the resources required to audit all of it's code and fix such issues ? Maybe not technically true, but arguable in court...
Flaws in Microsoft software are common knowledge, if any fault needs to be passed out it would be against companys that used Microsoft software in life critical appliactinos without lots and lots of testing.
http://linux.web.cern.ch/linux/documentation/ptrac e_kernel_upgrade.shtml
You can shut up now.
Yes, capitalism is the best way for capitalism to work. Unfortunately your rationale fails to include any of the people who have to deal with the problems that Microsoft's s/w development habits enable. History can provide just as many examples of superior products that did not make it as did because of the laws of capitalism, so sitting back and hoping that your textbook still rules the world is just as realistic as it ever was. That is, not.
Is this lawsuit frivolous only because you wouldn't wage it? Microsoft's software causes real problems for real people! Not that there will ever be a problem-free computing platform, but jeez...be realistic. Have no fear, though, capitalism will solve this problem just the way you'd like, by Microsoft starving out all opposition with their cash position. The better product wins, right?
Don't you mean unsecure or should I pull out the couch now?
Is CmdrTaco so fat his penis has fully recessed then??? I guess it has become like a clit for him.
What optimisation do you use to work out the optimisms... I usually use Wine but some of my hAx0r5 friends sometimes are to use OpenOffice (admitibally when they have had a few drinks)!
"Should Microsoft's software be treated any differently than, say, automobiles?"
I've never been physically injured from a PC crash.
follow the 'reasonable man' approach.
i write code. i create bugs, this is a normal
course of affairs, i'm only human, don't try and stop me from doing this or find it wrong.
However, when an issue is brought to my attention, or there is an issue which normal testing and diligence should have found, it is my responsibility to fix it. If i don't fix it within a reasonable time (6 weeks?) then i should be legally responsible for the damage.
well, for the joke that sprang to mind immediatly:
It goes;
A Mechanical Engineer, Marketer and Programmer were driving in the mountains, when the car's brakes failed and they crashed into one of the breakdown barriers (big mounds of gravel to stop trucks).
The Mechanical Engineers says, "I will look under the car and determine why the brakes failed, and how to fix it so it does not happen again".
The Marketers says, "I've got to tell the car company, so that word can get out if this needs to be a recall notice".
The Engineer and Markerter look at the Programmer who says, "I think we should push it back up the hill and see if we can get it to crash again".
Think about it... this seems very close to Microsoft's Mentality: all windows users are crash test dummies.
Case(s) in point: The remote code execution in Windows Media Player that allowed content to be executed (similar to the MIDI flaw in dx9.0a and below) was fixed in 6.x versions and re-opened in subsequent versions, not once, but at least 3 times!
The RPC vulnerability wasn't fixed until the second time, hence the need for *another* patch because Microsoft had not FIXED the vulnerability, just enough to protect against the first exploit.
(little dutch boy story ring a bell, mr pavalov?)
And their strategy for integrating everything into the OS is actually driving XP users back to 98se.
Yes, 98se where the IM client, browser, outlook express, media player, passport and another half dozen things aren't integrated into the OS (as proven by 98lite).
Why?
It *annoys* the piss out of people.
Wonder why?
Have you read the moderator guidelines? Well, have you, PUNK? (and I want a Karma: Gnarly option)
Should Microsoft's software be treated any differently than, say, automobiles?
No, it shouldn't. This would perhaps slow down software development a bit, but commercial software manufacturers should have similar responsibility over their products like any other industry.
Like our (Finnish) Product Responsibility Law points out (not literally but practically): "Manufacturer must repair manufacturing defects, whether the product still has warranty time left or not, or give a full refund." This should mean: "I just (2003-10-03) found critical bug from MS-DOS 1.0 - please fix it or give me my money back." (Provided that I still have the invoice or other proof of purchase somewhere.)
“Wait for Hurd if you want something real” –Linus
Though I am adamantly opposed to shrinkwrap "licenses," the one thing they do that I happen to agree with is the disclaimer of liability.
Writing solid software is hard. Writing solid software to run on cheap, unreliable hardware is even harder. Though we ridicule software vendors, crashing software is a fact of life. One day, new technologies or engineering practices may appear to make writing reliable software easier, or to allow the user to "reverse" the machine back to the last known good state so they can at least save their work. But for now, software is flaky and, undesireable though it may be, users need to plan appropriately.
That said, however, I believe there should be an exemption to the liability shield. Off the top of my head, the following factors should be considered to determine if liability should apply:
The scale of each factor would be weighed to determine whether the software vendor should suffer liability. This standard should be set fairly high. If a company is consistently pro-active in correcting bugs, releasing patches, and informing users; or the failures are comparatively minor; or their products exhibit failures on a comparatively rare basis -- in other words, if they are clearly a good, conscientious citizen of the computing community -- then the vendor should escape liability. OTOH, if a company can be shown to persistently use flawed methodologies and designs, and they regularly ignore bug reports until the excrement hits the rotary impeller, and the bug can cause widespread havoc, then the vendor should be exposed to liability.
Needless to say, Microsoft's 25-year history of releasing junk and not giving a $#!+ about it should be a reasonable foundation for a liability suit.
Schwab
Editor, A1-AAA AmeriCaptions
Like were FORCED to not to use microsoft ?
So the government in its history has never put the screws on Criminal companies that STEAL through monopolies.
Ever heard of the Bells ?
I enjoy the irony in your statement " the gov forcing people"
When in fact it's microsoft forcing everything.
This is fundamentally different from something sold for its utility but with no attendant literary or educational value.
Lacking <sarcasm> tags,
I put out some free Perl & PHP code, and planned to release some more next week. But I partly rely on the BSD license to protect me from liability. What does this case mean for someone like me? While I think I'm such a good programmer that eventually my code will be super-tight, I know I'm a poor enough programmer that it will take many iterations and bug reports to get there. Should I only release code when I'm certain no security issues exist (which probably means I'd never release stuff)?
My Greasemonkey scripts for Digg &
OpenBSD: Only one remote hole in the default install, in more than 7 years!
Microsoft: Where do you want to go today?
All this time, I thought Microsoft was talking to their customers when they were really talking to the hackers and script kiddies.
A programmer is a machine for converting coffee into code.
Hey kid. This post is so damn stupid, I don't even know where to start. Don't post here again until you have some pubes. Go play somewhere else. Fuck off.
Offtopic? Do /. moderators have any sense of humour??
"You lied to me! There is a Swansea!"
I thought that the reason that closed source software was so great was that when you buy it from someone, you've got indemnification? Someone to turn to when it all goes wrong?
So - when it all goes wrong every other day - isn't the point that MS has to indemnify their users, i mean, that's why we bought it, right? If your software goes to shit - then Microsfot will indemnify you if you lose everything important, or if you die when your BMW 740 goes crazy. That's why OSS sucks, right? Cause you get no indemnification?
I like this lawsuit because of this reason, than if no other.. MS is clear in its EULA - MS WILL NOT INDEMNIFY USERS. Not any more than IBM will... or HP will, or any OSS...
other than purchse price - and if that's the case - then wtf don't you start off with free to being with?
And what's worse - users MAY get indemnification - its just for a portion of the cost of the product... like $10 for that OEM copy of Windows or $75 OEM copy of Office - since they will be found only partically at fault for the virus/worm problem.
I like this lawsuit because the whole bitchfest about indemnification will be exposed to the light - IT TOTAL BULLSHIT.
You get jack-shit indemnification from Open Source software, just like you get it from Microsoft.
guns kill people like spoons make Rosie O'Donnell fat.
...and the businesses that use their software were coastal Alaska, does the sea life have to clean the oil off the shore every time one of Microsoft's products is exploited for it's insecurity? Why is a software company treated any differently than an energy company when something happens that involves their product and harms it's surrounding environment? It's about time a law suit like this came around.
If anyone attacks my car while I'm driving it, I could very well die and/or cause the deaths of others. This is not controlled by the government- it's just illegal to attack things.
/lock/ them in order for them to do any good. You can't sue the maker of the lock when you didnt lock your door.
Come on, people! I thought that we were against making extra things illegal when the crime itself is already illegal. This is worse than the DMCA, here- it would be like making, not the piracy of music, not the tools to pirate music, but the MUSIC ITSELF illegal, because it is "flawed" by having poor security.
No, I'm not saying that this is an ominous first step towards making music illegal, I'm saying that those who support this are fucking stupid.
Make the CRIME ITSELF ILLEGAL- no one is liable except for the criminals themselves.
If someone makes a faulty lock, they may be liable when someone slips into your house. But if you leave your doors unlocked(no firewall), or invite people in (opening e-mail attachments), only the person doing the crime is at fault.
Houses come with locks- but you need to
Do computers come with locks? Not always. Is there any express or implied protection which comes with a computer? Hell no.
Stay off the internet.
-- 'The' Lord and Master Bitman On High, Master Of All
I think the parent is making an insightful analogy. compiled code is to open source as restaurant food is to home cooking..
I would liken oss projects like a microwave dinner (after all you may have added some seasoning for your own benefit but you didn't create it from scratch).. and in that case if you followed the instructions and your tv dinner still made you sick or killed you, who's responsible? you are. because there are governing bodies in place to insure that tv dinners are approved before you can goto the store and buy one.
perhaps we need the same thing for software. of course compiled code is out've the question (why should code ever be compiled for distribution anyways, just build the compilation step into the OS, the whole compiled code = secure code fallacy needs to be resolved).. anyways I better shutup before I get more flamebait mods today
bite my glorious golden ass.
the manufacturer is not held responsible.
If someone breaks into your car, the manufacturer is not held responsible.
Yes software should stand up to normal abuse, lets look at cars, ok if you drive it the wheels should not fall off. However should Car manufacturers be responsible for cars being broken into? I left 1000 bucks on the front seat of the car and someone smashed the window, clearly thats Fords fault for not making the windows stronger. A professional thief can open my car in seconds, I could have a more secure car but it would cost more. So the question is.... has microsoft made a good enough effort to secure their product? Well... probably yes, the problem really is they are the number one target.
James
Capitalism does not work with operating systems.
.
Making the BEST os at the best value price means nothing here.
I like that statement you made " Microsoft has an advantage "
Their 'advantage' is that they are criminals that have LOCKED in 99% software makers in this country. So if your dependant on a certain software then you have to use microsoft
It will NEVER end until the government does what governments were created to do with WHITE COLLAR crime as in ENRON's case . They are created to STOP crime.
And if you say microsoft is not a criminal organization then your wrong.
Didn't anyone notice the part in the licencing agreement, you know, the one that's been there since the first Bill Gates version of DOS, that says there is no warranty of suitability in any of microsoft's products?
It doesn't get any clearer than that. You use their products at your own risk. They have said this since day one. You may notice that hospitals don't use microsoft products to monitor or run critical machinery, right? That's because... you guessed it... Microsoft has NEVER EVER EVER said that they guarantee their software to do anything correctly or consistently.
People wonder why medical and military equipment seems overpriced. This warranty/guarantee of suitability is one reason. Whenever someone's life is at stake, the software and hardware must undergo a significantly more rigorous testing and validation process to provide the guarantee that it is suitable for a specific task.
Again, check that license from Microsoft, because it's always been there, one of the few parts of the license that never ever changes.
It's kind of like suing a shoelace company if your shoelace breaks and you trip. The shoelace is designed to hold your shoe on, everyone uses shoelaces, and people depend on shoelaces every day. But where does it say that the shoelace is guaranteed to actually DO anything?
Find the part of the Microsoft product licenses that say their products are actually certified to DO ANYTHING AT ALL, and you might have a lawsuit, however you'll find that the license specifically states the opposite.
So the people who actually expected a MS product to work correctly need to quit whining and stop putting all their eggs in one basket. Everyone knew that principle long before the first computer was made and it's no different now. The only people who profit from a frivolous lawsuit like this are the lawyers.
People should know not to count on Microsoft products for critial uses. As far as the car reference, it's like counting on a '78 Yugo to keep you safe while you drive 90 down the freeway. It's not a secret that Microsoft's products aren't secure and reliable.
"Just to be clear, it's ok to talk about the leak and the possible implications, however we'll nuke you and your family if you even make the most slight clever hint of where to download it or even screenshots of it."
Nice people...
This man speaks the truth: "if I were on life-support, I'd rather have it run by a Gameboy than a Windows box"
-- Cliff Wells, 2002.03.13, in comp.lang.python (original UseNet article)
This isn't new; many people have had this idea before, including me, but this is the first time I've ever seen a state actually trying to *do* something about it.
California, I admit that I haven't trusted your judgement that much of late, what with your energy scandals, your various boneheaded court decisions, and currently the California recall... but I support and applaud your efforts to hold Microsoft accountable to the consumer again. Who knows, maybe we'll see a Microsoft recall next.
pb Reply or e-mail; don't vaguely moderate.
I don't know if this is a good or bad idea. My emotional gut feeling is yes, screw Microsoft. My practical feeliong is that is Microsoft can be sued eve open source and free software can be sued. That wouldn't be so good.
If you don't like what I write don't be a CS and mod it down. Refute it.
Yea I can't spell. So what is your point?
i've never seen a licenseshrinkwrapped car.
;)
but then again i'm 30 and i dont drive.
also, i believe the number of people ever killed by MSFT faults divided the number of people killed by a car in the last 30 minutes approaches infinity.
but i guess talking about that wouldnt be good for banner sales
Personally, I think they (and much of the rest of the industry) should be held liable for pushing all of this technology onto an unsuspecting public that frankly isn't ready for it (or vice versa). The state of the art these days is still such that the grandfathers and housewives and (to a lesser degree) schoolkids of today can't make it work properly.
The automobile began as a toy for tinkerers, then spent a few decades as a luxury for those who could afford to hire those tinkerers, and didn't find its way into the driveway of every home until the technology was actually ready for non-technical users. Computers got rushed into the public's homes much faster, largely by vendors insisting that they were easier to support than they really are. Compounding this has been the strategy of using low-cost components to bring the price - and level of reliability - down.
There's a principle codified in the Uniform Commercial Code that a product that is sold by a merchant (i.e. one whose primary business is involved in selling products of the given type) must be "merchantible," meaning "fit for the ordinary purposes for which such goods are used." UCC sec. 2-314. This is called the implied warranty of merchantibility. It may be explicitly disclaimed in a written contract (and every EULA includes a term disclaiming express and implied warranties of merchantibility).
Here's the rub: retail software sales are clearly sales. When you go to the store and buy a pc preloaded with MS Windows,or even a boxed copy of windows, you are not presented with a contract at the time of sale. You pay your money and leave with a box - clearly a sale. Only when you boot up your new computer for the first time, or install your new OS do you have these new non-negotiable terms sprung on you without your approval or consent.
First - a "take-it-or-leave-it" contract like a EULA purports to be is called a contract of adhesion. These contracts are enforceable, but courts are generally inclined to take a close look at adhesion contracts where one party has disproportionate power over the other.
Second - In the real world, one party may not unilaterally add to or amend a contract, or impose terms on a sale, without the consent of the other party. (They can try, but the new terms will not be enforceable in court.) "Aha", says Microsoft, "but you agreed! You clicked 'I agree.'" Well, wait a second - what are your alternatives? If you bought a boxed copy of windows, the retailer will not, as a matter of policy, accept a return. So basically Microsoft (and every other commercial software vendor) is saying to you "We already have your money. You're not getting it back. Now agree to these additional terms or get bent." I rather suspect a court, even an extremely conservative one, would take a dim view of this arrangement. (except in Virginia and Maryland, the two UCITA states where click-wrap EULAs are explicitly enforceable.)
And since we're on the topic of adhesion contracts and Microsoft, how about the additional terms they add when you use Windows Update to fix new vulnerabilities? Talk about strongarm tactics - "either accept these new terms or accept that this software which we sold,er,licensed you with network capability (but of course we claimed it was fit for no purpose at all) is no longer suitable for its advertised purpose." Bite me. That's not duress, but it's it's damn sleazy.
</RANT> Whew. I'm not a lawyer, and none of this is legal advice, of course.
-Isaac
I am not a lawyer, and this is not legal advice. For Entertainment Purposes Only.
I realize that the EULA of almost all software says if it doesn't work, its your problem but, what if I run a totally Unix shop and don't have any Micro$oft products anywhere and don't use any but, my services are rendered useless due to high volumes of spam, sql queries, MSRPC calls, large virus attachments etc. all aimed at M$ products. Would I then be able to sue them for the poor quality of their product?
Banjo - The more I know about Windoze, the more I love *nix
If a driver tries to change lanes while another car is in that lane, there is no clippy that jumps up and explains that such an action can cause a crash and perhaps severe injuries.
...
If a tire blows up at high speed, there is a good chance that you end up in the ditch (at best).
A malicious person can hide a bomb inside your car that blows up when the engine starts, killing you outright.
From the article post: "Should Microsoft's software be treated any differently than, say, automobiles?"
Only when software is the cause for either serious bodily injury or death. Using automobiles as an anaolgy is flawed on so many levels...people need to get a better example.
Software should be treated differently than automobiles. Because it is very different than automobiles! [insert expletive and aggrivated shake of head]
Your analogy, sir, is faulty!
~ Aero
I honestly like and use windows everyday (in addition to my mac) and I don't mind their terrany as much as some people on slashdot, however with the recent trend in really annoying virus's, seriously lowsy and slow to respond security patches, not to leave out the fact that windows update got FUX0R3D a while back....I'm coming to the conclusion that i'm fucked unless something changes. But my options are limited by these 2 problems:
1) I can't switch to linux because it does not have the software I run (and no the open source counterparts are don't work either)
2) My mac is great, but call only fill about 90% of my daily work activities...there are just "some" things I need a pc for.
With that i'm left to rely on MS to come out wiht a new version of Xp with some new added feature, but it will still have "SOME" flaw in it. What I would like MS to do is NOT release another version of windows until this one is totally SOLID if that means I have 2-4 more service packs to get in the next year thats fine, i'd rather see that than a new XP-64bit version - SAME DAMN THING AS XP BUT 64bit - lady friggin da
Maybe i'm asking too much....
Ave Molech Setting
My car's manufacturer would be responislbe if it was a Were-Car who's headlights turn unsuspecting robots into where-cars that spread the disease exponentially, expanding with each generation.
Microsoft clearly places advertising as a higher priority than security, to the detriment of their subjects^H^H^H^H^H^H^H^Hcustomers.
For a serious analogy, an automaker should be held responsible if their cars could be unlucked and started by tapping the hood a certain way, and the same problem kept recurring in many models despite being absent in competitor's models.
This is not about Winshit breaking down every chance it gets; this is about recurring security issues resulting from vulnerabilities that are never quite fixed.
As for crashes being litigatable, I lost a year's worth of source code when my last Windows machine corrupted its allocation tables. (Then again, seeing as how that got me to switch completely over to unices, I consider it a profit. I guess I can't sue, but I'd love to see M$'s lawyers make the point that I didn't lose anything in the crash because of Linux's superiority...)
You can't judge a book by the way it wears its hair.
Its an all or nothing thing here, cant point fingers and claim immunity..
I agree that gross neglect should be dealt with, but I'm not sure this is the way.
It could ruin the entire software industry, requiring expensive insurance, government licensing, etc...
---- Booth was a patriot ----
I'm not sure if Microsoft's license includes anything about liabilities and what not, but the open source licenses do. I imagine that if Microsoft can be successfully sued, then open source can as well. Personally, I think that anyone who is stupid enough to believe Microsoft's hype and never bothered to consider the downside of using overly-user-friendly software gets what's coming to them.
I want to see them win this suit.
Why?
Because Microsoft winning will completely destroy the "there's no one to sue if it breaks" argument against open source. B-)
And it will rub the PHBs' noses in the fact that Microsoftware is expensively buggy and that risk, which is practically impossible to insure against, comes straight off their bottom line.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
It is my understanding that Class action lawsuits are generally done to the benefit of the lawyers filing the complaint, as they are the one's that usually walk away with most of the $. This is probably a case of some lawyers reading recent security experts statements to the effect that a homogony of computers hurts security, hoping that Microsoft would rather settle for a relatively small sum of cash than a lengthy court battle, and praying that Microsoft's reputation for security would tip the scales in their favor. I do not believe that anything will come of this; Microsoft seems to have its bases covered in respect to liability.
Of course I also thought the SCO v. IBM case would go nowhere too.
Also - IANAL
There in no religion higher than truth.
There should be some law or penalty against meaningless lawsuits. There should be some law or penalty against predatory lawyers. There should be some law or regulation to give the profession of law some credibility.
Liability is a tricky issue. It's really a function of the maturity of our industry.
In 1910 if every single Model-T produced had a defect that caused the brakes to fail what would Ford's liability have been? Probably very little.
In 2003 if a guy is driving drunk at 80 MPH without a seat belt and his tire blows causing him to roll over he can sue the auto maker and win.
At what point did the transition occur?
It's all a matter of professional status. Are the creators of software a professional group (like doctors and auto makers) and therefore liable for the mistakes we make. (Professional status is more than simply getting paid for a job)
It's a tricky question to answer. Has the art of creating software advanced to the point where we can demand that institutions warranty their products for a particular purpose and be exposed to liability if those products fail? Should individuals be held to the same standard?
I personally think we're in a period of transition. Methods exist to create software at a much higher quality standard than is currently commonly available. It's time to start expecting SMALL levels of liability to encourage these methods to be adopted across the industry.
This will encourage individuals to learn new methods. It will encourage corporations to give their developers the tools and (more importantly) the authority to follow practices that produce better software.
If we start down this path maybe someday I wont have to chuckle when someone calls me a "software engineer"
I hope the court grants some degree of liability while at the same time realising that what the industry needs is baby steps, not giant leaps.
There are plenty of other states that will gladly take the companies that you piss off by suing them. Keep it up and you will find yourself both bankrupt AND alienated.
I wonder if the solution to this problem will be crippled software like other consumer goods.
I mean "solutions" like having to step on parking brake before you can put your car in gear or having to press a button on your automotive GPS before you can navigate with it.
Or possibly huge warning labels like you find on ladders or on your car visors.
Who's to say the unintended consequence for this kind of lawsuit could be to have very large popup menus before internet access is enabled each time you use your system or mail is read?
Maybe the outcome will be having Trusted Computing forced upon us?
Should this class action go through the courts and succeed, it sets a hell of a precedent. Specifically, it implies that software should be thoroughly engineered and reasonably defect-free prior to release, with no damaging defects at the point of release. It essentially also says that releasing patches after the fact is not good enough (and that it's not the customer's responsibility to apply them), which causes two minefields I'll try and touch on later.
Trying to enforce defect-free software is a great idea - except that, as we all know, software exhibits weak-link behaviour, and that in turn suggests that you'd need to get rid of 100% of defects to be absolutely certain that no damaging defects exist. You can't over-engineer software in the way you can, say, a building, to protect against potentially damaging structural defects. Oftentimes, over-engineering software makes it more prone to the kind of defect that makes the software useless.
This precedent I percieve in turn means that the open source community - specifically, the people "managing" a given software project - are open to the same kind of litigation as, well, Microsoft are facing. I sure as hell don't want to be sued because my software's not perfect...
As for basically disregarding patches, well, that raises one major issue: it makes the vendor responsible for deploying those, which in turn either requires a "returns" policy on software (unworkable!), or requires that they have the ability to deploy software (privacy issues).
In short, this disquiets me. While I've been waiting for this kind of legal action to happen for a while, and in the long term it'll probably lead to much more reliable, much better software, I don't think the software industry as a whole is really ready for this kind of thing yet. Frankly, we still suck at making reliable software, and that's not just something Microsoft can take the hit for...
"What does this mean for small-time geeks?"
If you write something and it displays font 1 pt bigger then it is supposed to, then probably nothing.
If you are selling software that is supposed to adjust the control rods in a nuclear plant and fails, a lot.
Here is the mandatory automobile analogy:
You cars tail light goes out just after you take it off the lot, do you sue? probably not.
They may not be liable to fix it, but probably will. Just like a tiny bug in software.
If you are going home. the electrical system burst into flame, then explodes, should your widow sue? yes. I would also say, if it was a known problem that was covered up, executives should go to jail for manslaughter. Possible murder 2, but I have no idea what that is, I just say it on TV.
The Kruger Dunning explains most post on
If that's what you are, don't use any of my stuff.
a) Software is complex, hardware is unreliable, you can never prove that it works correctly.
b) The same is true for hundreds of other markets which do have liability laws.
c) Liability would hurt Free Software a lot (we simply can't afford it, since there's no income to offset any costs).
d) Liability can be limited to gross negliegence. It already is in other areas.
e) Liability can be limited by cost, e.g. your maximum liability is sales price times x. No sale, no cost.
f) The EULA clauses are not entirely safe. Depending on local jurisdiction, you can usually not rid yourself of liability completely just by saying so. In most of europe, for example, liabilities due to intent or gross negliegence can not be protected against by contract.
g) Yes, introducing full software liability would put Microsoft out of business within the week. Also most other companies.
h) Not introducing at least limited liability will damage the IT industry in the long run, as it will prevent the move to professionalism and reliability that every mature industry makes. I'm pretty sure the first cars weren't exactly reliable, either.
i) Software isn't the same as automobiles. Differences have to be taken into account.
j) The market place is not a panacea. Especially not when it has been successfully cornered.
k) It may well be one possible solution to decide that since Microsoft enjoys a monopoly position, their responsibilities (e.g. liabilities) are higher than everyone elses.
l) In the end, politicians will decide. In the US that means corporate money decides, in the EU it means party lines decide. Both will turn against software companies and pro liabilities exactly when the other industries has suffered enough from software bugs.
m) Until then, enjoy the show. Write Free Software, especially anonymous distribution systems. When liability becomes law, continue to write Free Software and distribute it through anonymous channels. Crypto signatures and public keys can make two-way communication possible without identifying the author.
Assorted stuff I do sometimes: Lemuria.org
if this class action is awarded any damages, SAY GOOD BYE TO OPEN SOURCE. GOOD BYE APACHE, who cares if their license has the same disclaimer of libaility as the EULA if the EULA doesn't block it?? Why even think contracts are worth anything?? HAH
As I understand it, with open source software, you own the software when you use it, in the sense that you are allowed to make modifications, and the license does not allow anyone to control what you do with it (modify it for personal use, etc.) With Microsoft's products, you license the program, which may place them at more of a liability for what happens with it. Would that make a difference?
warning: This post is likely to contain gobs of dripping sarcasm. Consume at your own risk.
I'll admit that I am a Microsoft hater. However, unlike most slashdotters who have the "open source good, microsoft bad" slogan as their religion, I am not ignorant (or at least try not to be, heh).
So here's my opinion on this lawsuit. Microsoft creates bad software. It has done a severe amount of harm to the world. However, it only does that harm because people allow it to. Most people know how insecure Windows is, but they insist on using it anyway. I have no sympathy for them when they whine "wheh wheh wheh, i hate viruses".
However, they have committed no crimes. As much as I hate the company, they have all the right in the world to create shitty software. They only continue to do it, because there is demand for it. Supply-and-demand is no crime. As much as I'd love to see Microsoft get sued into the next millenium, let's have it be for an actual crime?
*cough* anti-trust *cough* (Wait, they were sued into the next millenium for anti-trust, literally!)
Hypocrisy is the 8th deadly sin.
Best outcome for the free software guys would be a policy that "If you buy defective software (any SW with any bug), you can return it to your vendor and get your money back.".
I think the oft-seen comparison with the car industry can provide us with some leads:
If your brakes fail for no reason in a new car, clearly the car manufacturer should be held responsible. If they fail because you haven't brought your car in for a checkup in the last ten years, it's your own fault. If you drive into a hydrant at 20mph and the car explodes as a result, sue the manufacturer. If a truck hits you at 100mph, too bad.. it would be a joke to suggest the manufacturer neglected car safety.
To translate such analogies into the language of software and operating systems is of course a huge task. But that's what lawyers are for... let's hope they do a good job for once!
crappy OS like windoze needs to get banned
http://www.pivx.com/larholm/unpatched
a trojan horse, with dangerous, KNOWN bugs in it for months, if not years!
However, the insecurity purposely designed into software (e.g., macros in your documents, automatically running executable email attachments) should be more susceptible to legal action. What is Microsoft thinking allowing any old program to run?
The Precendent would be if someone tells you about a flaw and you do nothing in the Next version Heaven help you. Blaster was a verry old flaw Microsoft says RPC flaw but it old name is NetBios flaw. It was found and know about back in NT so what is new a Known flaw not being patched for how many versions.
Ie Not liable if at the time to the best of what you knew there was not a problem. Liable as hell if you ship it out the door and you do know and don't Tell them. Not liable if you told the buyer what the problem was.
Basicly the protect contract is only legal and binding if you are not commiting a crime or lieing to the person or hiding something from the person that they should know when it was written. What is Microsoft doing the same as selling a person a block of land with a house on but you forget to tell them that it has burnt down. So the aggree contract is null and void so the buyer is can get there money back and the land is returned to the seller.(translation you get your money back and you give the software back note this maybe with intrest this is even handy for a person wanting to update the windows NT server ie get back the money they payed on software to Microsoft and buy a New version Due to price changes you might even get change)
Ie if Microsoft listed there flaws open to the public they could have been claiming that the person should have been fully aware of the problem so they are not liable but microsoft has tried to hide the flaws so making the contract null and void. Basicly attacking linux programmers would be hard.
Now this gets even worse because if the person is changing from microsoft to linux/freebsd or something else they will be able to claim a full refund on the software they got with the flaw. Microsoft will not be able to claim useage due to the user being able to claim the they where tricked.
Now this is were linux sales system works again. You were not buying the software but were buying the manual and techsupport and media so a full refund on the software is $0.
The problem is contract Law it is about time it was used.
Note Damages only come into effect due to the contract being Null and Void. So if a programmer is open and truthfull they have nothing to fear because it would be almost imposable to make the contract Null and Void It would have to be a discovered flaw just after or just before a sale.
Ps I hope this covers my stuffed Windows 95 CD microsoft will not replace.
If they can obtain a judgement against M$ for shitty software, then that means that the standard waiver of liability in the EULA is not enforceable, which likely means that the similar waiver of liability in the GPL, etc. is not enforceable, which means that you and I could potentially find ourselves in the same position for something we gave away for free, not to mention the effect it would have on those who run mom-and-pop software shops.
There is a mechanism in place to pressure M$ (and all of us) to ensure product quality: competition.
I think that Windows sucks; but Windows 2000 sucks quite a bit less than 98 did; It seems that M$ has taken notice of the alternatives, and is beginning to come around in terms of security and quality of their software (not saying that they don't have a long way to go, still) presumably due to market pressure.
Besides, look at it this way: I hate Windows because it sucks; If/when M$ improves the quality of their OS (and other software), don't we all win?
I am a Linux fan; but if M$ produces a product that is truly an attractive alternative, from both quality and price standpoints, I am not going to ignore it because of some "religious" viewpoint. (Nor will I bother myself with Windows until they do).
The point is, this is a textbook example of a situation where the govmint should keep out of it, and let capitalism/competition work things out naturally. People are just beginning to be exposed to Linux (and others) as real alternatives; M$ will naturally have to improve, or die.
After thinking about the whole liability issue, and the (poor) comparison to cars, I haven't come up with an answer. With the forementioned alleged electrical outages caused by worms/viruses(which I give little creedence too), it's possible that a voracious worm could shut down a power grid, and someone could die. A couple of people have advocated pulling such vital infrastructure as power stations, hospitals, etc. off of the network, but they NEED to be on the network for monitoring in the case of power plants, insurance record access for hospitals.
The underlying problem is Window's saturation of the market. Blame whoever you want(Bill Gates, Andrew Boies[sp?], Novell for not developing a real network server), but the reality is Windows is installed on the vast majority of computers, including those in the forementioned infrastructure.
The solution, whatever that will be, will work itself out in the marketplace. Companies have already started to openly discuss other OSs, and that migration will either make M$ respond by making their software more secure or losing marketshare. It's not going to happen overnight, or even over a couple of years. Windows is so engrained into business, that it's going to take twice as long to get rid of it as it did to get to it's position.
I agree that Microsoft has made marketing and growth the one and only priority for their products since the late '80's, to the exclusion of *anything* that would slow their product introduction cycle. The trojan/virus/worm transmission systems named IE and Outlook were brought to market without a thought for the security of their customers. I believe this is inexcusable. I believe the whole experience shows Microsoft's contempt for their customers. (So... If you use Microsoft Windows, everyone owns your computer but you: The crackers get access through Microsoft's endless vulnerabilities, Microsoft gets access because it's their software, and Microsoft-friendly software vendors have their spyware tricks.
It'll be a great day when software companies are held to standards like automobiles by gov't by and for the people.
I for one am tired of this breakneck innovation in this industry. The auto industry has stagnated nicely for the past 50+ years, I think a nice constant is preferred over any sort of change and advancement.
Plus once laws are passed by the US to kill the US tech edge, third world countries or maybe even China or Russia can step in and start making advances in software and run the risk of lawsuits for us!!! Hooray!
If you think lawsuits like this are good hats off to you, you're an idiot. This is a job for the marketplace. Company A makes crappy product, Company B is free to make an uncrappy product, no need to get the gov't involved here people.
-- taking over the world, we are.
Doesn't M$ have a history of penalizing people that report bugs, including pursuing them with legal action ?
I'd be very wary of reporting any bugs to M$, now that there is the DCMA and all; it is not worth committing a crime, or potentially committing a crime, in order to tell M$ about a bug, esp. if they are likely to negatively reward said reporting.
Hmmm, I dont know, but in the world I live in, it takes times to fix problems. Especially when you need to test for unintended consequences; its hardly intelligent to fix one exploit but create a few bugs or exploits in the process. Especially considering these patches need to be installed on mission-critical servers.
Manipulate the moderator system! Mod someone as "overrated" today.
I'm not convinced that capitalism holds the answer for how to run public utilities or monopolistic operating systems.
I think (?) that the paradox of the aggregate comes into play here, and is especially sharp when corporations driven primarily by short-term profits are involved.
They lack incentive to plan for the common good in ways that do not benefit their bottom line; they have incentive to cut corners and sacrifice the common good in ways that benefit their bottom line.
Obviously I'm suggesting that we, as a nation (the U.S.) are allowing ourselves to become more and more vulnerable, because we are not securing our infrastructure, neither the physical nor the electronic (and as the NYS blackout showed, they are inextricably woven together). By leaving these to corporations interested in short-term gain, who have no competitive (!) disincentive to ignore disaster threats, we nearly guarantee that we are becoming less and less safe from disaster threats.
This is ridiculous... if MS Software sucks, STOP USING IT. No one is forcing anyone to use MS software. If it's crappy and full of bugs, use something else. I feel no sympathy for these people.
Confucious say: "Is stuffy inside fortune cookie."
Microsoft already has the ability to kill
(literally) it's users. If you would
check the specifications for the BMW 745
automobile, you would find that it has a
network of over 40 microprocessors run by
Microsoft WinCE. And I don't believe this
vehicle will pull off to the side of the
road when it catches a virus.
Does anyone know if NAI or Symantec makes
AV software for the Beemer?
I think that relating automobiles to software is somewhat of a poor relation. For instance, with cars you know that some of them will be in accidents. You can test the cars getting hit from all different directions and make sure that they are safe before they go into production. With software, however, it is nearly impossible to predict what new attacks people will come up with to break your software. Now, I'm not saying that security holes should be tolerated, or that you can't test for them to some extent; I'm just saying that its not like a car where you can test all the possibilities before it is released.
SIGFAULT
There's a substantive difference between the nature of the failures in software and the car that rolls over - the hacker. The software defect, in and of itself, is not harmful. It is the person who exploits it that is at fault here.
This doesn't excuse incompetance, but as has been mentioned, the market will take care of defects - as long as there is a viable alternative. Who would buy a lock that doesn't keep a door closed, as long as you can get one that can.
It would be a grave error for the software industry in any form to take resposibility for keeping everyone who wants to cause trouble from doing so. No one will win, and softare will end up as over regulated and lawsuit scared as airplanes and medical equiptment - for the wrong reasons.
Doesn't M$ have a history of penalizing people that report bugs, including pursuing them with legal action ?
No. If they did, the people that find the exploits wouldn't bother reporting them. You'll notice that in a lot of the knowledgebase articles they give credit to the people who discovered the problem and thank them for their help.
So, analogies to "the real world" in relation to computing, especially security, is off limits.. except when it comes to Microsoft? Nice system.
I have always said a security exploit is only an exploit when someone takes advantage of it. It is in that moment that the hole becomes a problem.
What is more upsetting to me is simply that computer failure is being compared to automobile failure.
You simply cannot compare the two. They not only two different ballparks they are two different games. If a computer fails to be secure because some guy who has a preternatural talent; hacks, cracks and compromises the security of a computer system... no ones life si threatened. If an automobile fails to do its task of braking or turning lives are put to a risk. People can and will die in the event a failure occurs because an engineer screwed up. That is unexcusable.
The mere audasity to compare computers which do not effect the ebb and flow of ones life span versus an automobile that has to work or people die is just wrong. It shows lack of compassion for life.
For once I am hoping M$ won't get pounded on this one. Someone or something needs to define where the responsibility line is. They would need to categorize software.
Most of the M$ software would probably rank as the most responsible on that scale.....But the line needs to be defined. Otherwise we will have enough lawsuits to go around to keep the bubble growing.
Why does MS have to take resonsibility in this lawsuit? When an exploit is discovered they create patches to remove the hole, which at that time no one knew existed. Even Mozilla (current browser) has had not only security holes but bugs that rendered the browser super unstable. It crashed quite often. No one is sueing them.
We could even attack IBm for the faulty disk drives they made a few years back that would just crash. Whats worse than a security hole? Losing all the data from all backups. At least with the Blaster.A worm you kept your data.
If we start suing for all the flaws and crashes and security holes etc... for all companies... Sony is screwed, IBM is screwed, MS is screwed... etc... (I ran out of periods) Everquest is buggy as hell, it crashes all the time, it is unbalanced, random mice appear from time to time. Where is the lawsuit?
Should Microsoft's software be treated any differently than, say, automobiles?
If software should be protected as free speech, as most everyone around here agrees, then the obvioius answer to this question is, Yes.
If Microsoft can be sued for flaws in its software, so can everyone else. And "everyone else" does not have the money to defend themselves. There are many ways to fight Microsoft's monopoly. This is NOT one of them.
Are automakers held responsible when someone breaks into your car using a jimmy or breaks the glass with a hammer? Or pops your tires by throwing nails on the ground? These are security exploits similar to Code Red and SoBig and Slammer and Blaster, etc.
If people didn't try to break into your Operating System, there wouldn't be a problem. Automakers aren't forced to redeisgn locks or equip cars with shock-proof glass and no-flat tires. Software designers shouldn't be forced to design software to be secure from unauthorized entry. It's a great feature, but it shouldn't be required unless the software is advertised as being secure.
Then you are a fucking idiot.
If I don't keep my tire inflated and it blows out on the freeway, I can't really sue the automobile company. Likewise, if Microsoft releases patches and I don't install them, then I also should have no recourse.
Of course, if a worm/virus exposes something that Microsoft knows about and does not fix, that might be a different issue.
Kinda funny. The title blames Microsoft for "Worm Holes"...
Believing in "marketplace" naturally regulating the quality of products in a market, weeding out the crappy products, is fine and cool. But actually getting off your ass to make sure that "marketplace rules are applied" is quite another business.
In Soviet Russia, our new overlords are belong to all your base.
The company I work for writes bespoke code to control industrial X-Ray systems (we also build the industrial X-Ray systems). I know that a vast amount of the software we produce is not written securely usually due to time constraints and a certain level of ignorance among our developers about how to write secure code (Book clicky Sun atricle clicky).
I applaud the exposure that this case will bring to the need for secure code in all applications, but wonder what reprocussions it will have if a precident is set that companies can sue for failures in code security. Will the computing industry become bound by legislated saftey (or security) tests that software must pass before it is issued (i.e. as in the automotive industry as everyone is so prone to compare us)?
Not a tyraid just a wondering
Paul Gogarty
Is Ford liable if someone breaks into your car and crashes it into a tree, or steals the briefcase with those confidential corporate documents, or shoots you through the windshield?
Of course not. And Microsoft shouldn't be liable if someone breaks into your computer and crashes your hard drive either.
Ford isn't selling you a bulletproof safe on wheels, and Microsoft isn't selling you a hack-proof OS either. If it's a hack-proof OS you want, there are other (much more expensive) alternatives that will do a much better job of keeping your computer secure.
And inexpensive alternatives, like unplugging the internet connection. If Valve doesn't want people running off with their software, they shouldn't develop their software on a network connected to the outside world.
So yes, Microsoft should be held to the same standard as a car manufacturer, which means that no, they are not liable for failing to protect you from the malicious acts of others.
paintball
Like most I have used windows for years because it was easy, colorful and worked for the most part. About 2 years ago I went away from Windows, using Linux in its variety of flavors. I can without doubt say that these last 2 years have been the most stable my system has known (apart from when its off).
Microsoft lost their ability to have any impact on my machine & its tasks. For the most part I have worked in IT, being surrounded by computers, or rather operating systems that don't work properly for various reasons. It is true that just about anything is possible in software, but this is no excuse for the millions of windows computers that could fall over any time due to flaws in Micrsoft's operating systems or nasty people dedicated to writing viruses/worms that have the same effect.
To use the car analogy, it would seem I would get a more reliable car from Joe down on the corner than the large well known new car yard in the next city. Microsoft has no excuse. They should be held accountable. For example, I have spoken to roughly a dozen people in the last two weeks that have gone and bought themselves a new computer preinstalled with windows XP. All of these people gave me a call because after connecting to the internet for just a few minutes, their PC was either turning off or the connection was unusable.
This is ludicrous. What are these people meant to do with their 'off-the-shelf' copy of windows? Computer retailers are apparently not supposed to patch windows for *known* problems. Has Microsoft ever thought of these people, or are they so busy trying to keep their existing clientele.
I would like for just more people to say that its not acceptable for wheels to occasionally fall off Microsoft cars regardless of blame, and to go speak to old Joe down on the corner.
"This complaint misses the point. The problems caused by viruses are the result of criminal acts by people who write viruses," said Microsoft spokeswoman Stacy Drake
So MS are saying that it is not their responsibility to write secure software, it's the virus-writer's responsibility not to take advantage of it?
http://blog.nexusuk.org
I'm no fan of MS, but sure, software should be treated differently than automobiles, primarily because people's lives aren't typically at risk from poorly written software (and yes, I can think of instances to the contrary, but this is in general.) However, I see no reason why MS shouldn't be held accountable for financial losses caused by unreasonable security lapses in their software. I'm sure that if MS were looking at footing the bill across the country for all that IS overtime to patch software and fend off viruses, then they might invest a little more time and resources in their products before releasing them.
The problem with that is that, of course, no software is perfectly secure, but there ought to be at least a minimal expectation. After a certain point, one has to wonder what we gain by letting MS off the hook.
--Rick "If it isn't broken, take it apart and find out why."
Tissier made a Citron CX conversion, with inch-thick windows, armour-plated doors, armour-plated underside, two aircon packs to keep it nice and cool inside, and lots more goodies. Bloody expensive, it was designed for ferrying European diplomats about. It weighed about 3 tonnes, and just looked like a stock CX. It was about as fast as a Porsche 911, too.
Ironically, in the leaked source code for HL2 there are many buffer overflows ready to be exploited.
One such example of this is in net_ws.cpp:
Prehaps, since the game isn't ready for release the buffer overflows were not high on the priority list. But if Valve sued Microsoft for problems in their code, would Valve have several thousand suits coming their way for one of these exploits?There is a honking big exclusion clause in USC (legal code) eliminating all liability for software bugs/crashes etc. I don't see how this case has even a peg leg to stand on.
comparing a software product's price to the hardware it runs on isn't logical. Should we compare the costs of graphics programs to video cards? how about games?
Microsoft's OS is still not nearly as costly as some of the products that run on it. Their Office suite looks expensive, but price all the pieces out separately and see what you have. Don't even go looking at prices on graphics software, web software, and the like, some of it is unbelievable.
Lastly, poor little Apple ain't cheap with their OS either - and you really have less choice on that platform.
* Winners compare their achievements to their goals, losers compare theirs to that of others.
Gameboy has known hardware bugs. Jeez, even "INC HL" can cause sprite corruption.
I did not sign the EULA, I did not break the seal that suggested my agreement, I did not click any "I Agree" button.
I am therefore not bound by the MS EULA.
I do not use Microsoft products.
But when security holes in thier product allowed the Slammer to propogate I lost connectivity to the Internet (or large portions thereof).
It could be argued that I (or any business) lost time/money etc... through Micorosoft's security vunerabilities - yet I did not agree in any way to the MS EULA.
If you give away something knowingly defective ( remember we are discussing negligence here, not simple goof-ups ) you ARE liable for damages...
Free doesn't get you out of legal liability.
---- Booth was a patriot ----
If someone comes and breaks into your car and you try to sue Ford for it, they'll likely get summary judgement against you dismissing the case. Why is this? I mean Ford has to know that the locks on their cars are weak. They could potentially improve them (better locking systems are out there) but at a cost. Well the thing is, a malicious person was attacking your car in an unapproved way. This isn't Ford's fault, it is the burglar's fault.
Or how about if you decide to run your car into a brick wall doing 90 with no seatbelt and die. Is that Ford's fault? Again, no. YOU were the one that were operating the vehicle in an unsafe and approved manner. I'd also notice they know about, and can do something about this, to a degree. An 8 point harness might save your life in that situation.
Well these situations are precisely what happens with computers: Either a malicious person exploits it in an unapproved (and unforseen) way, or the user does something stupid they shouldn't. Now, since software is something where a fix CAN easily be issued to everyone, it is expected, unlike cars where a fix would cost money on a per car basis (and is therefore only done for faults that occur during normal operation), or sometimes is not possible due to the laws of physics. So, in a way, software has a leg up.
So I'd say the situation is quite similar. People do shit they shouldn't, problems occur. This is NOT the fault of the manufacturer, and nothing they can really prevent. Now, if they neglect to do anything about it, like release a patch, THEN they could potenitally be liable, but so long as they fix it, I don't see how anyone can reasonably claim them to be at fault.
Also, for the rest of you, pelase remember before you start pointing at MS, our law doesn't allow for laws to be made against one specific company. A law like this would apply to ALL software, including the small dev houses and the free software. Please note the receant OpenSSH and SSL exploits and think on if those products could afford ot exist if they had civil liability for that.
Why should proprietary software makers be held liable and OSS makers not liable? The answer is simple. OSS is open for examination. There are no "hidden" defects (unknown perhaps, but not hidden). Proprietary software is not open for examination and may contain hidden defects. You have to take the vendors word that proprietary software does what it is advertised to do and nothing more. You are relying upon the vendor's word, so that should carry some legal responsibility for the vendor. OSS should not carry a warrenty because the public is free to find and fix the defects themselves. You don't have to rely upon the distributor's word. You can examine it (or hire somebody to examine it).
I think this case will fail, ultimately, because it is too extreme, it seeks too much, it demands a huge stretch in interpretation of existing case law. But a ruling holding MS liable (and possibly the entire industry) to a REASONABLE standard of quality and care would be a positive change. To use the auto analogy, perhaps something along the lines of lemon laws that force the manufacturer to actually fix problems rather than inconveniencing the consumer with repeated half-assed repairs.
I agree with your main point, however. MS is currently the biggest blip on the radar, but whatever arsenal we develop to take them out will subsequently be used on smaller blips. MS should duck their profit margins long enough to rebuild a more stable base, one of the differences between their OS and others is the others have the luxury of avoiding the mistakes MS has already made. MS is still building on the same buggy platform. The biggest difference, tho, is that MS is the biggest target, the one kriminals are gunning for. Once they're out of the picture, those same miscreants will be focusing on other systems, and they will find holes, and they will exploit them.
-RI1
If you're a monopoly, then the government should be setting some special rules for you to abide by. A sort of guarantee of quality of service, I believe. Utility companies, for example, can't behave in the same manner as shoe manufacturers because you can always buy a different brand of shoes. But the local electric company has to run its business according to some government standards, since consumers have little choice but to use that company's electric service (I'm ignoring the differences between electric suppliers and the company that delivers it, which could be two different companies).
Which takes us to Microsoft. They've been declared a monopoly by the US government, so they really do need to get a different set of rules to follow in the areas where MS is a monopoly (web browser, desktop OS, and perhaps office suite). I know you're probably thinking that there are other choices, but for most people, using an alternate OS is akin to building a windmill for your power supply - not for the average consumer.
The electric company has to maintain a certain quality of service. A city block can't go without power for two weeks, and we can expect to not experience wildly fluctuating power levels coming out of our outlets. Likewise, MS, as a monopoly, needs to supply a product that doesn't put us at higher risk than, say, one of the many competitors the company has illegally muscled out of the industry. Sure, it sounds tough, but MS brought this on itself, and it isn't nearly as tough as the challenges it put forth to all its former competitors.
I really hate signatures, but go to my website.
Because it is open for examination the user is free to examine OSS and find any defects. With closed source, your are forced to rely upon the vendors representation, so liability should follow.
30s? Business computing is only a decade or two old... It is still very experimental. I think people that incorporate computers into their business systems should expect to take a few arrows.
love is just extroverted narcissism
M$ supports viruses well. Write a P2P virus that will propagate across the 'net until a certain threshold is reached.
When the threshold is reached, the virus will connect to other computers with the same P2P virus and begin exchanging all files on the hard drive.
Everyone will have a cause to hate the Evil Empire!
This post encoded with ROT26. If you can read it, you've violated the DMCA. Handcuffs please, sergeant.
>Especially to free software ?
1. Free software does not advertise on TV directly to consumers stuff like "the unstoppable NT," "now easier and more secure than ever" etc.
2. Consumers are fighting a convicted monopoly, something free software isn't. This is probably the biggest reason why this class action has legs. MS is a monopoly. They're held to a much different standard.
3. Free software involves no purchasing thus most consumer proctection laws don't apply. Fuzzy legal ground here, but things get more serious as money is added to the equation.
4. Its all relative:
All tires in the world will break down at a certain point. If they happen to break after six months of purchase in large amounts that doesn't spell doom for the tire industry it spells doom for the company that made them.
If MS is found to be negligent or below typical security standards with its OS, ActiveX/IE, IIS, protocols, design etc as compared to other vendors then there's an argument to be made that MS is manufacturing a crappy product. If not, if MS is up to par with everyone else then the case should be thrown out on those ground alone
I don't think the above is unreasonable, software may be a little different than manufacturing widgets but a junk manufacturer making false promises is still a junk manufacterer.
I disagree. So microsoft's software is insecure because hackers can write viruses that can go in and disable the system. This cannot be compared to auto companies suits.
This would be comparable to someone suing a car company because Tony Soprano put a car bomb under their car and it blew up. Their argument would be that Toyota (or whatever) didn't make their car secure enough against outside attacks.
When a car company has faulty parts they have a recall. When a OS is found to have flaws, they send out patches.
It is completely unreasonable to expect a OS with hundreds of thousands of lines of code to be unbreakable. This is impossible.
If Linux had 95% of the market share, hackers would be spending all of their time trying to break linux. There would be just as many problem on that platform and windows would look secure.
Not everything is analogous to cars. Car analogies rarely work.
Software is propery (according to IP law)
Software can be a complex system, inviting best practice to be used. That at least is what happens in the automotive sector. Software paranoid process.
Why shouldn't it be treated in all those respects as just the same as any other goods that are sold. Companies under contract law can still disclaim most things except where negligence causes harm or death.
There's better protection for consumers though.
Because they're made out of glass you know. Very easy to break. I could lose a lot if some "fast moving" "cracker" "cracked" my windows.
Or is it really MY responsibility for having chosen glass windows instead of iron shutters?
I like OS X. I use it on my home PC every day.
But perhaps you missed the OpenSSH exploit that was "fixed" by the 10.2.8 update that was later pulled for various reasons.
Why wasn't this a big deal? Well, it appears that 3% of the market brings with it only 3% (if that) of the l33+ h4X0rZ, and even if a hacker wrote something, well, there aren't that many OS X boxes server-side with SSH turned on -- not nearly as many as there are Win2k boxes with MS SQL Server!
Rock solid software is nearly oxymoronic. After working for three different companies and even releasing my releasing my own trialware, I've yet to see anything past some well written versions of Hello, World! that fits that bill. And if you're not rock solid, well, by defn you're a little flaky. I've been impressed with OS X so far, but be careful not to give out your IP when you post that it's unhackable.
(As an aside, I've heard it said that Windows was initially written without a network in mind (makes sense... how often was your box online when you had 3.1 installed?) and the some security holes -- even more importantly, the whole "insecure mindset" people sometimes get from Windows -- are left over from legacy code that hasn't been refactored. Security is something of a mindset thing. OS X, and this is probably your point, took a server-side OS (*BSD) and rebuilt on top of that. It's by design a better network OS, though a previous poster's ref to Win98 "Lite" is a good counterexample of how "insecurity through incest" can be easy to fix.)
It's all 0s and 1s. Or it's not.
Chasing after Microsoft for shipping insecure software is interesting, fun and potentially profitable, but MS is at least somewhat protected by their EULA.
Much more fun, easier and probably more profitable is to launch class actions against companies that have suffered substantial damage from the recent infestations (like sobig). These companies have measurably and significantly damaged their shareholders by basing critical business systems on software that is widely known to be seriously insecure.
Microsoft might get away with disclaiming responsibility for building insecure software, but the GM's and Ford's of the world can't dodge the bullet in the same way. They have a fiducial responsibility to their shareholders that is being violated.
Anybody got pointers to companies that have suffered? Posting the stories could be a good source of leads for lawyers that might want to get in the 'class action suit because of the use of insecure software' business...
Win one suit and the rest of the companies using Microsoft software look just like dominos.
Now that would be real fun.
Windows 2000 isn't better than 98 because of anything Microsoft has done for *security*, but because they're replaced the macintosh-inspired kludges between DOS and the Win32 API with NT. Win32, which is where far too much of the security is implemented, is no better than it ever was.
... application-level firewalls composed of restricted environments that do not include an escape mechanism for attackers to exploit ... they will continue to suffer from continuing security failures.
So long as Microsoft refuses to establish hard firewalls between secure and insecure data in Windows
Software should be treated the same as autos, or any other product. But remember, car explosions are not the same as getting rooted.
...
I'm not sure there are many software equivalents to brake failures. When cars crash, people die. When computers crash,
If GM sold a car with no locks, or very faulty locks, what would happen? Or if the alternator or fuel pump suffered a lot of failures? This is really the type of problems you see in software--unless your software is running your life support systems.
Good point. But there's still something missing. If one model of auto has a lot of fuel pump failures, an individual can just avoid that model. Walking away from MS software isn't that easy. Your car doesn't have to interact with other cars in the same way software does.
So I guess the real question isn't public safety, but governance and responsilities of monopolies upon which the public is forced to rely.
A car crash can inflict damage to physical property and to people's short- and long-term health. Remedies can cost $100,000s.
Software crashes can inflict damage to physical property, but rarely to people's health. Still, remedies can cost millions and billions. So while the toll on human health might be less, the monetary damage can be far greater.
This is not meant to minimize the value of human life, but to make the point that people should have recourse when large investments are jeopardized.
This is an interesting article for debate. I feel that MS should NOT be treated differently because MS sells products based on their "security" for business needs. The problem lies in that no one has really had the balls to take on a corporate giant due to the lack of monetary backing. MS has lawyers out the wahoo, and you think I'm going to go a couple bouts with them? That's nuts. I'd lose, no matter what I did. However, I feel that if MS is going to churn out crap and sell it like it's gold, it had better work right. I won't buy a product where security is its pinnacle marketing ploy and have some 13-year old script kiddie whack my system because Billie-Boy Gates didn't check a buffer on a remote service that was enabled by default. Thanks Bill. Instead, they should disable most services and have them enabled by the end-user JUST LIKE THE WONDERFUL OS, REDHAT. If MS is going to crank out an OS that is NOT dependable, then, the first line of the EULA it should state, "FOR ENTERTAINMENT PURPOSES ONLY".
-- Game Developers: Stop porting badly-textured games from crappy console systems!
Yes it's the driver's fault and it's the car's fault AND it's the car manufacturer's and driver's mother's fault if there's MS involved anywhere near them goddamnit!
Preserve old classics: copy your collection onto all hard drives.
consumers want Windows and Office.
No they don't. They want a computer with a word processor. Microsoft simply manipulated the OEMs such that Windows and Office were the only choices in an certain price range (read: below Apple/Sun/SGI/etc. but above going without). OpenOffice.org/StarOffice is beginning to seriously change this.
Healthcare article at Kuro5hin
This is a great opportunity for MS to promote Palladium and maybe even to get it to be required by law.
-- Cheers!
While I would definately agree that from an operational (and non-crashing) perspective, 2000 and XP are noticibly improving on previous versions, from a security perspective more recent windows versions have been abymal. One of the problems is the practice of having internet-accessible server daemons (or whatever MS calls them) as part of the OS, and turned on by default.
This especially comes with what seems to be poor testing before initial releases, and other plagues of problems. We're not debating as to whether 2000/XP are nicer from a usability standpoint, but that usability becomes moot when your system decides that it's going to sponstaneously reboot, or clog your network/internet due to the latest virus based on a dumb exploit.
a Gameboy's batteries will be lucky to go longer than 10 hours
Bah. No self-respecting GameBoy owner travels without an AC adaptor. And 12V adaptor. And solar panels. And...
Dan Bernstein has a $500 guarantee that no security holes will be found in qmail or djbdns:
. yp.to/djbdns/guarantee.html
http://cr.yp.to/qmail/guarantee.html
http://cr
WMBC freeform/independent online radio.
How many people go out and buy a retail, separate version of Windows? Very few; most people use it because it's what comes with their computers, and they complain about it constantly. Of course, they associate Windows with PCs, so they complain about "the computer", and the slightly more informed ones complain about Windows but will never switch.
WMBC freeform/independent online radio.
As a perfect example of software not being perfect, slashdot decided to munch part of my last post ... resubmitting ...
// data = char * passed into function
;)
:) I personally think that it is poss
So you think buffer overflows, for example, can never be 100% avoided?
Do you think all buffer overflows are as simple as the following code?
char * foo = new char[255];
while (*data != '\0') *foo++ = *data++;
They're not. The scarry thing is that the above code could very well be guaranteed to never overflow if the data * passed in is guaranteed to be be less than 255 chars. Someone later on 20 steps removed from this function may change that, suddenly causing a buffer overflow. But this type of overflow is very easy to detect and fix. It gets harder when you have different modules interacting with the same piece of data from multiple threads. There are also buffer overflows caused by integer overflows. And so on, and so on, and so on. There are hundreds of books written on the topic describing how to prevent, detect, and fix buffer overflows. And none of them are the size of a pamphlet. They're usually textbook sized. If it was an easy problem, the books would not be long, and there wouldn't be many of them written.
You're also crazy if you don't think that a company like Microsoft doesn't take measures to fix and correct problems similar to the reported problem. The number of potential exploits fixed during the development of Win2k3 was well in excess of 10k if I remember correctly. When a flaw is discovered, all you can do is learn from it, fix it, and try to make sure it doesn't happen again. The latter involves writing tests to verify that a regression doesn't occur in the future and writing tools to scan for similar problems. Code reviews can be employed, though it's of dubious value after about 4 people who know the code look at it (code reviews are all but useless if they're being performed by someone unfamiliar with the code in question, and studies show that the number of defects found after 4 people look at it fall off sharply -- the studies also correspond with my personal experience in the matter, for what it's worth).
I don't see a level of diligence any where near approaching that
And what level of diligence can you see? All you see are the patches. You don't have any insight about what goes on inside the company, or what they do to catch or prevent these sort of problems.
But I don't think it's acceptable for a manufacturer to simply wash their hands of any responsibility
A manufacturer washing their hands of responsibility wouldn't bother to fix their product at all. There is a difference between responsibility and liability.
we don't accept that in other walks of life and I still don't see a good reason that the same principle shouldn't apply to software
Sure we do. When you buy a new car you have a warantee for x miles or years against defects (analogous to how long a particular piece of software is supported). After that warranty expires, if a part fails due to a problem on the manufacturers side (ie: not normal wear 'n tear) you still have to pay to get it replaced. Even if the part does fail under waranty, you will have to make arrangements to get your car back to the dealership (usually at your own cost; higher end cars/dealerships will tow your car for you and give you a loaner though). When you buy a cheap radio and one of the knobs fall off, most people don't do anything about it. When you buy a shirt and a button comes off after the 2nd time you wash it, can you take it back to the store and get a replacement? Sure people bitch about it, but they don't DO anything about it. And if they tried they'd get nowhere anyway.
I'll also retract what I said in my first post - your reasoning is lucid, it just isn't convincing (to me, at least