Slashdot Mirror
Lawsuit Against Microsoft Over Insecure Software
Cinematique writes "Reuters reports that a California-based lawsuit alleges the Redmond software giant produces software with little concern for security and that their products are highly susceptible to, "massive, cascading failures." Should Microsoft's software be treated any differently than, say, automobiles?"
Valve might want to take a look at this lawsuit considering their potentially devestaing loss reported earlier today. According to Gabe Newell, from whom the source code of their latest was stolen, a hacker gained access to his machine "via a buffer overflow in Outlook's preview pane." Read his entire message here.
"I can not bring myself to believe that if knowledge presents danger, the solution is ignorance" - Isaac Asimov
The problem is : if Microsoft is judged responsible, what would happen to others in the same situation ? Especially to free software ?
{{.sig}}
How long before SCO joins in and sues Microsoft? "Your honor, this code is so crappy, it *clearly* had to come from us!"
...no one gets killed when Dr. Watson pops up and you have to restart Word. When your tire explodes and you flip and burn, well...let's just say it seems more severe.
(Besides, I think almost no one here would enjoy being held accountable for all the bugs they've written over the years...)
"A great democracy must be progressive or it will soon cease to be a great democracy." --Theodore Roosevelt
Perhaps an "incentive" could be established for commercial software manufacturers to not throw in that horrid clause in their EULAs disclaiming all liability.
Hopefully the decision will be intelligent enough to exclude free, take-it-as-it-is software.
Use ISO 8601 dates [YYYY-MM-DD]
Besides, every time I see an exploit, it's after Microsoft has already issued a patch. This would seem to suggest that they aren't as responsible for the problems as many seem to think they are; as soon as they're aware of an issue, they fix it. Maybe they could design the stuff secure out of the box, but they'd be the first manufacturer to accomplish such a feat.
Stop using it if it's a problem. There are alternatives now.
Try not. Do or do not, there is no try.
-- Dr. Spock, stardate 2822-3.
It specifically says in M$'s TOS that the software is not to be used for any life-critical applications. In fact, QNX is the only compnay that will license software for life critical stuff. Microsoft also has a non-responsability clause in their TOS. This is going to be a long, drawn out fight, like the one against tobacco companies.
Statistically, one could probably claim that Microsoft products have killed people in an indirect manner.
Sig (appended to the end of comments you post, 120 chars)
What are the costs to the user when software vendors are held to the same reliability standards as auto makers?
Should there be differentiation between operating system stability and application stability?
What responsibility does the user have for securing their own property?
How will different countries answer these questions, and what is the implication for US software vendors if there are 80 separate standards of culpability for an operating system?
And since I should have at least one answer, the speed of light is slower in materials with a higher index of refraction.
Any ruling making Microsoft liable could be used by the legal system as a precendent to make ALL software companies and/or individuals who produce software *personally* liable damages arising from use. This may look like a "we've got 'em now" scenario, but it might come back to bit us.
Later, GJC
Gregory Casamento
## Chief Maintainer for GNUstep
Can any motivated and talented enough 16-year-old car theif break into your car and steal it? Probably, the answer is yes. Sufficiently motivated people can find ways around security. What do you do if you own a car that you don't want stolen? Buy an alarm system and have it installed. Similarly, you buy a firewall and antivirus and install that on Windows.
Communism was just a red herring.
If you wish for them to be held liable, remember it's only fair that Apple, or even Linus be held liable as well when Linux or OSX get's hacked (and don't even mention that it could never happen - it already has, many times). Anything else would be hyposcrisy.
With the horrible network congestion and system compromisation that has come with the recent rash of massive MS worms, you do not have to have agreed to a EULA in order to be harmed by Microsoft's poor design and blatant disregard for security.
In other words: it has reached the point where even people who are not Microsoft product users are harmed by Microsoft's irresponsibility. The messes created by the holes in MS products make EVERYONE a possible target for collateral damage.
Car manufacturers must make their cars safe because there are already laws in place that apply to everyone. You can't all of a sudden decide to pick on one companies' product. They are not breaking any existing regulations, and so they shouldn't be held liable. Moreover, they could certainly claim that they did not intend for their product to be insecure, so they had no malicious intent. Lastly, they can always play the end-user license card.
Gabe held a number of positions in the Systems, Applications, and Advanced Technology divisions during his 13 years at Microsoft. His responsibilities included running program management for the first two releases of Windows, starting the company's multimedia division, and, most recently, leading the company's efforts on the Information Highway PC. His most significant contribution to Half-Life was his statement "C'mon, people, you can't show the player a really big bomb and not let them blow it up."
I wonder if he signed a contract that prevents him from joining a lawsuit against MS since it was their software that allowed his next big project to go buh-bye.
I'm up for some MS-bashing as much as the next slashdotter, but this isn't the way to beat Microsoft or get them to release secure code.
Capitalism holds the answer - provide a better alternative that takes away their market share forcing them to improve or be left behind. With them being a monopoly, this problem is far greater in difficulty, but progress is always being made. Free software is getting viably close to many of the roles that many people use Windows for.
I'd rather wait for that to happen than have another frivolous lawsuit like this. I'll feel better about the successs of better software all around if MS gets to be better because of competition from free software getting better.
-N
I've nothing to say here...
At first I though that this could be a very interesting case for many points. But its central argument appears to be poorly constructed. They are suing microsoft because their monopoly makes their insecurity a bigger problem. I'm all in agreement with the "monoculture is bad" argument for many reasons, but you can't sue someone for being a monopoly, or for the bad effects being a monopoly. Companies can only be held accountable for leveraging a monopoly, and this case has already been heard and decided on. The fact that we know more bad stuff that can happen because of their monopoly does not provide any more evidence that they are indeed leveraging their monopoly, so why do they think bringing them to court again over the same issues will result in a different ruling. Do they really think they have more resources and motivation to pursue this than the US and state governments combined?
The other two claims are the interesting ones. Can software writers be held accountable for damages caused by flaws in their software? Even if they put an "anti-warrantee" in their license? (I hope not) Are click-through licenses agreements valid in this case? These are all question that would have to be asked.
follow the link and read the story, the case is built "on the claim that its market-dominant software is vulnerable to viruses". It does not say that the case "alleges the Redmond software giant produces software with little concern for security" as the /. article suggests.
I'm not aware of an OS that isn't vulnerable to viruses. Precedent is a dangerous thing.
No matter what the EULA, or any warranty, expressed or implied states, the only proof needed to hold sofware makers responsible for their creations is to prove that the software was vulnerable due to negligence on the manufacturers part. There are many states and possibly even US law that dictates that you cannot disclaim responsibility due to negligence...
Oh yeah.. AIANAL...
Fire in the hands of the village idiot is no tool, but a weapon of mass destruction
Here in Australia we take things into account like the price of the goods and the purpose for which they were intended. You're not, for example, going to have much luck suing someone over those $2 scissors you were using to conduct major surgery, but you may succeed with the $200 surgical variety.
Now if MS were happy charging a reasonable (given the price of hardware, say, $100 - 10% of a machine's value rather than $1500 and 150%!) price for their software, and weren't running around trying to force their way into everything with a processor then they'd probably be safer from such claims than they are now.
Back in the 1980s, a Japanese worker was killed by a robot on an assembly line due to a software failure. And robot control systems are very throughly tested before a new model of robot is released. Microsoft is trying to muscle their way into the embedded marketplace; do you want software that has plenty of known defects/security issues running your robot?
If "disco" means "I learn" in Latin, does "discothèque" mean "I learn technology"?
From the article: "Microsoft's eclipsing dominance in desktop software has created a global security risk," the lawsuit filed in Los Angeles said. "As a result of Microsoft's concerted effort to strengthen and expand its monopolies by tightly integrating applications with its operating system ... the world's computer networks are now susceptible to massive, cascading failure."
I think the above statement is pretty interesting. What it says (to me) is that the issue isn't that there are bugs or security problems with Microsoft products, nor is the issue that Microsoft dominates (or weighs heavily in) many software markets. The issue seems to be that Microsoft does both of these things, which results in a ubiquitous and totally insecure majority around the world.
This reminds me of the general pattern where Microsoft is busted for doing something that another company did first or is also guilty of. The non-Microsoft instance (could be a small company, or a large company with a small component) can usually can get away with it because of scale, whereas Microsoft cannot since it's on such a large scale that everyone notices and cannot ignore it. One of many examples is the "OS integrated with the browser" war. Nobody gave a shit when IBM shipped OS/2 warp with built-in browser support even though in principle it was the same thing Microsoft did with Internet Explorer. IBM's reach was minimal with OS/2, so it was rather irrelevant what they did. Not so with Microsoft.
So is this class-action suit setting a precedent that bugs in your software will lead to lawsuits? I don't think so. I also don't think it claims that being a gigantic, far-reaching company is bad. Just don't mix the two, or the wolves will come after you.
Should anyone's software be treated differently from the auto industry?
I figure when MS can start charging $20,000 per OS license, then maybe we can expect bullet proof software safety. The kind of engineering required to give some kind of guarantee or waranty against "bad things" that these people are expecting would cause the cost of software to be prohibitive. Heck it may not even be possible if the software is complex enough. At some point you have to say well we've gotten it as hardened as is feasible, but there will always be some risk.
Sure MS stuff could be better engineered, but there's a point of diminishing returns for everyone involved. If YOU want guarantees, YOU pay to develop your own unbreakable system and use that. Otherwise the old "buyer beware" caveat still holds - especially in the case where the licensing agreement TELLS YOU they are not liable. If you don't like that by all means don't use the software. But don't sue the manufacturer of the car when they warn you in advance that the car could get stolen, that they're not liable if it gets stolen, you don't do what's required to prevent it getting stolen and then by gum it gets stolen!
This whole shuffling of responsibility through litigation is sinking this country faster than any liberal welfare policy or conservative defense budget.
I don't think cases like this are good for the industry in general, MS or no MS.
... this was never really a very big issue for most people until Microsoft starting issuing security bulletins.
Now they issue a bulletin, somebody exploits its, somebody else does not bother to read it.
The law suit claims that the update process is too complex, yet these are the same people who complain that no software company has the right to make an update process automatic.
All software sold today is sold as unsuitable for any purpose. It says that, right in the license. So claiming your software is insecure is moot; you didn't buy secure software. You just bought some crap off the shelf and expected it to meet your needs. It didn't; and nobody's surprised.
But this case is even worse than that -- It involves Microsoft's ware, which is known to be insecure. It's in the news every single day. Trusting your corporate secrets to of-the-shelf software is just stupid, doubly so for MS ware.
Not that this wasn't entirely predictable.
So you realy think that the government should FORCE consumers to buy a non MS product? Will we see black clad shock troopers in the isles of Comp USA ready to enforce such laws? Bottom line is that at the end of the day, for whatever reason, consumers want Windows and Office. Who are you to say their choice is wrong just because its not the same as yours?
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
Firstly, software is your choice. Your complaints about MS software may be worthy of attention. However, you chose to use MS. And now that this is /., we all know there are alternatives. You can buy them on the Internet and even in some stores.
"The lawsuit, which was filed on Tuesday in Los Angeles Superior Court, also claims that Microsoft's security warnings are too complex to be understood by the general public and serve instead to tip off "fast-moving" hackers on how to exploit flaws in its operating system."
If you cannot interpret the information MS provides you, there are thousands of web pages and forums to help you. These are free as well. There are services which you can contract to do the work for you. Using computers has a cost. Using machines connected to the Internet has a cost. It is not the fault of MS that someone exploited the OS. They were irresponsible for leaving the vulnerabilities there, but unless you want to make the claim that they intentionally attempted to provide you with an insecure OS, then I do not understand the argument. XP does not say on the box "hack-proof: Try It!".
I have a little idea:
Software that directly controls physical devices (automobiles for example) which are themselves regulated should be held accountable to similar standards as the device which the software controls. They should be legally linked.
Software that does word processing, serves web pages, browses the Internet, sends email, etc. would not fall into this trap. We have disclaimers on lots of things saying don't use x with y or p as a q. So mark your software accordingly.
Its the kind of crap I've come to expect from companies that dont want to compete but just want the governemnt to hand them market share. Its the kibs of all those parents who sued the schools becuase they (the kids) where getting bad grades. The've grown up and expect the same kind of treatment from the real world. The sad part is they may get it.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
you'll notice the case seems to hinge on Microsoft's monopoly status.
... I don't know. Since I'm not a lawyer, this is where the case falls apart for me.
If they did not have a monopoly on desktop computer systems, this type of lawsuit wouldn't be a problem for them. Since, due to all sorts of vendor lock-in promoted by Microsoft itself, it is difficult for users to pick a different desktop, the lack of security in their software ( i.e. buffer overflows everywhere )
But maybe a monopolist which continues to abuse it's position _should_ be held to a higher standard than others ? Is it not arguable that MS has the resources required to audit all of it's code and fix such issues ? Maybe not technically true, but arguable in court...
well, for the joke that sprang to mind immediatly:
It goes;
A Mechanical Engineer, Marketer and Programmer were driving in the mountains, when the car's brakes failed and they crashed into one of the breakdown barriers (big mounds of gravel to stop trucks).
The Mechanical Engineers says, "I will look under the car and determine why the brakes failed, and how to fix it so it does not happen again".
The Marketers says, "I've got to tell the car company, so that word can get out if this needs to be a recall notice".
The Engineer and Markerter look at the Programmer who says, "I think we should push it back up the hill and see if we can get it to crash again".
Think about it... this seems very close to Microsoft's Mentality: all windows users are crash test dummies.
Case(s) in point: The remote code execution in Windows Media Player that allowed content to be executed (similar to the MIDI flaw in dx9.0a and below) was fixed in 6.x versions and re-opened in subsequent versions, not once, but at least 3 times!
The RPC vulnerability wasn't fixed until the second time, hence the need for *another* patch because Microsoft had not FIXED the vulnerability, just enough to protect against the first exploit.
(little dutch boy story ring a bell, mr pavalov?)
And their strategy for integrating everything into the OS is actually driving XP users back to 98se.
Yes, 98se where the IM client, browser, outlook express, media player, passport and another half dozen things aren't integrated into the OS (as proven by 98lite).
Why?
It *annoys* the piss out of people.
Wonder why?
Have you read the moderator guidelines? Well, have you, PUNK? (and I want a Karma: Gnarly option)
Should Microsoft's software be treated any differently than, say, automobiles?
No, it shouldn't. This would perhaps slow down software development a bit, but commercial software manufacturers should have similar responsibility over their products like any other industry.
Like our (Finnish) Product Responsibility Law points out (not literally but practically): "Manufacturer must repair manufacturing defects, whether the product still has warranty time left or not, or give a full refund." This should mean: "I just (2003-10-03) found critical bug from MS-DOS 1.0 - please fix it or give me my money back." (Provided that I still have the invoice or other proof of purchase somewhere.)
“Wait for Hurd if you want something real” –Linus
Though I am adamantly opposed to shrinkwrap "licenses," the one thing they do that I happen to agree with is the disclaimer of liability.
Writing solid software is hard. Writing solid software to run on cheap, unreliable hardware is even harder. Though we ridicule software vendors, crashing software is a fact of life. One day, new technologies or engineering practices may appear to make writing reliable software easier, or to allow the user to "reverse" the machine back to the last known good state so they can at least save their work. But for now, software is flaky and, undesireable though it may be, users need to plan appropriately.
That said, however, I believe there should be an exemption to the liability shield. Off the top of my head, the following factors should be considered to determine if liability should apply:
The scale of each factor would be weighed to determine whether the software vendor should suffer liability. This standard should be set fairly high. If a company is consistently pro-active in correcting bugs, releasing patches, and informing users; or the failures are comparatively minor; or their products exhibit failures on a comparatively rare basis -- in other words, if they are clearly a good, conscientious citizen of the computing community -- then the vendor should escape liability. OTOH, if a company can be shown to persistently use flawed methodologies and designs, and they regularly ignore bug reports until the excrement hits the rotary impeller, and the bug can cause widespread havoc, then the vendor should be exposed to liability.
Needless to say, Microsoft's 25-year history of releasing junk and not giving a $#!+ about it should be a reasonable foundation for a liability suit.
Schwab
Editor, A1-AAA AmeriCaptions
I'm assuming this is flamebait, but I'll respond anyway... karma to burn and all...
Read my post again and you'll find you agree with it (also my reply to the other person who replied to me). I didn't say that the monopoly wasn't a problem and wasn't being abused. Capitalism as a system is not responsible for that though - as you pointed out, it's the government's lax attitude toward big business and antitrust issues at the root of that problem.
I already described the ways Microsoft abused this monopoly, which were the same ones you gave. You and I are on the same page...
But capitalism still does work on competition. Microsoft has an advantage, but free software is continually getting better and while the competition is harder because of the Microsoft monopoly, it still can level things. It'll just take longer.
-N
I've nothing to say here...
I put out some free Perl & PHP code, and planned to release some more next week. But I partly rely on the BSD license to protect me from liability. What does this case mean for someone like me? While I think I'm such a good programmer that eventually my code will be super-tight, I know I'm a poor enough programmer that it will take many iterations and bug reports to get there. Should I only release code when I'm certain no security issues exist (which probably means I'd never release stuff)?
My Greasemonkey scripts for Digg &
...and the businesses that use their software were coastal Alaska, does the sea life have to clean the oil off the shore every time one of Microsoft's products is exploited for it's insecurity? Why is a software company treated any differently than an energy company when something happens that involves their product and harms it's surrounding environment? It's about time a law suit like this came around.
It shouldn't be held to the same liabilities as an automobile. An automobile has the potential to hurt or kill people in it if it has defects. It is the responsibility of the auto company to make sure their cars will not hurt people due to their engineering flaws. In the case of Windows, no one is stopping you from using another operating system if theirs is not stable enough for your use. I think you should be able to get a refund if their software doesn't do what it says it can and then move to Linux, OS X or whatever else you would like to use. Suing MS for bad software is like saying you cannot use something else. I use something else so why can't California?
Yet automobile manufacturers are also sued for nonhazardous situations. I think Toyota was sued for premature engine failure due to sludge build-up. I think suing Microsoft is more in line with this thinking.
Using your logic, there is no expectation of fitness for use for software at all. You can have all the features in the world. Just don't expect to use them.
'Use something else,' you say. How would you like your car "Microsoft" dealer to tell you that after you discover your car is a lemon? Oh, by the way, all the other manufacturers cars don't work on Microsoft Roads. And there is no refund.
This man speaks the truth: "if I were on life-support, I'd rather have it run by a Gameboy than a Windows box"
-- Cliff Wells, 2002.03.13, in comp.lang.python (original UseNet article)
There's a principle codified in the Uniform Commercial Code that a product that is sold by a merchant (i.e. one whose primary business is involved in selling products of the given type) must be "merchantible," meaning "fit for the ordinary purposes for which such goods are used." UCC sec. 2-314. This is called the implied warranty of merchantibility. It may be explicitly disclaimed in a written contract (and every EULA includes a term disclaiming express and implied warranties of merchantibility).
Here's the rub: retail software sales are clearly sales. When you go to the store and buy a pc preloaded with MS Windows,or even a boxed copy of windows, you are not presented with a contract at the time of sale. You pay your money and leave with a box - clearly a sale. Only when you boot up your new computer for the first time, or install your new OS do you have these new non-negotiable terms sprung on you without your approval or consent.
First - a "take-it-or-leave-it" contract like a EULA purports to be is called a contract of adhesion. These contracts are enforceable, but courts are generally inclined to take a close look at adhesion contracts where one party has disproportionate power over the other.
Second - In the real world, one party may not unilaterally add to or amend a contract, or impose terms on a sale, without the consent of the other party. (They can try, but the new terms will not be enforceable in court.) "Aha", says Microsoft, "but you agreed! You clicked 'I agree.'" Well, wait a second - what are your alternatives? If you bought a boxed copy of windows, the retailer will not, as a matter of policy, accept a return. So basically Microsoft (and every other commercial software vendor) is saying to you "We already have your money. You're not getting it back. Now agree to these additional terms or get bent." I rather suspect a court, even an extremely conservative one, would take a dim view of this arrangement. (except in Virginia and Maryland, the two UCITA states where click-wrap EULAs are explicitly enforceable.)
And since we're on the topic of adhesion contracts and Microsoft, how about the additional terms they add when you use Windows Update to fix new vulnerabilities? Talk about strongarm tactics - "either accept these new terms or accept that this software which we sold,er,licensed you with network capability (but of course we claimed it was fit for no purpose at all) is no longer suitable for its advertised purpose." Bite me. That's not duress, but it's it's damn sleazy.
</RANT> Whew. I'm not a lawyer, and none of this is legal advice, of course.
-Isaac
I am not a lawyer, and this is not legal advice. For Entertainment Purposes Only.
I realize that the EULA of almost all software says if it doesn't work, its your problem but, what if I run a totally Unix shop and don't have any Micro$oft products anywhere and don't use any but, my services are rendered useless due to high volumes of spam, sql queries, MSRPC calls, large virus attachments etc. all aimed at M$ products. Would I then be able to sue them for the poor quality of their product?
Banjo - The more I know about Windoze, the more I love *nix
> the story on shacknews for example on how valve got trojaned..
> why on earth did they keep using software they knew was suspectible to be trojaned?
To me, this is the place responsibility needs to lie. It's the people who choose systems that are *known* to be bad for important things. Find the forces that "made" them use Outlook and there is a first line of blame.
If a power plant uses MS Windows or Linux for a critical system and it blows up, it's the person who made that call who should be held mostly responsible due to negligence.
If manufacturers are making claims that their systems are secure, or are useable for critical work, then that's probably a case of false advertising and should be dealt with as such.
Valve should be looking to see if its own staff were negligent first. Who was responsible for choosing a known bad, internet connected, system for storing very important data?
Just the same as if I left a printout of the source code in the local pub by accident. If it was an Outlook exploit, then I don't see this as any different fundamentally.
If you have a multi-million dollar asset, you should put some effort into protecting it. Not blame HP for letting you print it out and leave it in the pub.
If I was working on the source for Doom 4, you can be damned sure I wouldn't keep it on my internet connected debian box.
- Muggins the Mad
Software should be treated differently than automobiles. Because it is very different than automobiles! [insert expletive and aggrivated shake of head]
Your analogy, sir, is faulty!
~ Aero
There should be some law or penalty against meaningless lawsuits. There should be some law or penalty against predatory lawyers. There should be some law or regulation to give the profession of law some credibility.
Should this class action go through the courts and succeed, it sets a hell of a precedent. Specifically, it implies that software should be thoroughly engineered and reasonably defect-free prior to release, with no damaging defects at the point of release. It essentially also says that releasing patches after the fact is not good enough (and that it's not the customer's responsibility to apply them), which causes two minefields I'll try and touch on later.
Trying to enforce defect-free software is a great idea - except that, as we all know, software exhibits weak-link behaviour, and that in turn suggests that you'd need to get rid of 100% of defects to be absolutely certain that no damaging defects exist. You can't over-engineer software in the way you can, say, a building, to protect against potentially damaging structural defects. Oftentimes, over-engineering software makes it more prone to the kind of defect that makes the software useless.
This precedent I percieve in turn means that the open source community - specifically, the people "managing" a given software project - are open to the same kind of litigation as, well, Microsoft are facing. I sure as hell don't want to be sued because my software's not perfect...
As for basically disregarding patches, well, that raises one major issue: it makes the vendor responsible for deploying those, which in turn either requires a "returns" policy on software (unworkable!), or requires that they have the ability to deploy software (privacy issues).
In short, this disquiets me. While I've been waiting for this kind of legal action to happen for a while, and in the long term it'll probably lead to much more reliable, much better software, I don't think the software industry as a whole is really ready for this kind of thing yet. Frankly, we still suck at making reliable software, and that's not just something Microsoft can take the hit for...
More likely, MS's lawyers would say you didn't back up your data like you should be doing, and the case would be thrown out. Your failure to properly back up is as bad as Microsoft's failure to properly secure its software. I hope you still don't keep all your source code on one hard drive after that incident.
It's an operating system, not a religion.
you trying to say that a critical failure in a microsoft operating system couldn't cause death or injury? What about when the government uses it for navigation of a Navy Submarine? What would have happened if that was also running the big, red, nuke button?
Do you know who beta tests Microsoft products?
The paying consumer.
Who beta tests automobiles?
Hundreds and hundreds of professional test engineers until the end product is as safe as the government regulates.
Currently, in the US, it is illegal to write or knowingly spread a malicious virus or trojan. Isn't the Microsoft Windows series of operating systems guilty of spreading malicious viruses and trojans?
Why read the article when I can just make up a snap judgement?
I'll admit that I am a Microsoft hater. However, unlike most slashdotters who have the "open source good, microsoft bad" slogan as their religion, I am not ignorant (or at least try not to be, heh).
So here's my opinion on this lawsuit. Microsoft creates bad software. It has done a severe amount of harm to the world. However, it only does that harm because people allow it to. Most people know how insecure Windows is, but they insist on using it anyway. I have no sympathy for them when they whine "wheh wheh wheh, i hate viruses".
However, they have committed no crimes. As much as I hate the company, they have all the right in the world to create shitty software. They only continue to do it, because there is demand for it. Supply-and-demand is no crime. As much as I'd love to see Microsoft get sued into the next millenium, let's have it be for an actual crime?
*cough* anti-trust *cough* (Wait, they were sued into the next millenium for anti-trust, literally!)
Hypocrisy is the 8th deadly sin.
If they can obtain a judgement against M$ for shitty software, then that means that the standard waiver of liability in the EULA is not enforceable, which likely means that the similar waiver of liability in the GPL, etc. is not enforceable, which means that you and I could potentially find ourselves in the same position for something we gave away for free, not to mention the effect it would have on those who run mom-and-pop software shops.
There is a mechanism in place to pressure M$ (and all of us) to ensure product quality: competition.
I think that Windows sucks; but Windows 2000 sucks quite a bit less than 98 did; It seems that M$ has taken notice of the alternatives, and is beginning to come around in terms of security and quality of their software (not saying that they don't have a long way to go, still) presumably due to market pressure.
Besides, look at it this way: I hate Windows because it sucks; If/when M$ improves the quality of their OS (and other software), don't we all win?
I am a Linux fan; but if M$ produces a product that is truly an attractive alternative, from both quality and price standpoints, I am not going to ignore it because of some "religious" viewpoint. (Nor will I bother myself with Windows until they do).
The point is, this is a textbook example of a situation where the govmint should keep out of it, and let capitalism/competition work things out naturally. People are just beginning to be exposed to Linux (and others) as real alternatives; M$ will naturally have to improve, or die.
Are automakers held responsible when someone breaks into your car using a jimmy or breaks the glass with a hammer? Or pops your tires by throwing nails on the ground? These are security exploits similar to Code Red and SoBig and Slammer and Blaster, etc.
If people didn't try to break into your Operating System, there wouldn't be a problem. Automakers aren't forced to redeisgn locks or equip cars with shock-proof glass and no-flat tires. Software designers shouldn't be forced to design software to be secure from unauthorized entry. It's a great feature, but it shouldn't be required unless the software is advertised as being secure.
Ironically, in the leaked source code for HL2 there are many buffer overflows ready to be exploited.
One such example of this is in net_ws.cpp:
Prehaps, since the game isn't ready for release the buffer overflows were not high on the priority list. But if Valve sued Microsoft for problems in their code, would Valve have several thousand suits coming their way for one of these exploits?If you're a monopoly, then the government should be setting some special rules for you to abide by. A sort of guarantee of quality of service, I believe. Utility companies, for example, can't behave in the same manner as shoe manufacturers because you can always buy a different brand of shoes. But the local electric company has to run its business according to some government standards, since consumers have little choice but to use that company's electric service (I'm ignoring the differences between electric suppliers and the company that delivers it, which could be two different companies).
Which takes us to Microsoft. They've been declared a monopoly by the US government, so they really do need to get a different set of rules to follow in the areas where MS is a monopoly (web browser, desktop OS, and perhaps office suite). I know you're probably thinking that there are other choices, but for most people, using an alternate OS is akin to building a windmill for your power supply - not for the average consumer.
The electric company has to maintain a certain quality of service. A city block can't go without power for two weeks, and we can expect to not experience wildly fluctuating power levels coming out of our outlets. Likewise, MS, as a monopoly, needs to supply a product that doesn't put us at higher risk than, say, one of the many competitors the company has illegally muscled out of the industry. Sure, it sounds tough, but MS brought this on itself, and it isn't nearly as tough as the challenges it put forth to all its former competitors.
I really hate signatures, but go to my website.
30s? Business computing is only a decade or two old... It is still very experimental. I think people that incorporate computers into their business systems should expect to take a few arrows.
love is just extroverted narcissism