Slashdot Mirror
Why Can't Microsoft be Sued Under the Lemon Law?
briant97 asks: "Microsoft is sitting back making all this money by charging for desktop and server operating systems. If you go for a server, they also add additional charges through client access licenses. Well, now that they've charged you all this money they leave their software open to viruses and exploits beyond belief, which will cost your company even more money. When will it stop? When will Microsoft become liable for their actions? I mean they are making billions while costing other companies billions. Ford, Chevy, and all other car manufactures get held liable if they make a defective product, why not Microsoft?" One can argue that you sign away your right to seek damages from Microsoft, by agreeing to the EULA, however there is still this issue as to the strength of a EULA since they've never been tested in court. How do you feel about this subject? Should software owners be allowed to "sign" away their basic rights via click-thru licensing, or should software manufacturers be liable for the critical defects that show up in their software?
My first guess would be because the "Lemon Law" only covers cars.
From http://www.mylemon.com/faq.htm:
What types of products are covered by the Lemon Law ?
All motor vehicles primary used for personal use are covered under the Pennsylvania and New Jersey Lemon Law.
symetrix. We are building a religion, a limited edition.
Just remeber, if Microsoft is held liable for it's products in spite of the EULA, it's only a matter of time before other software comapanies and eventually open source authors will be sued for the same. Are you really so eager to jump headlong into the new world of software liability litigation?
EULA's shouldn't be able to take away a consumer's basic rights as many basically do these days. If you buy a product you expect it to work as advertised and not be defective. It seems only software companies are able to get away with selling defective products by tacking on long EULA's to them. Why don't car companies tack EULA's onto their vehicles saying if it's defective, you're SOL? Because nobody would put up with it, they'd go find another car without one. Nobody would put up with that on about any other product except software. I strongly agree people should stop letting software companies shove defective software down their throats. I say people challenge EULA's at all *reasonable* opportunity... EULA's should simply be an agreement that you're not going to reverse engineer their product or distribute it illegally and such....not forcing you into agreeing that the software is probably defective and that you're going to be the one paying out your ass for it.
When desktop and corporate customers are willing to wait 10 years for products that incorporate new technology, we can talk.
Microsoft is being no more negligent than their competitors would be. Businesses recognize the risk of using Microsoft, Apple, Sun, third-party or OSS software, and balance that against their need to actually use recent innovations. The end result, a fast life-cycle on development and rather unreliable products. Businesses suffer losses when software is compromised, but that's built into the cost of getting software years before it could be released otherwise.
If consumer advocacy laws applied to software development right now, you'd see innovation plummet. What few developers that would bother with top-notch reliability (which is comparitively boring) would still take years to create something after the idea was publically announced.
Meanwhile, some black market developers would create the same function in some illegal and wholly unsupported product, but businesses would buy it up like crazy.
The reason that these kinds of regulations are important with cars and pharmaceuticals is that these industries put people at risk to their lives. A flaw in a car will kill people. A flaw in software will cost a company some money, but is a threat that can be overcome through market practices. The company insures against damage, pays a premium, and gets reimbursed on loss. Nobody dies. Big fricking deal.
Businesses where reliability does matter (i.e. infrastructure and medical projects) go further and independently make sure they only use software that has gone through the ropes. This software tends to evolve more slowly, or else has a disproportionate amount of money thrown against it to speed things up.
very true. But I would assume (or at least hope) that servers that control systems that could mean a life or death situation if they fail would be monitored much more closely with more failsafes than your average web server.
Which brings up an interesting questions. Does it matter as much what caused the malfunction as how you were using it when it happened? Say I'm driving my car 130mph down the freeway when a faulty tie-rod end breaks causing me to carom around the freeway createing a 20 car pile up. Who's to blame? Me or the manufacturer of the faulty tie-rod end?
I would think the same thing applies to server software, if your using it irresponsibly when it's being used in a life or death situation and you don't take the necessary precautions just in case of a failure, who is really at fault?
Now if a serious fault in Microsoft software caused a train to kill a bus load of nuns, i'm sure a lawsuit could be filed against Microsoft. Weither or not it could be won I have no clue, i'm not a lawyer.
Now, what about the floating-point exception handler bug in Linux?
But how much did this particular bug cost the industry? This would be the maximum liability. And obviously only the vendors would be liable; They're the ones selling it as a working OS suitable for certain purposes. There is only an implicit warrenty once you charge for it.
As an example of why software makers should be held liable, imagine a nuclear power plant being run by some OS. Now imagine that OS has a bug which causes it to crash if certain conditions are met. Now imagine those conditions are met one day, causing the cooling system in the reactor to stop working as it should. I think we all know what happens next...
Which is why Microsoft forbids the use of MS software for such mission critical apps.
If you need an OS to run a nuclear plant, you'll have it custom made, by someone who can be held liable and who'll probably provide the source.
No sig
Think of it like a car.
My 1998 Honda had a problem with the ignition that, if a certain combination of environmental factors, driving habits, and the phases of the moon and planets all combined correctly, the contacts would corrode under the extreme voltage and cut power to the engine while in operation. Their response: Take the car to a dealer to have the ignition switch replaced free of charge.
I.e.: This otherwise safe and well designed car has a small flaw that under certain conditions may manifest itself in a potentially annoying to potentially dangerous way, depending on what you are doing.
Now, let's pretend it is a computer.
Your well-engineered and hardened security Windows 2003 Server system has a flaw in a protocol parser that allows, with the right combination of messsages, someone to cause code to be executed on your system.
In other words: This otherwise safe and well designed server operating system has a flaw which, depending on several factors, may manifest itself in an annoying or dangerous way.
Any complex system is going to have problems with it. Millions of lines of code, or hundreds of thousands of moving or conductive parts, each can have something fail if there's a tiny problem with it.
Microsoft releases their fixes free of charge, just like a dealer service recall on an automobile.
What's the problem here? You can eliminate 95% of these vaunerabilities by simply *not running without a firewall* and *not running unneeded services* which is (GASP) something you'd do on Linux as well. Linux is just as vaunerable if it's sitting open and unprotected on a network with 500 services running as root. Would you do that? No. So why do you do it with a Windows box?
If it's because Windows is more of a "turn-key" solution, and the user doesn't think to secure their box, it's not Microsoft's fault, the blame rests surely in USER ERROR.
Lets first talk about supported hardware configurations.
Before I would allow certain liabilities like this, I would require a given supported configuration. Lets say something like a Pentium 4 processor running at 3Ghz - without HyperThreading, A Chipset, a single graphics card (make it old too), a single hard disk from one manufacturer - the list goes on (well in reality - the list doesn't go on). Your hardware isn't in the supported configuration (You did buy directly from Dell didn't you ?) forget the support, it isn't a tested and qualified system.
Software configuration
You weren't going to install ANY other software on your system, other than mine... How do I know that THAT software didn't cause the problem - so nix any software purchases - or that will void the warantee as well.
So basically you end up with a supported system, that is completely useless. Not much fun at all. And you WANT to have this happen by getting lawyers involved ?
I have mod points and I am not afraid to use them
Ever check how much doctors pay for malpractice insurance? It's in the 6 digits for some specialties. Just think what would happen when small software companies start getting sued because of bugs in their code that lead to others making expensive mistakes. Lots of companies would be driven out of business and the only ones that would be left standing would be the ones with the deepest pockets, i.e. Microsoft. Then they would say "we are paying out all these huge damage awards, so we have to raise the base price on windows to $1000 / copy".
...
Maybe that's a bit extreme. Seriously, software is way more complex than a car. Who among you would bet your entire net worth that you haven't shipped code with potentially serious bugs in it? There are always bugs.
Maybe a mandatory "your money back if you aren't satisfied" law would fly. But 99% of the people who take advantage of that offer are going to keep a backup copy of the software, "just in case"
This idea could never get past the unanimous opposition of every company in the software industry. Just live with it - software has bugs. If you don't like it switch to another package or just go back to pencil and paper.
You don't expect a car dealership to be liable if your engine siezes because you never changed the oil.
The patches and exploits are handled as they arise and if you keep up with the maintenance than you wont suffer catastrophic failure.
Sure this is a bit of a stretch but you have to take some damn responsibility. You can't blame MS for all your woes.
They make a good product that keeps the majority on the road. Every generation has new features and new flaws. The fact is the flaws are publicized and you have an opportunity to patch them.
The time and money spent is part of the upkeep. It is like oil in an engine... if you never maintain it it will fail. It will leave you stranded and up a creek with a very expensive repair.
However, when maintained you get acceptable operation.
Quit your mindless bitching! Blame the Virus Writers for writing the viruses. Patch your system be it MS, *nix or whatever. Take some damn responsibility and stop blaming everyone else.
Boredom's not a burden anyone should bear.
DJB seems to favor the consumer in the EULA debate.
http://www.ftc.gov/bcp/workshops/warranty/
97 comments were filed publicly. Everyone from RMS to IEEE to, well, me.
Basically, software warranties would make Free Software illegal. The model wouldn't work if we were held to quality expectations. Read the comments to educate yourself.
int func(int a);
func((b += 3, b));
there is no transfer of property, so there is no sale
Bullshit. If there was no sale, then the store is liable for fraud - because they sold it to me. And if you wanna go bark up that tree, you'll find that MS sells the software to them, so MS would also be liable for fraud.
Just because you've fallen for the EULA propaganda, doesn't mean it's true.
Yesterday : If life hands you lemons, make lemonade.
Today : If life hands you lemons, sue the bitch.
Here's the thing. Well, here are the things--there are two of them.
- $developer can be sued for $foss_project today. You can be sued for eating a ham sandwich. You can be sued for putting a detailed account of felonies on your webpage. The only way to be lawsuit-proof is to die, and even then, your estate can be sued.
- If I tell you "hey, I wrote this, and I'm giving it to you for free without any reciprocation from you, but I'm not making any guarantees it'll work," that's a boatload different in the eyes of the law from me telling you "hey, I wrote this, and for $10,000 and the souls of your children I'll let you use it, but I'm not making any guarantees it'll work".
Have you ever heard of Good Samaritan laws? Some state legislatures got tired of hearing of frivolous lawsuits filed against people who came onto the scene of an accident, gave emergency care in good faith and for no cost at all, only to have the person whose life they saved turn around and slap them with a malpractice suit. This was considered to be so beyond the pale that both the courts, via common law, and the legislatures, via statute law, moved to smack it down.So this entire "software needs to be without liability, because otherwise we could be sued!" is nonsense. We can already be sued. What can't happen, at least assuming EULAs are valid and we're all using a EULA that disclaims liability, is we can't be sued successfully. And even if EULAs are held invalid and software liability becomes the rule, we're still not likely to be sued. Read on.
If software finally becomes subject to the same requirements of any other manufactured good, we're going to see commercial software companies (like Microsoft, Oracle, Red Hat, Novell, etc.) spending a lot of money doing bughunting, bugfixing, and documenting failures; and we're going to see both common and statute law exempting no- or low-cost free software from software liability.
U.S. reactors literally cannot go Chernobyl in the event of failure.
Even Chernobyl wouldn't have gone Chernobyl if the stupid bastards running the plant hadn't disabled all the safeties and forced it into that state.
Link above is from a Google search so here's the cache link as well.
I misread "inbox" as "XBox". Call it preminition.
Bullshit again. Where's their signature? Where's mine? What is the term of the license and how do I renew it or cancel it? Which company appointed agent negotiated the terms of the license with me?
When you buy a copy of Windows, that exactly what you do under the law as it stands. Software vendors have not quite managed to change that yet so they just pretend they have in the worthless EULA's that they produce.
no doubt some aren't, but they've not been tested in court any more than the GPL ever has been
The GPL's been tested millions of times in courts: it's called copyright. That's the crucial difference between, for example, MS's EULA and the GPL - the GPL gives you MORE rights while MS is trying to get you to sign AWAY rights (without signing). That's a huge difference when it comes to court. You don't have to sign something to agree to having more rights!
If you don't understand the license and click "I agree" anyway, that's your problem.
No it's not. If I have to yodel to get MY software to install then that's what I'll do. If I have to press a button marked "I Agree" then I'll do that too. Makes no odds: I still own the program just as much as I own my toaster. If the seller thinks that their pseudo-legal claptrap binds me any tighter than copyright law, then that's their problem.
TWW
"Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
Open source advocates need to think long and hard before lobbying for legislative action aimed at Microsoft. The mandate of a lemon law is unlikely to be constrained to only Microsoft.
Any legislation mandating performance and security standards for software, or allowing its users to bring suit against the people that developed and distribute it, will likely be aimed at open source, as well as other non-MS commercial products. (If not intially, certainly rather soon. A lemon law targetting only MS is no more likely than a lemon law targetting only General Motors.)
Bottom line, then: If users can sue Microsoft, they can sue open source developers, too.
-- Slashdot: When Public Access TV Says "No"