Slashdot Mirror
Woman Wins $10,000 Lawsuit Against Microsoft Over Windows 10 Upgrades (seattletimes.com)
An anonymous reader shares this story from the Seattle Times:
A few days after Microsoft released Windows 10 to the public last year, Teri Goldstein's computer started trying to download and install the new operating system. The update, which she says she didn't authorize, failed. Instead, the computer she uses to run her Sausalito, California, travel-agency business slowed to a crawl. It would crash, she says, and be unusable for days at a time. "I had never heard of Windows 10," Goldstein said. "Nobody ever asked me if I wanted to update."
When outreach to Microsoft's customer support didn't fix the issue, Goldstein took the software giant to court, seeking compensation for lost wages and the cost of a new computer. She won. Last month, Microsoft dropped an appeal and Goldstein collected a $10,000 judgment from the company.
Microsoft denies any wrongdoing, and says they only halted their appeal to avoid the cost of further litigation.
When outreach to Microsoft's customer support didn't fix the issue, Goldstein took the software giant to court, seeking compensation for lost wages and the cost of a new computer. She won. Last month, Microsoft dropped an appeal and Goldstein collected a $10,000 judgment from the company.
Microsoft denies any wrongdoing, and says they only halted their appeal to avoid the cost of further litigation.
"to avoid the cost of further litigation."
Billion dollar company.
My guess is now a lot of people are going to be suing MS over this. While they deny they did any wrong doing, the court saw it otherwise.
Be seeing you...
While I completly understand that woman and I think she she is completely right being pissed, the problem is that the whole point of automatic updates is to keep those users up to date who otherwise would go "I had never heard of security updates and no one ever asked my if I want those updates". And it's those people who would sue if updates would not happen automatically and they are hacked due to not using the latest patches. Then, all of a sudden, it's "Microsoft should have done this automatically. They have proven that they can do it before" again.
bickerdyke
...then the forced upgrades ought to be worth at least that.
Not a couple of weeks ago, I got a card in the mail saying there had been some kind of settlement over front loading washing machines. I went to the web site, clicked some options (it seemed legit; they asked for no personal information, and you had to enter two validation codes from the card) and it seems I'm to get $50 for some defect or other related to mold and my washing machine, a machine which never stopped working and I still use (there is some mold on the door seal, I just wipe it off periodically, other than that it cleans just fine).
If my desktop computer which worked acceptably began downloading a new operating system and then quit working right after, shouldn't I be entitled at least $50 in a class action? My guess is Microsoft didn't quit this lawsuit because it just didn't feel like litigating that day, they did to halt the contagion of a precedent of four or five figure legal decisions over their Win 10 upgrade.
For a lot of use cases, it's not hard to see high costs: new machine, new application version(s) to be installed, data migrated, loss of use, $10k isn't entirely out of range in many business use cases.
I just kind of hope MS ends up with one of those disclaimers in their financial report explaining how they are setting aside $500 million to handle lawsuits resulting from their forced and negligent forced upgrades.
"Microsoft denies any wrongdoing, and says they only halted their appeal to avoid the cost of further litigation." MS has some deep pockets. Their given reason makes no sense. They could outspend any litigant.
As an IT company who has repaired literally hundreds of failed updates, as well as failed roll backs to the previous operation system (using Microsoft's own "revert me to my previous operation system" restore option, which had maybe a 60% success rate), the cost to consumers has likely been staggering in the aggregate.
While profitable to my company, I can't help but feel like there needs to be a very quick verdict against Microsoft, ruling several hundred dollars to anyone who can show (Via invoice or other means) that they had to pay money to repair the damage/inconvenience Microsoft directly caused as a result of their underhanded tactics to upgrade the world to Windows 10.
If this were a mistake made by some fledgling software company it might be excusable as an oversight, but this is a many decades old software company, with many legal experiences under their belt... this should never have happened and there should be actual repercussions.
I wasted about 20 hrs trying to prevent that crap from destroying my business. At $200/hr, can I sue?
Of course you can. In the US, you can sue anyone for any reason. If you can't find a lawyer to take up your case, you can always go pro se and represent yourself.
Whether you'll prevail and get any sort of a settlement is an entirely different question.
If a few thousand other people who have similarly suffered also sued Microsoft it would send a message. Money talks. Publicity talks. Rinse and repeat and these kinds of things will no longer happen.
A business person makes choices based on finances. Also, time costs money.
If buying a new computer (with any Windows version), and having the company data moved over, costs less than the labor of reinstalling Windows 7 on the current computer, buy a new computer. If this solution also takes half the time, it is an even better financial decision.
If you think I voted for Trump because of this post, you're wrong. I voted for Dr. Jill Stein of the Green Party. Again.
It's also possible that the machine was reasonably old and that while the value of a new computer was not sufficiently better than the value of the system in operation (before it broke) to justify a purchase, it is now, when making the old system work is probably as expensive in terms of time invested as is setting up the new machine. So you get value both from newer hardware *and* saved time.
Ezekiel 23:20
This business you have... does it not run at least a server with a domain? I wouldn't expect Enterprise Windows but anything business-critical I'd expect a server, backups, etc. even if not full redundancy.
Then, it's just a matter of joining the domain and never seeing the upgrades.
This is a site for IT, still, yes?
> by abusing the automatic update process (and doing their best to prevent users from keeping it disabled) Microsoft is being hugely irresponsible and endangering the security of users' systems.
Security is concerned with three things: Confidentiality, Integrity, and Availability (CIA). Those initials are used in the first few pages of any introductory security curriculum. You should have learned at least that much in your annual "Computer Security and You" training video.
The unauthorized Win10 installation risks the Integrity of the users' data and its Availability. Because it includes spyware, it definitely damages the Confidentiality. It doesn't just "endanger the security", it absolutely damages the security by damaging confidentiality. It is the OPPOSITE of the goals that security people strive for, the opposite of a security update.
> There's a problem with IT security in general in that those responsible treat security as an end in itself, and never weigh the benefits of their security measures against the potential loss and disruption caused by the "security measures" themselves.
Fuck you for trying to blame this malware on "IT security people". It's precisely the opposite of eveything we do.
With this kind of logic, no damage above popping in last nights backup and hit the restore button should ever be awarded.
bickerdyke
Trying to roll back the existing non-functional computer computer and get it working right again also has an unknown outcome, involves an unknown amount of downtime, and unknown total cost. Telling her customers "I can take care of you in two hours, after my new computer is set up" is definitely less costly to her business than telling them "I don't know when I'll be able to get back to you. My computer is in the shop. Maybe it'll be fixed today, maybe tomorrow, maybe Wednesday".
No, she probably clicked the "upgrade later" button because it was the one closer to her intent. Had there been a "I don't want this fucking upgrade" button like Microsoft should have supplied, then there most likely wouldn't have been a lawsuit.
Dipshit fanboi.
Windows 10 has absolutely no business being characterized as a 'security update,' not only because the scope is way too big for that but because it reduces security!
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
The small business customers like this case may have a daily backup of their financial data (Quickbooks), but not necessarliy a full system backup to revert the whole operating system with all installed drivers, network configurations, and all programs including email (Outlook), and customer data.
It is easier to bring in a new system, install the programs, migrate the data over, and start working.
If you think I voted for Trump because of this post, you're wrong. I voted for Dr. Jill Stein of the Green Party. Again.
Increase of settlement and admittance of wrongdoing would be adequate for me getting bugged daily on this crap!
...windows 7 made damn sure you were aware of the pending windows 10 upgrade...
Presuming she knew what a "Windows 10" was.
.
She stated she never heard of Windows 10, so even if there were one of Microsoft misleading prompts, if she didn't know what Windows 10 was and just click the "X" to dismiss the dialog box, she would have gotten Windows 10 installed.
Once Microsoft started to use malware tactics to trick customers into installing Windows 10, lawsuits such as this one were the obvious end result.
Excect to see more. (especially since Microsoft didn't appeal because, imo, they had nothing to stand on because of their tactics in this matter)
This is a site for IT, still, yes?
A site for many things. And sometimes people with small businesses, that might not come with an IT department and servers.
I think the major element in the whole discussion is that Microsoft has now become a malware vendor, and the OS has many locked into getting the malware, as well as W7 users getting forced updates. And since not everyone is behind a server farm or have a team of IT people protecting them, It is a little strange to try to say that a forced update that bricks the user's computer is their own fault.
So stop it! Stop with the idea that everything Microsoft does is fscking awesome and without fail, and that all problems are the users. It is hard to argue that a small business owner or home computer system is at fault for their system operating one day, then bricked the next.
And even if we do accept that all problems are the users fault, it makes the OS a bit less desirable.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
"update" != "upgrade". She complained about an upgrade. You Googled why you should update.
Yup, calling bullshit right there, windows 7 made damn sure you were aware of the pending windows 10 upgrade, so the fact that you are even saying that tells me 100% you clicked install now because you thought you'd get a settlement and you did.
Maybe. Or maybe it happened the way it almost happened to me. One day I was about to shut down my Win7 laptop when I noticed the little yellow flag in the "Shut down" button that means, "I'm going to apply updates that I haven't told you about before I shut down." Since I don't like to apply unknown updates, I aborted the shutdown and looked at the updates (Control Panel | Windows Update). There it was - an unsolicited upgrade to Windows 10. I unchecked the box and changed my update settings to "Let me know when updates are available." If I hadn't noticed that little yellow flag, I would have received an unwanted and potentially disastrous update.
Trying to roll back the existing non-functional computer computer and get it working right again also has an unknown outcome, involves an unknown amount of downtime, and unknown total cost. Telling her customers "I can take care of you in two hours, after my new computer is set up" is definitely less costly to her business than telling them "I don't know when I'll be able to get back to you. My computer is in the shop. Maybe it'll be fixed today, maybe tomorrow, maybe Wednesday".
Sounds like a pretty good business plan for the manufacturers and Microsoft. Fuck someone's computer up, and if they don't buy a new one, its their own damn fault.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
I shouldn't be by now, but I'm still amazed at the number of small businesses out there who don't do any kind of backups, have a computer over 5 years old running an unpatched version of a "Home" version of Windows with expired or out of date AV. It doesn't cost that much more to do it right.
Fuck you.
The current attitude of Microsoft towards Win10 is that it's designed to "satisfy" two types of users: massive corporate IT deployments, and clueless home users.
The majority of the rest of us (sorry, not prepared to make up stats to support my claim with a metric) that work in small (1-20 users?) companies or make and sell small-volume products based on "Windows" are all royally fucked by the new policy.
But that's OK, the cost of managing a domain server is now part of the cost of using Windows, which makes TCO much higher and Linux and OSX/macOS a much more attractive proposition.
Good work Microsoft.
Fuck off Microsoft shill!!
Fuck off Microsoft shill!!!
Having personally witnessed that it is entirely possible to upgrade a windows machine to windows 10 without a single incident, and also entirely possible (and easy) to disable all of the metrics and info that the software wants to send about you, I am thinking that these stories that we hear about Windows 10 and how awful it is are overblown.
It is often the case that we only hear about it when things go wrong, and so it is perhaps that we are led to conclude that this is the general state of affairs, but so few people report when things go right that we cannot make a meaningful and objective evaluation without trying it for ourselves.
Windows 10 is not anywhere nearly as bad as what these stories paint it to be. While it's true that by default it does want to do certain things that no sane person would want in a desktop OS, these things are actually extremely easy to disable... even at installation time, if you decide to not use the express settings.
File under 'M' for 'Manic ranting'
But it happened anyway. When will these grinning show offs be introduced to the Criminal Correction System? Of course one does wonder what types of Correction are taught there.
Apparently the court system disagrees.
If you think I voted for Trump because of this post, you're wrong. I voted for Dr. Jill Stein of the Green Party. Again.
Microsoft made nearly $100,000,000,000 last year. It's the equivalent of someone who makes $50,000 a year spending 50 cents.
There's no point in tying up legal resources over such a small amount when you've secured a cheap settlement and no acknowledgement of any wrongdoing.
Small claims court is an excellent way of extracting a "Pound of Flesh" without giving a lawyer one damn cent. If more people started doing this, Microsoft would have a real problem on their hands, and would be forced get electronic signatures to a EULA and include Binding Arbitration in that EULA.
Ford execs decided it was cheaper to let people burn, and pay the cost in court, than it was to fix the issue.
The memo cost them a lot of goodwill, but they are still around.
MS is probably looking that memo over right now thinking the same thing.
Cost to pay pissed off citizens is cheaper than fixing Win10, so....
So rise up, all ye lost ones, as one, we'll claw the clouds.
You sound blisteringly incompetent.
No doubt. And Joe Blow at thte corner gas who uses QuickBooks to run his business has an awesome server farm out back. And 5 IT people and a compsec guy as well. Because if you don't, and Microsoft fucks your computer up - it's your fault.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
So what?
it's not the point of a court to make someone agree with them. Of course it's their rulings that are binding for everyone, but accepting a ruling and agreeing with it are two different things.
On the other hand I absolutely see that both sides in this case had valid points and that awarding damages above the actual damage is in line with your concept of "punitive damages"
bickerdyke
Microsoft obvious does not understand one extortion invites another. For a company that inflicts the very same on others regularly, its naivete is surprising. The IBM feeds its Nazgûls well for a reason, so soon after failing to learn that very lesson in the SCO affairs is a mistake that reflects poorly on Microsoft management.
ELOI, ELOI, LAMA SABACHTHANI!?
> Seeking compensation for lost wages and the cost of a new computer
And the new computer will come with... Windows 10.
GG
Joining a domain does not on its own disable those updates.
I have worked for several small companies (5 - 20 people). Not a single one has a Windows Domain Controller as that would require someone to manage and maintain it, and that is money better spent elsewhere. I take it you have never worked for a small company or started a company of your own, then?
This is a site for people without blinders on, yes?
Did you know you can have servers and backups that don't run Windows (tm) and just have Windows installed on users desktops. Coupled with a small company this means a domain is expense that is not warranted.
This is a site for IT, still, yes?
Apparently Microsoft need to be reminded yet again that the customer comes first.
Not to mention get it out of the news faster.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
> I work in the public sector
Regulations implementing the Computer Security Act of 1987 now require (almost?) all federal employees to receive annual computer security training. I guess you work for a state government rather than federal, unless your agency isn't complying with the law. Or you slept through the training and forgot all about it.
Except Windows 10 is not a security update: the computer in question had Windows 7, which is still in extended support and will still get "proper" security updates until 2020.
Yes, Windows 7 will get security updates in the form of patches that correct already known defects. Bandaids, in some sense.
Windows 10 has a list of actual security improvements, not just bandaids. Better ASLR and DEP, better support of harddrive encryption, more secure default browser, and other goodies. Microsoft maintains a page of Windows 10 security improvements over Windows 7/8. In theory, Windows 10's features mean a reduced attack surface. Maybe it still has issues but it is certainly more hardened than Windows 7 in general.
I'm sympathetic to both sides. I don't like things being pushed on people; it's their right to decide what to do with their own property, and maybe they have special needs that require an older version of Windows (some mission-critical software is known to have bugs on 10 for example).
But I also know that Microsoft is trying to improve the security of its products and the Internet as a whole by trying to get everyone updated. They don't want Windows 7 to be a repeat of people clinging to Windows XP, clinging to old technologies that are broken when new tech/implementations are available to prevent security problems. Not just security, but also think features: new protocols might be developed that weren't supported in the old OS, and so until majority of the Internet moves on, that protocol can't be rolled out. Many computer users are pretty clueless and need automatic updates for that reason, or they'll never do it themselves, and bring down the security of the Internet as a whole. Of course, it doesn't help that Microsoft's marketing team wants to take advantage of the security updates by also collecting info and all that stuff.
I hope we can find a good balance between the competing interests soon.
Microsoft denies any wrongdoing, and says they only halted their appeal to avoid the cost of further litigation.
If further litigation was to become that expensive, it's "only" because their case wasn't terribly strong to begin with.
Implied corollary: If continuing to litigate was cost-free in all dimensions, we'd never drop an appeal voluntarily—only that patently isn't true, either, unless "cost free" includes a get-out-of-adverse-precedent free card.
Net translation:
It's quite simple (and, yes, I've started my own business, been self-employed, and started up the IT in and supported dozens of schools and other places - tuition centres with 4 kids, charities, etc. - from zero or one computer to 1000+ computers over the last 15 years).
You can manage your computers. Or not.
If you want to have a home PC run your business, that's ALWAYS been the price you pay. You don't get domain joining, which means no user management, no RDP, no Bitlocker, no Hyper-V and a million and one other things.
That's fine for a shop which only needs one PC. Or a single user. Or a guy working from home.
But the second you move from "guy working from home" (in whatever sense) to "business involving > 1 people", it's quickly limiting.
If the machine is that critical that you can't afford for Windows 10 to upgrade you willy-nilly and without consent, you need to manage it. How you do that is up to you.
Hire a consultant to set it up once for you and then just forget it, adding a user once in a blue moon and not caring about permissions. Set up file sharing and one-click backups from one of those external hard drives. Whatever. But it's not a managed system. And when something upgrades or breaks, precisely because you don't have an IT guy - even a once-a-month or one-off-visit guy - you're going to be screwed.
That's a choice a lot of places take. Hell, I've seen SCHOOLS managed like that (usually not for very long, I used to specialise in "recoup" recovery and support for schools after disasters, staff losses, budget cuts, etc. - I literally would take on schools with "zero" in the IT budget except my fee [so no new machines, no buying expensive software to solve the problem, etc.] and if I didn't save you at least as much as my fee cost, by setting things up properly, sorting out your licensing, providing free alternatives, etc. over the first year, I would lower the prices to the point that I did. I never once had to lower the prices, and never had a customer argue about it).
But if you're using unmanaged computers, they are unmanaged. You're always going to have this, and have had this in the past. It doesn't matter the OS, the hardware or the setup, you're using unmanaged systems. Running your business like this is no different if it's Windows 10 Home or Windows 95, let's be honest.
A managed system of any size, and I've dealt with schools with 40 pupils and one computer that did everything (including Terminal Services for the kids thin-clients on the same machine as the admin, finance, etc. for the entire school), requires a domain or similar construct to do the simplest of things (like allow a user to log in at two different places and get the same settings). I've seen domains with literally 2 client computers and 5 users. And I'm talking precisely about things like solicitor's offices (those people can REALLY afford a proper IT setup given their data retention obligations and the importance of their access to email, law archive sites, etc.), family businesses, the guy with a single shopfront, etc.
If your system is unmanaged, then you either have to manage it yourself (i.e. install the utilities that block the 10 upgrades), or get someone to do that for you. No matter the OS (I've deployed LikeWise Open and Samba domains, too, it's not hard) or number of computers.
Would you have a telephone in a business that you didn't know how to operate and/or that no-one would come out to fix for you if it broke? Then why do the same for your accounting, your stock control, your stock ordering, your customer emails, etc.? Whether that's a one-page spreadsheet and a copy of Chrome or a full install of Sage or whatever, the principle is the same. Get support (manage your machines!) or do it yourself, or suffer.
If it's honestly not important enough to backup properly, have someone else have a login (if you're ill or whatever), or do things like put a firewall between it and the Internet, then sure, you're unmanaged for a r
What happened to the funny and sometimes even insightful slashdot of old? Several hundred comments so far, and the word "liability" does not appear once? Well, I'll spare you the long rant about the devolution of slashdot and just make the obvious comment about how Microsoft works:
MS = innovative financial models, NOT innovative software. GREAT money. Good software? Not so much.
The financial innovation that this article is about involves liability evasion. You youngsters may not believe me, but there used to be times when a company could be held legally liable for egregious mistakes that hurt the customers. Microsoft isn't the only anti-liability innovator, but the EULA was a major breakthrough and completely distorted Microsoft's developmental priorities. Security? Why worry? Whatever goes wrong, Microsoft has NO liability.
Actually, I don't even know what I'm talking about. I'm virtually certain I never read the entire EULA in any of it's cursed incarnations. More power to you if you have, but I have read enough EULA stuff so that I am unable to imagine the grounds of this nuisance lawsuit and amazed that Microsoft was willing to pay any money to make it go away. I hope that the precedent is going to come back and haunt them.
Not betting on it. I am certain that the newest diabolical incarnation of the EULA has several pages of disclaimers covering upgrades, and you retroactively accepted it when your firstborn child got ahold of the software and gnawed a hole in the shrinkwrap with his or her first tooth.
I could mention a few other anti-software-quality innovations that have helped make Microsoft the "success" it supposedly is. There was a time I would even have been motivated by the hope slashdot mattered.
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
So was the new computer she got running Windows 10 then?
What you're talking about raises the cost of a PC considerably. You're talking about reasonably frequent competent management by people who will keep up with things enough to know to stop a Windows 10 update, despite whatever Microsoft does. The update is unexpected. You may monitor the pressure in your tires, and keep them inflated, which is proper management, but you may not expect your tire vendor to send people out at night to swap your tires for some other model.
What you're talking about is a significant recurring expense, to remove the possibility of mishap. Most business owners won't have multi-thousand-dollar problems develop like that, so the insurance of competent maintenance is pretty expensive for what they get. As long as they keep backups, most problems will be solvable fairly fast.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Teri Goldstein has spoken out. She says she now has a class action suit underway against Microsoft in the US and Canada. This is likely to be the first of many such cases: "Microsoft needed to be held accountable for its negligence regarding the forced Windows 10 upgrade which rendered many user’s computers useless. Microsoft cannot just say read our User agreement form, we hold no responsibility, you cannot sue us and go away." http://betanews.com/2016/06/27...
You have a point. Certainly many CIOs and also a previous generation of security people have thought of security only in terms of confidentiality. These people have been educated in general IT or computer science, or in some cases have less relevant degrees like electrical engineering, but very rarely do they have a degree in Information Security. So many of them make very bad security decisions, and their decisions focused on confidentiality, which is only one of the three legs of security.
Now companies are STARTING to hire dedicated CSOs and career security people. The first class of information security graduates are getting their degrees right now. These people should understand that availabilty (you can do your work) and integrity (you can trust the results) are just as important. Here's my definition of Information Security, which I think nicely sums up current thinking by this new generation of specialists:
A secure system is one which continues to function correctly, even while under attack.
The comma is important - it suggests that systems which funftion correctly while under attack ALSO function correctly while not under attack. Security implies no blue screen, no error #84c73a2946de93. "A bad guy can't break the system" means that a good guy can't accidentally break it either, the system keeps working correctly for you.
If I had points, I'd mod that up.
Why UNIX?
Microsoft wants to be the all-powerful monopoly, but doesn't want to answer for damaging anybody else's businesses while doing so!