Slashdot Mirror
Woman Wins $10,000 Lawsuit Against Microsoft Over Windows 10 Upgrades (seattletimes.com)
An anonymous reader shares this story from the Seattle Times:
A few days after Microsoft released Windows 10 to the public last year, Teri Goldstein's computer started trying to download and install the new operating system. The update, which she says she didn't authorize, failed. Instead, the computer she uses to run her Sausalito, California, travel-agency business slowed to a crawl. It would crash, she says, and be unusable for days at a time. "I had never heard of Windows 10," Goldstein said. "Nobody ever asked me if I wanted to update."
When outreach to Microsoft's customer support didn't fix the issue, Goldstein took the software giant to court, seeking compensation for lost wages and the cost of a new computer. She won. Last month, Microsoft dropped an appeal and Goldstein collected a $10,000 judgment from the company.
Microsoft denies any wrongdoing, and says they only halted their appeal to avoid the cost of further litigation.
When outreach to Microsoft's customer support didn't fix the issue, Goldstein took the software giant to court, seeking compensation for lost wages and the cost of a new computer. She won. Last month, Microsoft dropped an appeal and Goldstein collected a $10,000 judgment from the company.
Microsoft denies any wrongdoing, and says they only halted their appeal to avoid the cost of further litigation.
My guess is now a lot of people are going to be suing MS over this. While they deny they did any wrong doing, the court saw it otherwise.
Be seeing you...
...then the forced upgrades ought to be worth at least that.
Not a couple of weeks ago, I got a card in the mail saying there had been some kind of settlement over front loading washing machines. I went to the web site, clicked some options (it seemed legit; they asked for no personal information, and you had to enter two validation codes from the card) and it seems I'm to get $50 for some defect or other related to mold and my washing machine, a machine which never stopped working and I still use (there is some mold on the door seal, I just wipe it off periodically, other than that it cleans just fine).
If my desktop computer which worked acceptably began downloading a new operating system and then quit working right after, shouldn't I be entitled at least $50 in a class action? My guess is Microsoft didn't quit this lawsuit because it just didn't feel like litigating that day, they did to halt the contagion of a precedent of four or five figure legal decisions over their Win 10 upgrade.
For a lot of use cases, it's not hard to see high costs: new machine, new application version(s) to be installed, data migrated, loss of use, $10k isn't entirely out of range in many business use cases.
I just kind of hope MS ends up with one of those disclaimers in their financial report explaining how they are setting aside $500 million to handle lawsuits resulting from their forced and negligent forced upgrades.
"Microsoft denies any wrongdoing, and says they only halted their appeal to avoid the cost of further litigation." MS has some deep pockets. Their given reason makes no sense. They could outspend any litigant.
As an IT company who has repaired literally hundreds of failed updates, as well as failed roll backs to the previous operation system (using Microsoft's own "revert me to my previous operation system" restore option, which had maybe a 60% success rate), the cost to consumers has likely been staggering in the aggregate.
While profitable to my company, I can't help but feel like there needs to be a very quick verdict against Microsoft, ruling several hundred dollars to anyone who can show (Via invoice or other means) that they had to pay money to repair the damage/inconvenience Microsoft directly caused as a result of their underhanded tactics to upgrade the world to Windows 10.
If this were a mistake made by some fledgling software company it might be excusable as an oversight, but this is a many decades old software company, with many legal experiences under their belt... this should never have happened and there should be actual repercussions.
What does one have to do with the other? If [cost of litigation] + [probabilit of losing] * $10.000 is greater than $10,000 then you obviously just pay the $10,000. Other than the case where $10,000 will bankrupt the company (in which case litigate since who cares about another debtor) the valuation of the company is irrelevant.
Of course there's also the "how many other people will try this" factor but again losing an appeal increases that risk so keeping on going isn't necessarily the best choice there either.
There's a huge difference though between providing a security update when an obscure bug, buffer overflow, or some other specific vulnerability is fixed, and an entire OS upgrade is relentlessly, essentially forced on the user.
I wasted about 20 hrs trying to prevent that crap from destroying my business. At $200/hr, can I sue?
Of course you can. In the US, you can sue anyone for any reason. If you can't find a lawyer to take up your case, you can always go pro se and represent yourself.
Whether you'll prevail and get any sort of a settlement is an entirely different question.
I had two immediate reactions to the summary. The first was that Microsoft got what they deserved, so what you posted is an interesting correction to that.
The second was that I'd need some really persuasive evidence before I believe that Microsoft "only halted their appeal to avoid the cost of further litigation". My immediate assumption was that they were worried that a court judgment against them would open them to many similar claims, and considered 10,000usd a cheap way to reduce that possibility. (On the other hand, they rolled over on this, so maybe others should try sueing them in similar circumstances?)
Question: if Steve Ballmer had been in charge, would Microsoft have dropped the appeal?
If a few thousand other people who have similarly suffered also sued Microsoft it would send a message. Money talks. Publicity talks. Rinse and repeat and these kinds of things will no longer happen.
Except Windows 10 is not a security update: the computer in question had Windows 7, which is still in extended support and will still get "proper" security updates until 2020.
A business person makes choices based on finances. Also, time costs money.
If buying a new computer (with any Windows version), and having the company data moved over, costs less than the labor of reinstalling Windows 7 on the current computer, buy a new computer. If this solution also takes half the time, it is an even better financial decision.
If you think I voted for Trump because of this post, you're wrong. I voted for Dr. Jill Stein of the Green Party. Again.
My immediate assumption was that they were worried that a court judgment against them would open them to many similar claims
Read it again. She won the court case. MS appealed, and then dropped the appeal.
It's also possible that the machine was reasonably old and that while the value of a new computer was not sufficiently better than the value of the system in operation (before it broke) to justify a purchase, it is now, when making the old system work is probably as expensive in terms of time invested as is setting up the new machine. So you get value both from newer hardware *and* saved time.
Ezekiel 23:20
the problem is that the whole point of automatic updates is to keep those users up to date who otherwise would go "I had never heard of security updates and no one ever asked my if I want those updates".
...and you've demonstrated the issue right there by conflating "updates" and "security updates".
Last time I looked, although XP may be risky, using a properly patched Win 7 or 8 isn't a significant security risk, whereas installing any significant OS upgrade without proper testing, planning and backup is an unacceptable risk for people using their system for anything more serious than Minesweeper. Automatic updates should be reserved for urgent security updates of the "imminent remote pwnage" kind - anything less should be advisory & accompanied by warnings to back up and schedule the update for a 'quiet' time.
So, yeah, by abusing the automatic update process (and doing their best to prevent users from keeping it disabled) Microsoft is being hugely irresponsible and endangering the security of users' systems.
There's a problem with IT security in general in that those responsible treat security as an end in itself, and never weigh the benefits of their security measures against the potential loss and disruption caused by the "security measures" themselves. I'm not saying people should be complacent - just prioritize a bit.
(Plus, I really wish I could explain to the IT people at my employer why they shouldn't make their warning emails about phishing attacks look exactly like the sort of phishing attacks that they are warning against...)
In a survey of 100 programmers, 111111 thought that duck-typing was a good idea.
Even a billion dollar company has to justify wasteful decisions to its shareholders.
This business you have... does it not run at least a server with a domain? I wouldn't expect Enterprise Windows but anything business-critical I'd expect a server, backups, etc. even if not full redundancy.
Then, it's just a matter of joining the domain and never seeing the upgrades.
This is a site for IT, still, yes?
There's a huge difference between a security update to keep people safe on their supported copy of Windows, and forcing an upgrade from one still-supported operating system to an entirely different supported operating system.
That's not for the benefit of the users, or the people attacked by botnets. It's literally just a marketing ploy to say how high Windows 10 deployments are.
They could have pushed the SECURITY patches that Windows 7/8/8.1 has issued for it and FORCED those - much fewer people would have cared because it would have broken much less.
Pretty much every software supplier I deal with was caught off-guard and asked us to stop Windows 10 deployment until they could support it. We were doing that anyway, but to suddenly jump OS is not the same as making sure people patch that obvious Windows flaw that's had a security patch out for EVERY version of Windows.
Even a billion dollar company has to justify wasteful decisions to its shareholders.
*cough* apple new campus *cough*
lucm, indeed.
you still think its a campus...
It's a freaking space relay when finished it will fire a beam of energy into space to carry Jobs essence back to his homeworld.
Do not look at laser with remaining good eye.
> by abusing the automatic update process (and doing their best to prevent users from keeping it disabled) Microsoft is being hugely irresponsible and endangering the security of users' systems.
Security is concerned with three things: Confidentiality, Integrity, and Availability (CIA). Those initials are used in the first few pages of any introductory security curriculum. You should have learned at least that much in your annual "Computer Security and You" training video.
The unauthorized Win10 installation risks the Integrity of the users' data and its Availability. Because it includes spyware, it definitely damages the Confidentiality. It doesn't just "endanger the security", it absolutely damages the security by damaging confidentiality. It is the OPPOSITE of the goals that security people strive for, the opposite of a security update.
> There's a problem with IT security in general in that those responsible treat security as an end in itself, and never weigh the benefits of their security measures against the potential loss and disruption caused by the "security measures" themselves.
Fuck you for trying to blame this malware on "IT security people". It's precisely the opposite of eveything we do.
ms has fucked up it
Truer words were never spoken.
Trying to roll back the existing non-functional computer computer and get it working right again also has an unknown outcome, involves an unknown amount of downtime, and unknown total cost. Telling her customers "I can take care of you in two hours, after my new computer is set up" is definitely less costly to her business than telling them "I don't know when I'll be able to get back to you. My computer is in the shop. Maybe it'll be fixed today, maybe tomorrow, maybe Wednesday".
No, she probably clicked the "upgrade later" button because it was the one closer to her intent. Had there been a "I don't want this fucking upgrade" button like Microsoft should have supplied, then there most likely wouldn't have been a lawsuit.
Dipshit fanboi.
What does one have to do with the other? If [cost of litigation] + [probabilit of losing] * $10.000 is greater than $10,000 then you obviously just pay the $10,000. Other than the case where $10,000 will bankrupt the company (in which case litigate since who cares about another debtor) the valuation of the company is irrelevant.
Of course there's also the "how many other people will try this" factor but again losing an appeal increases that risk so keeping on going isn't necessarily the best choice there either.
Regarding your math here, the courts have essentially made any attempt at a defense or dismissal ultimately not worth the time or money, unless you quite literally have money to burn. Fighting a traffic ticket is almost always not worth it even if you were falsely accused, which the end result is essentially a system that stops no government at any level from running amok in order to generate "revenue".
Anyone still labeling it a "justice" system should be slapped repeatedly.
Windows 10 has absolutely no business being characterized as a 'security update,' not only because the scope is way too big for that but because it reduces security!
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
...Syria?
Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
Foggier words were never spoken.
I come here for the love
The "cost of further litigation" includes what would happen if they appealed and the appeals court found in the plaintiff's favor. Then the generic argument becomes fairly bullet-proof - anyone going to court with that argument is going to win.
It would unleash thousands of cookie-cutter pro-se and cheap-lawyer lawsuits, which they seriously don't want.
They don't have to worry about me, though. I've been MickeySoft free for almost 20 years. I have nobody to sue.
--
BMO
whole point of automatic updates is to keep those users up to date
And her purchase with Microsoft gives her an up-to-date Windows 7 until January 14, 2020 with no software incompatibilities to worry about. No need to update to Windows 10 to be secure and up to date.
This is a site for IT, still, yes?
A site for many things. And sometimes people with small businesses, that might not come with an IT department and servers.
I think the major element in the whole discussion is that Microsoft has now become a malware vendor, and the OS has many locked into getting the malware, as well as W7 users getting forced updates. And since not everyone is behind a server farm or have a team of IT people protecting them, It is a little strange to try to say that a forced update that bricks the user's computer is their own fault.
So stop it! Stop with the idea that everything Microsoft does is fscking awesome and without fail, and that all problems are the users. It is hard to argue that a small business owner or home computer system is at fault for their system operating one day, then bricked the next.
And even if we do accept that all problems are the users fault, it makes the OS a bit less desirable.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
Yup, calling bullshit right there, windows 7 made damn sure you were aware of the pending windows 10 upgrade, so the fact that you are even saying that tells me 100% you clicked install now because you thought you'd get a settlement and you did.
Maybe. Or maybe it happened the way it almost happened to me. One day I was about to shut down my Win7 laptop when I noticed the little yellow flag in the "Shut down" button that means, "I'm going to apply updates that I haven't told you about before I shut down." Since I don't like to apply unknown updates, I aborted the shutdown and looked at the updates (Control Panel | Windows Update). There it was - an unsolicited upgrade to Windows 10. I unchecked the box and changed my update settings to "Let me know when updates are available." If I hadn't noticed that little yellow flag, I would have received an unwanted and potentially disastrous update.
>They're never going to get that trust back. Ever.
Sounds like there's no downside for Microsoft then - nobody has trusted them for years anyway.
--- Most topics have many sides worth arguing, allow me to take one opposite you.
Having personally witnessed that it is entirely possible to upgrade a windows machine to windows 10 without a single incident, and also entirely possible (and easy) to disable all of the metrics and info that the software wants to send about you, I am thinking that these stories that we hear about Windows 10 and how awful it is are overblown.
It is often the case that we only hear about it when things go wrong, and so it is perhaps that we are led to conclude that this is the general state of affairs, but so few people report when things go right that we cannot make a meaningful and objective evaluation without trying it for ourselves.
Windows 10 is not anywhere nearly as bad as what these stories paint it to be. While it's true that by default it does want to do certain things that no sane person would want in a desktop OS, these things are actually extremely easy to disable... even at installation time, if you decide to not use the express settings.
File under 'M' for 'Manic ranting'
imagibe some company
It's easy if you try
My ism, it's full of beliefs.
How silly. It is a Scientific and Technological Advanced Research laboratory particle accelerator, and its mission is to re-establish the reality distortion field.
That and Tim Cook hopes it can give the next iPhone super speed.
All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
Microsoft made nearly $100,000,000,000 last year. It's the equivalent of someone who makes $50,000 a year spending 50 cents.
There's no point in tying up legal resources over such a small amount when you've secured a cheap settlement and no acknowledgement of any wrongdoing.
Ford execs decided it was cheaper to let people burn, and pay the cost in court, than it was to fix the issue.
The memo cost them a lot of goodwill, but they are still around.
MS is probably looking that memo over right now thinking the same thing.
Cost to pay pissed off citizens is cheaper than fixing Win10, so....
So rise up, all ye lost ones, as one, we'll claw the clouds.
Actually, that's not entirely true....
For example, if you get a speeding ticket in New Orleans, it is ALWAYS advantageous to show up to set a court date, and not pay automatically even IF you are guilty as hell.
What you do is set your date, then show up at date, and before the trial, the traffic DA will bring all the folks back and offer you a "plea deal", in which the charge will be dropped down to a non-moving violation charge, which will keep it off your insurance driving record, and you just pay a fine.
They are only interested in the revenue, but it is nice to not get your insurance involved.
Check with your city as that I'm sure things vary widely, but I am of the understanding that this is more common than not....
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
The flip side of that is that isn't never just one person suing you for $10,000. Now that she's won, a lot of other people will file similar lawsuits. This is why some companies never settle - as a deterrent to bogus suits.
Not that there's anything bogus about suing Microsoft over Win 10, and how they've handled the upgrades.
ms has fucked up it
Truer words were never spoken.
Oh No, that shit has been said a lot; WindowsME, Windows Vista, Windows 8.0/8.1 come to mind as a few examples among many.
Apocalypse Cancelled, Sorry, No Ticket Refunds
Not to mention get it out of the news faster.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Except Windows 10 is not a security update: the computer in question had Windows 7, which is still in extended support and will still get "proper" security updates until 2020.
Yes, Windows 7 will get security updates in the form of patches that correct already known defects. Bandaids, in some sense.
Windows 10 has a list of actual security improvements, not just bandaids. Better ASLR and DEP, better support of harddrive encryption, more secure default browser, and other goodies. Microsoft maintains a page of Windows 10 security improvements over Windows 7/8. In theory, Windows 10's features mean a reduced attack surface. Maybe it still has issues but it is certainly more hardened than Windows 7 in general.
I'm sympathetic to both sides. I don't like things being pushed on people; it's their right to decide what to do with their own property, and maybe they have special needs that require an older version of Windows (some mission-critical software is known to have bugs on 10 for example).
But I also know that Microsoft is trying to improve the security of its products and the Internet as a whole by trying to get everyone updated. They don't want Windows 7 to be a repeat of people clinging to Windows XP, clinging to old technologies that are broken when new tech/implementations are available to prevent security problems. Not just security, but also think features: new protocols might be developed that weren't supported in the old OS, and so until majority of the Internet moves on, that protocol can't be rolled out. Many computer users are pretty clueless and need automatic updates for that reason, or they'll never do it themselves, and bring down the security of the Internet as a whole. Of course, it doesn't help that Microsoft's marketing team wants to take advantage of the security updates by also collecting info and all that stuff.
I hope we can find a good balance between the competing interests soon.
For example, if you get a speeding ticket in New Orleans, it is ALWAYS advantageous to show up to set a court date, and not pay automatically even IF you are guilty as hell.
That's interesting. I lived in NOLA for 4 years back in the late 80's, and heard the same thing. The reason was supposedly that cops would almost never show up for the court date, and you'd win by default. Had a guy on my hall arrested for jaywalking (in actuality, for bumping into a cop and apologizing in a New England accent), who did exactly this.
I'd figured in the intervening years, particularly with the post-Katrina police force, things would have changed. Chalk one up for the endurance of culture, I guess.
It's quite simple (and, yes, I've started my own business, been self-employed, and started up the IT in and supported dozens of schools and other places - tuition centres with 4 kids, charities, etc. - from zero or one computer to 1000+ computers over the last 15 years).
You can manage your computers. Or not.
If you want to have a home PC run your business, that's ALWAYS been the price you pay. You don't get domain joining, which means no user management, no RDP, no Bitlocker, no Hyper-V and a million and one other things.
That's fine for a shop which only needs one PC. Or a single user. Or a guy working from home.
But the second you move from "guy working from home" (in whatever sense) to "business involving > 1 people", it's quickly limiting.
If the machine is that critical that you can't afford for Windows 10 to upgrade you willy-nilly and without consent, you need to manage it. How you do that is up to you.
Hire a consultant to set it up once for you and then just forget it, adding a user once in a blue moon and not caring about permissions. Set up file sharing and one-click backups from one of those external hard drives. Whatever. But it's not a managed system. And when something upgrades or breaks, precisely because you don't have an IT guy - even a once-a-month or one-off-visit guy - you're going to be screwed.
That's a choice a lot of places take. Hell, I've seen SCHOOLS managed like that (usually not for very long, I used to specialise in "recoup" recovery and support for schools after disasters, staff losses, budget cuts, etc. - I literally would take on schools with "zero" in the IT budget except my fee [so no new machines, no buying expensive software to solve the problem, etc.] and if I didn't save you at least as much as my fee cost, by setting things up properly, sorting out your licensing, providing free alternatives, etc. over the first year, I would lower the prices to the point that I did. I never once had to lower the prices, and never had a customer argue about it).
But if you're using unmanaged computers, they are unmanaged. You're always going to have this, and have had this in the past. It doesn't matter the OS, the hardware or the setup, you're using unmanaged systems. Running your business like this is no different if it's Windows 10 Home or Windows 95, let's be honest.
A managed system of any size, and I've dealt with schools with 40 pupils and one computer that did everything (including Terminal Services for the kids thin-clients on the same machine as the admin, finance, etc. for the entire school), requires a domain or similar construct to do the simplest of things (like allow a user to log in at two different places and get the same settings). I've seen domains with literally 2 client computers and 5 users. And I'm talking precisely about things like solicitor's offices (those people can REALLY afford a proper IT setup given their data retention obligations and the importance of their access to email, law archive sites, etc.), family businesses, the guy with a single shopfront, etc.
If your system is unmanaged, then you either have to manage it yourself (i.e. install the utilities that block the 10 upgrades), or get someone to do that for you. No matter the OS (I've deployed LikeWise Open and Samba domains, too, it's not hard) or number of computers.
Would you have a telephone in a business that you didn't know how to operate and/or that no-one would come out to fix for you if it broke? Then why do the same for your accounting, your stock control, your stock ordering, your customer emails, etc.? Whether that's a one-page spreadsheet and a copy of Chrome or a full install of Sage or whatever, the principle is the same. Get support (manage your machines!) or do it yourself, or suffer.
If it's honestly not important enough to backup properly, have someone else have a login (if you're ill or whatever), or do things like put a firewall between it and the Internet, then sure, you're unmanaged for a r
What happened to the funny and sometimes even insightful slashdot of old? Several hundred comments so far, and the word "liability" does not appear once? Well, I'll spare you the long rant about the devolution of slashdot and just make the obvious comment about how Microsoft works:
MS = innovative financial models, NOT innovative software. GREAT money. Good software? Not so much.
The financial innovation that this article is about involves liability evasion. You youngsters may not believe me, but there used to be times when a company could be held legally liable for egregious mistakes that hurt the customers. Microsoft isn't the only anti-liability innovator, but the EULA was a major breakthrough and completely distorted Microsoft's developmental priorities. Security? Why worry? Whatever goes wrong, Microsoft has NO liability.
Actually, I don't even know what I'm talking about. I'm virtually certain I never read the entire EULA in any of it's cursed incarnations. More power to you if you have, but I have read enough EULA stuff so that I am unable to imagine the grounds of this nuisance lawsuit and amazed that Microsoft was willing to pay any money to make it go away. I hope that the precedent is going to come back and haunt them.
Not betting on it. I am certain that the newest diabolical incarnation of the EULA has several pages of disclaimers covering upgrades, and you retroactively accepted it when your firstborn child got ahold of the software and gnawed a hole in the shrinkwrap with his or her first tooth.
I could mention a few other anti-software-quality innovations that have helped make Microsoft the "success" it supposedly is. There was a time I would even have been motivated by the hope slashdot mattered.
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
The bigger picture is often a gamble. In the short term just paying off this one individual may be the easy claim, where they are on record on just not bothering to fight it. However if this sparks a bunch of claims then Microsoft may change its tatic.
The Woman didn't "Win" the lawsuit. They settled to avoid setting a legal precedent.
Settling to avoid setting a legal precedent here would--for the exact reasons you cited--be a strong indication that they expected the precedent to not be in their favor. With the shift to requiring you accept upgrades and patches with Win10, and how the rollout is going, a binding precedent here could make it very risky to fight future suits; consider how MS has rolled out Win10, and the fact it now requires most users accept whatever patches it shoves out on patch day.
Now consider what it'd mean if, by forcing those patches down people's throats, it now is financially responsible for any damage those patches do...