North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: product liability (was: Virus Update)

  • From: Stephen Kowalchuk
  • Date: Tue May 09 16:38:45 2000


> As such, I would argue that M$ release of a product with such widely known
> exploitable vulnerabilities into a the market including customers of any
> given relay service entity may, indeed, create standing for that service
> entity to sue M$ on the basis of costs incurred due to M$ negligence and
> negligent business practices.
> Owen

While this is true, license agreements for most software products indicate that
the product is expressly sold "as-is", and that you agree explicitly that the
manufacturer is not responsible.  This would most likely kill any product
liability lawsuits, especially because the product performs to specification.

Trying to sue Microsoft for producing software with varying levels of security
(defaulted to the lowest security level) is like trying to sue an automobile
manufacturer because their cars are easy to steal.  While it may be possible to
seek damages under lemon laws, if the car performs as specified there is little
one can say except "damn, that's a stupid way to build a car..."

I think the best way to stop the poor security in MS products is to vote with
your wallet.  I'll grant that sometimes this is impractical, but it is IMHO the
only way to guide any software manufacturer to the features and functionalities
that consumers truly need.  The only problem with this logic is that Microsoft
still has a long list of ill-informed and poorly-educated consumers to chew on
before they run out of steam.  

The good news is that *eventually* they will.

Stephen Kowalchuk                                  [email protected]
Diamonex, Incorporated                             

The more pity, that fools may not speak wisely what wise men do foolishly.