On Wed, 08 Dec 2010 07:43:52 PST, JC Dill said:
Why isn't ANYONE going after Microsoft over this? If Microsoft were held accountable for the spam and DDOSs that spew from their crappy software, they would find a way to stop the problem. I've raised this issue before, IMHO Windows OSs are "attractive nuisances" and that legal argument can be used to hold Microsoft responsible for not putting an adequate "fence" around their "attractive nuisance".
Unfortunately, this is one you really don't want to do. Microsoft's current offerings are about as hardened as the competition (Apple and Linux, mostly) right out of the box. And it's not clear that you can *make* a system much harder and still sell it to consumers (try using a Linux box with SELinux turned on in full MLS/MCS mode - quite secure, but *not* the easiest thing in the world to admin, especially if you ever add a third-party program that doesn't have a suitable MLS security policy description already).
If all the big ISPs banded together to file suit against Microsoft, they could share the cost (and pain) of the lawsuit.
And if you win the lawsuit, what does that get you? Microsoft goes broke, quits shipping security updates to everybody - and things are even worse than before, because now *everybody* is unpatched. The second issue is that if you *do* establish a legal precident that software vendors are liable for faults no matter what the contract/EULA says, you're going to see pretty much all the open-source projects pack up and go home unless they find a way to protect themselves. Quite likely some commercial software vendors will bail as well, or charge a *lot* more for their stuff. Be careful what you ask for, for you may surely get it.