Re: product liability (was 'we should all be uncomfortable with the extent to which luck..')
Your analogy is flawed. The question is, should Firestone be responsible for someone going around slashing the tires? No they shouldn't. Then why should Microsoft or any other software manufacturer be responsible for the damage done by third parties? You could make the argument that Microsoft should have designed more security into their products to prevent security breaches of this nature, but you could also argue that Firestone should make their tires out of kevlar to prevent people from slashing them. We shouldn't hold the software manufacturers responsible, unless they willingly and knowingly left the security flaw in place. We should hold the programmers that release malicious code responsible. William Allen Simpson To: nanog@nanog.org <wsimpson@greend cc: caida@caida.org ragon.com> Subject: product liability (was 'we should all be uncomfortable with the extent to which Sent by: luck..') owner-nanog@meri t.edu 07/25/01 02:42 AM Perhaps a different approach is in order -- product liability. When Firestone made a large number of bad tires, they compensated the purchasers by PAYING for replacement, including those that had not yet been injured. That included the upgrade, and the installation cost. Network operators have been injured by the distribution of buggy software from M$. We need to be compensated for our time and expenses. End users need to be compensated for their costs to upgrade. A check in the mail would be a better incentive to administrators than "automatic" updates. "Wayne E. Bouchard" wrote:
On Tue, Jul 24, 2001 at 10:35:37PM -0700, k claffy wrote:
==> 5.4 billion people haven't selected an OS yet
[k: maybe we can get them on OS-antioxidants before it's too late]
... Doing this, right now, can be difficult for many users to grasp (lets face it, some software doesn't update well, if at all) and may require more effort than even reputable administrators are willing to extend.
How to go about making the public more secure, of course, is an on-going debate and perhaps even a losing battle but still worth the effort.
-- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
On Wed, 25 Jul 2001 LBolton@geiger.com wrote:
Your analogy is flawed. The question is, should Firestone be responsible for someone going around slashing the tires? No they shouldn't. Then why should Microsoft or any other software manufacturer be responsible for the damage done by third parties?
Better analogy: Microsoft is advertising "high security padlocks", but is instead selling locks that dont work at all. -Dan -- [-] Omae no subete no kichi wa ore no mono da. [-]
* Dan Hollis sez: : Microsoft is advertising "high security padlocks", but is instead selling : locks that dont work at all. After finding out they were flawed, Microsoft offered everyone a replacement/bugfix. While there's no proof that these padlocks are actually high-secure, they are more secure than what came with the purchase initially. Microsoft has - and I believe Firestone would do the same - informed all registered customers as soon as the fix was available. In addition there was quite some buzz about the .ida vulnerability a while ago. While one might argue that it's Microsoft's resposibility to communicate those flaws better, they indeed offered better padlocks and a mechanic (setup.exe) to install them. A customer refusing to open his door to the guy walking around and informing him of flawed tires, not opening his mail and - even if aware that the padlocks are screwed - neglects to put the new ones on (at no cost, mind you), should be slapped with the UNIX bible until unconscious for endangering others and himself in a particularly stupid manner. Let's just repeat that: - Microsoft is a known flawed OS - IIS is a known flawed component of this flawed OS - There are more than a few sites out there selling or offering security advise for free - The fix has been out for months - The fix has already been exploited by smaller, less media active worms - The owners of said Websites in some/most cases offer services to a third party, are therefore by no means 'the poor schmock with the Firestone tires' but rather 'the owner of Ryder, Inc.'. These servers put customer data and confidential information in jeopardy long before the worm struck and in quite a few cases still do, even though most of the attack points are fixable. - Few of the infected hosts have learned a damned thing from this attack, just look for iisadmpwd at those hosts - a week after the attack. ... facts dutyfully ignored by said 'Administrator's of said boxen. In this case network and system administrators had a bad time with long hours trying to stop something from happening that did not need to happen and that would have not happened would 90% of the socalled Internet Experts out there understand even the basics of their work. I am not ready to push the blame towards M$, even though I'd love to see that Monopoly drown in a big bucket full of the tears and sweat shed by innocent bystanders who got hit by crap like this one, but in this case the perp sits somewhere else and needs to - at least for once - be made aware of the mess he created and the costs that resulted from it. -- <@rs> someone the other night suggested that defcon was actually about drinking, not hacking <@rs> so i went to my wine rack and did some port scanning. <@rs> i found warez
At 04:14 PM 7/25/2001, Dan Hollis wrote:
Microsoft is advertising "high security padlocks", but is instead selling locks that dont work at all.
I actually talked to an intellectual property attorney about this today... just in passing, but his remark was "Microsoft is not responsible for someone else committing criminal acts. If you leave your house unlocked, that doesn't mean it is NOT breaking and entering if someone comes in and steals things."
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 True, But, as someone mentioned, microsoft is marketing high security padlocks. If someone breaks into your business (your door was unlocked, despite the fact the security system said that all the doors were locked (as advertised)) and does damage that causes you to lose 250k, you could/should go after the security company.. Leaving your door unlocked doesn't preclude the criminal from being arrested, but if you purchased a lock under the belief it worked, and it doesn't, and that caused you damages, then the lockmaker is open to liability. Now, in the real world, you'd have INSURANCE to cover this, and I have a hunch we'll start to see more people insuring against hacking/DoS's.. - -- Matt Levine @Home: matt@deliver3.com @Work: matt@eldosales.com ICQ : 17080004 PGP : http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x6C0D04CF - -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Dave Stewart Sent: Wednesday, July 25, 2001 4:32 PM To: nanog@nanog.org Cc: nanog@nanog.org Subject: Re: product liability (was 'we should all be uncomfortable with the extent to which luck..') At 04:14 PM 7/25/2001, Dan Hollis wrote:
Microsoft is advertising "high security padlocks", but is instead selling locks that dont work at all.
I actually talked to an intellectual property attorney about this today... just in passing, but his remark was "Microsoft is not responsible for someone else committing criminal acts. If you leave your house unlocked, that doesn't mean it is NOT breaking and entering if someone comes in and steals things." -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBO18ycsp0j1NsDQTPEQIYpACgs9Y0xhyGW39wCNa9EBI0FLRnEvgAn1Mf pZ+cSYxfPAiV6hiZutVR3pF6 =u4pq -----END PGP SIGNATURE-----
On Wed, 25 Jul 2001, Dave Stewart wrote:
At 04:14 PM 7/25/2001, Dan Hollis wrote:
Microsoft is advertising "high security padlocks", but is instead selling locks that dont work at all. I actually talked to an intellectual property attorney about this today... just in passing, but his remark was "Microsoft is not responsible for someone else committing criminal acts. If you leave your house unlocked, that doesn't mean it is NOT breaking and entering if someone comes in and steals things."
So what point *does* microsoft become negligently liable? Never? Ask your attorney friend if he can think of *ANY* situation where m$ could be found negligent. Microsoft is giving a *great* sales pitch about reliability, stability, security, etc. but simply not delivering what they are advertising. This game of deceit is costing consumers billions. How long in the real world before the FTC would come down like a ton of bricks for false/fraudulent advertising on non-software company doing the same thing? -Dan -- [-] Omae no subete no kichi wa ore no mono da. [-]
On Wed, Jul 25, 2001 at 01:59:38PM -0700, Dan Hollis wrote:
So what point *does* microsoft become negligently liable? Never?
Ask your attorney friend if he can think of *ANY* situation where m$ could be found negligent.
Microsoft is giving a *great* sales pitch about reliability, stability, security, etc. but simply not delivering what they are advertising. This game of deceit is costing consumers billions.
M$'s click/shrinkwrap licenses, as far as I can remember, discliam liability for any and all security problems. (And a lot of other stuff too.) --Adam -- Adam McKenna <adam@flounder.net> | Help stop animal abuse at Petco! http://flounder.net/publickey.html | http://www.mickaboofriends.org GPG: 17A4 11F7 5E7E C2E7 08AA | 38B0 05D0 8BF7 2C6D 110A |
Since software, in theory, can't cause physical danger, I suspect the shrink wrap license makes Microsoft immune to any liability. If they advertise false claims then they could punishable under some states consumer protection laws. Look for the disclaimers. Now if you claim that you are forced to agree to the shrink wrap licence because of they are a monopoly and you are forced to use the product ... an iffy argument ... then you may have a something. BTW - It looks like Windows 2000 is subject to the BSD telnetd exploit. At 14:05 -0700 25-07-2001, Adam McKenna wrote:
On Wed, Jul 25, 2001 at 01:59:38PM -0700, Dan Hollis wrote:
So what point *does* microsoft become negligently liable? Never?
Ask your attorney friend if he can think of *ANY* situation where m$ could be found negligent.
Microsoft is giving a *great* sales pitch about reliability, stability, security, etc. but simply not delivering what they are advertising. This game of deceit is costing consumers billions.
M$'s click/shrinkwrap licenses, as far as I can remember, discliam liability for any and all security problems. (And a lot of other stuff too.)
--Adam
-- Adam McKenna <adam@flounder.net> | Help stop animal abuse at Petco! http://flounder.net/publickey.html | http://www.mickaboofriends.org GPG: 17A4 11F7 5E7E C2E7 08AA | 38B0 05D0 8BF7 2C6D 110A |
-- Joseph T. Klein +1 414 915 7489 Senior Network Engineer jtk@titania.net Adelphia Business Solutions joseph.klein@adelphiacom.com "... the true value of the Internet is its connectedness ..." -- John W. Stewart III
Yo Joseph! On Wed, 25 Jul 2001, Joseph T. Klein wrote:
Since software, in theory, can't cause physical danger, I suspect the shrink wrap license makes Microsoft immune to any liability.
ROTFL! What about the WinNT powered flight control systems from Avidyne? NT blue screens when you are in the clouds and death is usually shortly follow. Shrink wrap license or not, the first time this happens expect M$ to show up in court. RGDS GARY --------------------------------------------------------------------------- Gary E. Miller Rellim 20340 Empire Ave, Suite E-3, Bend, OR 97701 gem@rellim.com Tel:+1(541)382-8588 Fax: +1(541)382-8676
Funny.. I don't remember IBM or EDS being sued on the times when ATC has failed. Jeppeson hasn't been sued for issuing incorrect maps either. Software programmers arent sued when monitoring machines in hospitals fail. Oh that's right, because there are neat things called "Limits of Liability", "Gross Negligence", and "Malicious Intent". Look up the work indemnity. There is a reason why it is in most boilerplate. In the mean time, I would suggest that people who have no concept of the legal system refrain from comment about any of this. The concept of this entire thread is nothing more than mental masturbation. .chance
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Gary E. Miller Sent: Wednesday, July 25, 2001 3:57 PM To: Joseph T. Klein Cc: nanog@nanog.org Subject: Re: product liability (was 'we should all be uncomfortable with the extent to which luck..')
Yo Joseph!
On Wed, 25 Jul 2001, Joseph T. Klein wrote:
Since software, in theory, can't cause physical danger, I suspect the shrink wrap license makes Microsoft immune to any liability.
ROTFL! What about the WinNT powered flight control systems from Avidyne? NT blue screens when you are in the clouds and death is usually shortly follow. Shrink wrap license or not, the first time this happens expect M$ to show up in court.
RGDS GARY -------------------------------------------------------------- ------------- Gary E. Miller Rellim 20340 Empire Ave, Suite E-3, Bend, OR 97701 gem@rellim.com Tel:+1(541)382-8588 Fax: +1(541)382-8676
On Wed, 25 Jul 2001, Chance Whaley wrote:
Software programmers arent sued when monitoring machines in hospitals fail.
Individual programmers might not be sued, but companies have been sued, successfully. In the late 1980s there was a string of radiation machine failures due to software bugs which ended up killing patients. IIRC when the families of the victims sued, the software company chose to settle out of court rather than go to trial.
Look up the work indemnity. There is a reason why it is in most boilerplate. In the mean time, I would suggest that people who have no concept of the legal system refrain from comment about any of this. The concept of this entire thread is nothing more than mental masturbation.
The facts prove you wrong. -Dan -- [-] Omae no subete no kichi wa ore no mono da. [-]
My fault for not making a distinction between the ATC issues and healthcare issues. The developers of ATC software are granted indemnity in the US. Jeppeson falls under this except for cases of: 'Gross Negligence', 'Malicious Intent', and a few others. Otherwise no development house in the world would touch the systems. See any aviation software boilerplate, and the last paragraph in my email here. As for healthcare issues - I was making statement to software developed on MS platforms (and there are quite a few). From the license on _every_ piece of MS software: High Risk Activities. The Software is not fault-tolerant and is not designed or intended for use in hazardous environments requiring fail-safe performance, including without limitation, in the operation of nuclear facilities, aircraft navigation or communication systems, air traffic control, weapons systems, direct life-support machines, or any other application in which the failure of the Software could lead directly to death, personal injury, or severe physical or property damage (collectively, "High Risk Activities"). Microsoft expressly disclaims any express or implied warranty of fitness for High Risk Activities. MS encourages all of its developers to use its standard boilerplate. Specific contracts are made for healthcare software and their buyers - it typically includes "Limits of Liability". Please don't quote decades old cases, as they were the impetus for the changes in software liability law. First action for any attorney in a tort case is "sue everyone even remotely connected with anything to do with anything". Courts have a tendency to throw these things out now. Do we not remember the cases against Chrysler and AC/Delco for the "software" in their cruise-control being incorrect a few years ago. People sued Chrysler, Chrysler sued AC/Delco. Attorneys vs. Chrysler got heard (and settled out of court). Chrysler vs. AC/Delco got thrown out. .chance
-----Original Message----- From: Dan Hollis [mailto:goemon@anime.net] Sent: Wednesday, July 25, 2001 4:51 PM To: Chance Whaley Cc: 'Gary E. Miller'; 'Joseph T. Klein'; nanog@nanog.org Subject: RE: product liability (was 'we should all be uncomfortable with the extent to which luck..')
On Wed, 25 Jul 2001, Chance Whaley wrote:
Software programmers arent sued when monitoring machines in hospitals fail.
Individual programmers might not be sued, but companies have been sued, successfully.
In the late 1980s there was a string of radiation machine failures due to software bugs which ended up killing patients.
IIRC when the families of the victims sued, the software company chose to settle out of court rather than go to trial.
Look up the work indemnity. There is a reason why it is in most boilerplate. In the mean time, I would suggest that people who have no concept of the legal system refrain from comment about any of this. The concept of this entire thread is nothing more than mental masturbation.
The facts prove you wrong.
-Dan
-- [-] Omae no subete no kichi wa ore no mono da. [-]
Yo Chance! Oh really? Then what about the Avrotec primary flight control system and the Avidyne nav system? They run NT and they are FAA certified for their purpose. So maybe _every_ piece, except a few? Here is an article on WinNT powering the Avrotech in the new Lancair 400. It is being used as the PRIMARY flight control system on an FAA certified plane: http://www.avweb.com/articles/colum400/ RGDS GARY --------------------------------------------------------------------------- Gary E. Miller Rellim 20340 Empire Ave, Suite E-3, Bend, OR 97701 gem@rellim.com Tel:+1(541)382-8588 Fax: +1(541)382-8676 On Wed, 25 Jul 2001, Chance Whaley wrote:
on MS platforms (and there are quite a few). From the license on _every_ piece of MS software:
High Risk Activities. The Software is not fault-tolerant and is not designed or intended for use in hazardous environments requiring fail-safe performance, including without limitation, in the operation of nuclear facilities, aircraft navigation or communication systems, air traffic control, weapons systems, direct life-support machines, or any other application in which the failure of the Software could lead directly to death, personal injury, or severe physical or property damage (collectively, "High Risk Activities"). Microsoft expressly disclaims any express or implied warranty of fitness for High Risk Activities.
Yo Chance! On Wed, 25 Jul 2001, Chance Whaley wrote:
I don't remember IBM or EDS being sued on the times when ATC has failed. Jeppeson hasn't been sued for issuing incorrect maps either. Software programmers arent sued when monitoring machines in hospitals fail. Oh that's right, because there are neat things called "Limits of Liability", "Gross Negligence", and "Malicious Intent".
Do some research. Just because you have not heard about it does not mean it did not happen. Jeppeson lost a BIG one after the AA crash in Cali. Jeppesson still has suits pending about Ron Brown's (US Commerce Secretary) going down in Kosovo. Technicare (a former client of mine) lost a BIG one after the runaway software on a CAT scanner fried a patient to death. Never heard of anyone dieing due to an ATC outage so that issue is still open. In any case, the comment I was replying to was about software not being able to hurt anybody. The US legal system found in two of the cases above that it can and has. RGDS GARY --------------------------------------------------------------------------- Gary E. Miller Rellim 20340 Empire Ave, Suite E-3, Bend, OR 97701 gem@rellim.com Tel:+1(541)382-8588 Fax: +1(541)382-8676
I don't know about IBM or EDS, but in both of those cases, only a portion of ATC has failed, and there were backup plans in place to deal with such failures. I do not believe there has been a test case here, as yet. You can bet your ass they'd get sued if two planes collided during an outage and the collision was attributed in part to the failure of their system(s). As to Jepessen, you obviously don't remember the lawsuit filed over the 737 crash that took out Commerce Secretary Ron Brown. Jepessen was sued over that crash, even though their charts were within specifications and correct according to the available definitions of correct. It is rare that a Jepessen chart error leads to a crash, but it is almost uheard of for them to not get sued in the event of a crash that might possibly be blamed on a chart error. Owen Chance Whaley wrote:
Funny..
I don't remember IBM or EDS being sued on the times when ATC has failed. Jeppeson hasn't been sued for issuing incorrect maps either. Software programmers arent sued when monitoring machines in hospitals fail. Oh that's right, because there are neat things called "Limits of Liability", "Gross Negligence", and "Malicious Intent".
Look up the work indemnity. There is a reason why it is in most boilerplate. In the mean time, I would suggest that people who have no concept of the legal system refrain from comment about any of this. The concept of this entire thread is nothing more than mental masturbation.
.chance
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Gary E. Miller Sent: Wednesday, July 25, 2001 3:57 PM To: Joseph T. Klein Cc: nanog@nanog.org Subject: Re: product liability (was 'we should all be uncomfortable with the extent to which luck..')
Yo Joseph!
On Wed, 25 Jul 2001, Joseph T. Klein wrote:
Since software, in theory, can't cause physical danger, I suspect the shrink wrap license makes Microsoft immune to any liability.
ROTFL! What about the WinNT powered flight control systems from Avidyne? NT blue screens when you are in the clouds and death is usually shortly follow. Shrink wrap license or not, the first time this happens expect M$ to show up in court.
RGDS GARY -------------------------------------------------------------- ------------- Gary E. Miller Rellim 20340 Empire Ave, Suite E-3, Bend, OR 97701 gem@rellim.com Tel:+1(541)382-8588 Fax: +1(541)382-8676
-- *********************************************************************** "Every time you turn on your new car, you're turning on 20 microprocessors. Every time you use an ATM, you're using a computer. Every time I use a settop box or game machine, I'm using a computer. The only computer you don't know how to work is your Microsoft computer, right?" - Scott McNealy, CEO of Sun Microsystems, Inc., from an April 1997 interview in Upside Magazine *********************************************************************** Microsoft CEO Bill Gates is optimistic about Contraceptive99's potential. He recently said, "Our contraceptive products will help users do to each other what we've been doing to our customers for years." The mail above is sent from my personal account and represents my own views. It may or may not reflect the opinions of Exodus Communications, Jin Ho, Mo Sabourian, Tony Massing, Morris Taradalsky, or any other employee, officer, subsidiary, acquisition, member, partner, aff
On Wed, Jul 25, 2001 at 09:48:47AM +0000, Joseph T. Klein wrote:
Since software, in theory, can't cause physical danger, I suspect the shrink wrap license makes Microsoft immune to any liability.
If they advertise false claims then they could punishable under some states consumer protection laws. Look for the disclaimers.
Now if you claim that you are forced to agree to the shrink wrap licence because of they are a monopoly and you are forced to use the product ... an iffy argument ... then you may have a something.
A number of legal minds apparently are of the opinion that the recent Appeals court ruling helps open up that exact legal pinhole, a bit. However, ISTR that Microsoft recently had a number of suits in various state courts thrown out for lack of standing; IIRC Microsoft's claim that the Windows installations on new machines were a sale from Microsoft to the OEM, not Microsoft to the end-user, and therefore end-users were not eligible to sue Microsoft directly. I haven't bought an OEM machine in quite some time, but I think it's still the policy for Windows-based machines to indicate that if you have "any" problems (including software), that you have to go back to the hardware manufacturer for help, _not_ Microsoft. Although having no clue on the stats, I would assume that off-the-shelf purchases of Windows are not the majority of Windows "sales". Also, there's an element in the "Windows/IIS patches are freely available, so if an admin didn't patch, it's mostly his fault, no matter how crappy Windows/IIS might have been designed" thread, namely, that for the longest time, installing patches in most Windows systems was a dangerous undertaking; a significant portion of the time, installing a patch would/could cause something else to break, or even render the system unusable. This aspect has kept many Windows admins that I know from doing _anything_ to their systems except for dire emergencies, or well-tested (i.e. out in the field for several months, and tested on _other_ people's machines) service packs. Many of these difficulties were characterized either in being required to figure out to apply service packs and interim patches in exactly the right order (with exactly the right set of reboots), or in ending up reinstalling because Microsoft technical support didn't have the depth to be able to help with a complicated service pack / patch situation. -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
On Wed, 25 Jul 2001 LBolton@geiger.com wrote:
Your analogy is flawed. The question is, should Firestone be responsible for someone going around slashing the tires? No they shouldn't. Then why should Microsoft or any other software manufacturer be responsible for the damage done by third parties?
Better analogy:
Microsoft is advertising "high security padlocks", but is instead selling locks that dont work at all.
The analogy is further flawed in that the comparison is between problems in the real world that can cause real injury or death to real people versus a piece of software that operates in a virtual world... even if it is a real pain in the butt. Remember, if this stuff was easy and simple, we'd be a commodity.... [I speak ONLY for myself !] /back to my rock/ Michael
On Wed, 25 Jul 2001, Michael Airhart wrote:
The analogy is further flawed in that the comparison is between problems in the real world that can cause real injury or death to real people versus a piece of software that operates in a virtual world...
m$ stuff is being used in flight control systems now, if I remember correctly. the navy also had a spin using nt in a "smart ship" trial, much to their detriment. -Dan -- [-] Omae no subete no kichi wa ore no mono da. [-]
Not in anything I would pilot or ride in!!!! Think about the Class 5 switches and IBM mainframes. It took YEARS to get anything done because of the critical nature of their functions. If people are going to put their lives in the balance, then they should spend the time to research their choices. People who just toss up a web server, run their business, and then complain when it crashes obviously didn't take it too seriously. Same with networks. It costs major $ to assure no single point of failure and quit frankly most people won't spend the $.. Or they can't recoup the costs by selling service.. It's not easy, I understand that. Look at the traffic controller industry. There is a significant amount of work to assure that you NEVER get a double green / crossing traffic situation. The technology in there is 30+ years old. If the 68000 chip croaks, the old tech relays prevent light violations. Man we are WAY off any operational topic here. My apologies to the group trying to get some work done here.. Michael (Speaking for myself ONLY) At 02:03 PM 7/25/2001 -0700, you wrote:
On Wed, 25 Jul 2001, Michael Airhart wrote:
The analogy is further flawed in that the comparison is between problems in the real world that can cause real injury or death to real people versus a piece of software that operates in a virtual world...
m$ stuff is being used in flight control systems now, if I remember correctly. the navy also had a spin using nt in a "smart ship" trial, much to their detriment.
-Dan
-- [-] Omae no subete no kichi wa ore no mono da. [-]
Dan Hollis wrote:
On Wed, 25 Jul 2001 LBolton@geiger.com wrote:
Your analogy is flawed. The question is, should Firestone be responsible for someone going around slashing the tires? No they shouldn't. Then why should Microsoft or any other software manufacturer be responsible for the damage done by third parties?
Better analogy:
Microsoft is advertising "high security padlocks", but is instead selling locks that dont work at all.
-Dan
OK... I'll admit this might be a better analogy. However, I don't believe that my analogy is "should Firestone be responsible for slashing tires". My analogy was "Given that road hazards exist, and given that Micro$oft knew their tires were particularly vunlerable to this obvious road hazzard, did Micro$oft have a greater responsibility for recall or should they be subject to recovery of damages by injured third parties." In my opinion, they should, indeed, be in such a situation. If you SELL a product that you know is defective or later learn is defective in design such that it is likely to cause or contribute to harm, your failure to recall that product actively creates a liability for the consequences. Owen
On Wed, 25 Jul 2001 09:17:26 EDT, LBolton@geiger.com said:
You could make the argument that Microsoft should have designed more security into their products to prevent security breaches of this nature, but you could also argue that Firestone should make their tires out of kevlar to prevent people from slashing them.
Note that several tire manufacturers have been quite busy designing tires that are self-sealing for at least minor punctures. Draw your own software analogies. Valdis Kletnieks Operating Systems Analyst Virginia Tech
On Wed, 25 Jul 2001 LBolton@geiger.com wrote:
You could make the argument that Microsoft should have designed more security into their products to prevent security breaches of this nature, but you could also argue that Firestone should make their tires out of kevlar to prevent people from slashing them.
In Microsoft's case, I think they could take better measures to ensure that their software and NOSen are less vulnerable, but they don't, and that's why my network no longer has any NT servers on it. Microsoft can't predict and prevent 100% of all attacks, but they can take more steps to help prevent some of the attacks. -- JustThe.net LLC - Steve "Web Dude" Sobol, CTO - sjsobol@JustThe.net Donate a portion of your monthly ISP bill to your favorite charity or non-profit organization! E-mail me for details.
participants (14)
-
Adam McKenna
-
Chance Whaley
-
Dan Hollis
-
Dave Stewart
-
Gary E. Miller
-
Henry Yen
-
Jonas Luster
-
Joseph T. Klein
-
LBolton@geiger.com
-
Matt Levine
-
Michael Airhart
-
Owen DeLong
-
Steven J. Sobol
-
Valdis.Kletnieks@vt.edu