Re: product liability (was: Virus Update)
As an academic argument, I would like to consider the following: 1. Given: M$ released a product which contained "enabling technology" which allowed this event to occur. 2. Given: This event was a Virus/Worm which used Visual Basic Scripting and the Outlook Address Book to duplicate and proliferate itself to a large number of systems at a fairly high rate of speed. 3. Given: Storing and forwarding mail costs money. 3. Fact: M$ Has a monopoly position. (Federal court ruling) 4. Theorum: Companies and other Entities which provide relay service for an organization which falls victim to this event incurred costs as a result of the event. Proof: Statement Reason =========================================== ============================== Storing and Forwarding mail costs money. Given (3). Relays store and forward mail. Definition of Relay. The virus generated a large amount of mail Given (2), nature of email to be relayed. forwarding. Entities providing relay service incurred Given (3) and previous costs. statements As such, I would argue that M$ release of a product with such widely known exploitable vulnerabilities into a the market including customers of any given relay service entity may, indeed, create standing for that service entity to sue M$ on the basis of costs incurred due to M$ negligence and negligent business practices. Owen
Greetings,
As such, I would argue that M$ release of a product with such widely known exploitable vulnerabilities into a the market including customers of any given relay service entity may, indeed, create standing for that service entity to sue M$ on the basis of costs incurred due to M$ negligence and negligent business practices.
Owen
While this is true, license agreements for most software products indicate that the product is expressly sold "as-is", and that you agree explicitly that the manufacturer is not responsible. This would most likely kill any product liability lawsuits, especially because the product performs to specification. Trying to sue Microsoft for producing software with varying levels of security (defaulted to the lowest security level) is like trying to sue an automobile manufacturer because their cars are easy to steal. While it may be possible to seek damages under lemon laws, if the car performs as specified there is little one can say except "damn, that's a stupid way to build a car..." I think the best way to stop the poor security in MS products is to vote with your wallet. I'll grant that sometimes this is impractical, but it is IMHO the only way to guide any software manufacturer to the features and functionalities that consumers truly need. The only problem with this logic is that Microsoft still has a long list of ill-informed and poorly-educated consumers to chew on before they run out of steam. The good news is that *eventually* they will. -- -------------------------------------------------------------------------- Stephen Kowalchuk skowalchuk@diamonex.com Diamonex, Incorporated The more pity, that fools may not speak wisely what wise men do foolishly. --------------------------------------------------------------------------
While this is true, license agreements for most software products indicate that the product is expressly sold "as-is", and that you agree explicitly that the manufacturer is not responsible. This would most likely kill any product liability lawsuits, especially because the product performs to specification.
it sounds nice, but it doesn't always work that way. cigarettes are routinely sold with warnings that they'll kill you (okay, they're "bad" for you in all sorts of ways), yet people still buy them and sue the manufacturers when they get sick. on the other hand, walking around with a loaded gun and a big sign that said "warning: do not stand in front of" would certainly not absolve me of any legal liability in the event that someone did actually stand in front of me and get shot. or the gun manufacturers, who also get sued. i wonder why no one has sued the steel foundries or tobacco plantations yet... -- |-----< "CODE WARRIOR" >-----| codewarrior@daemon.org * "ah! i see you have the internet twofsonet@graffiti.com (Andrew Brown) that goes *ping*!" andrew@crossbar.com * "information is power -- share the wealth."
Stephen Kowalchuk wrote:
Greetings,
As such, I would argue that M$ release of a product with such widely known exploitable vulnerabilities into a the market including customers of any given relay service entity may, indeed, create standing for that service entity to sue M$ on the basis of costs incurred due to M$ negligence and negligent business practices.
Owen
While this is true, license agreements for most software products indicate that the product is expressly sold "as-is", and that you agree explicitly that the manufacturer is not responsible. This would most likely kill any product liability lawsuits, especially because the product performs to specification.
I think you, and several others, are missing one key point. One class of injured party, namely the ISPs who had to deal with servers overloaded by the created spam, never bought the Microsoft software, nor are they (in most cases, I suspect) using ANYTHING written by Microsoft in the course of providing services to clients. With that in mind, the ISPs are not party to the "as-is" license. The ISPs could sue their own customers for using Microsoft software which contains dangerous features and defaults, or they might be able to sue Microsoft for releasing software damaging to the Internet infrastructure.
Trying to sue Microsoft for producing software with varying levels of security (defaulted to the lowest security level) is like trying to sue an automobile manufacturer because their cars are easy to steal. While it may be possible to seek damages under lemon laws, if the car performs as specified there is little one can say except "damn, that's a stupid way to build a car..."
Actually, I think it's a lot like the States suing the tobacco companies for producing a product which creates high medicaid bills. If Microsoft was aware of the potential for damage, and did nothing, and the ISPs suffered as a result they're not unlike the States who had to pick up the tab for someone else's use of a dangerous product.
I think the best way to stop the poor security in MS products is to vote with your wallet. I'll grant that sometimes this is impractical, but it is IMHO the only way to guide any software manufacturer to the features and functionalities that consumers truly need. The only problem with this logic is that Microsoft still has a long list of ill-informed and poorly-educated consumers to chew on before they run out of steam.
The ISPs could, I suppose, block all POP and SMTP traffic from Outlook Express clients, and block all web requests from Internet Explorer. Neither is really practical. How else do you propose ISPs vote with their wallets? -- ----------------------------------------------------------------- Daniel Senie dts@senie.com Amaranth Networks Inc. http://www.amaranth.com
participants (4)
-
Andrew Brown
-
Daniel Senie
-
owen@dixon.delong.sj.ca.us
-
Stephen Kowalchuk