Should Microsoft Be Liable For Bugs?

from the the-big-question dept

The big question that keeps coming up over and over again is whether or not Microsoft should be liable for all these bugs. Now it’s even being asked by Microsoft’s hometown paper. Those who favor the argument say that if any other product had the amount of flaws with the impact that Microsoft’s flaws have, there would be class action lawsuits galore. Those against it point out that it’s impossible to know how people will use software and to figure out ways to fix all bugs. Worse (and this is the part that concerns me the most) it would make it nearly impossible for small or independent software operations to release anything. It would slow down innovation. At the same time, even if Microsoft could be sued for the flaws, it would be unlikely that they would lose. The lawsuits would have to show that Microsoft was specifically “negligent” in their actions. While some may feel that Microsoft should be doing a better job, that doesn’t necessarily make them negligent.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Should Microsoft Be Liable For Bugs?”

Subscribe: RSS Leave a comment
Kevin says:

Re: DLL's

Dorpus, this is old news and I think it was *supposed* to be fixed long ago. But on the other hand, an operating system should be able to protect itself from programs/drivers/etc. Unix/linux has always done this although admittedly a few times I’ve locked up linux was with video drivers, but who knows, they may have just locked up the card.
Mac computers have been really bad about this until recently, but the OS is now candy coated unix.

Anyway, I dont think they are complaining as much about bugs as they are about security flaws/exploits. The title of that article is really poor.

You’re lucky you didnt post that on slashdot, you’d be all crispy now.

dorpus says:

Re: Re: DLL's

“Anyway, I dont think they are complaining as much about bugs as they are about security flaws/exploits. “

What about the security flaws/exploits of other OS’s? There are plenty of unix viruses.

“You’re lucky you didnt post that on slashdot, you’d be all crispy now.”

Too much traffic, too complicated filtering system, so I don’t do slashdot.

dorpus says:

Re: Re: Re:2 DLL's

I seem to recall that for about a decade after windows introduced plug-and-play, Sun terminals would still crash whenever someone accidentally unplugged the keyboard. The jacks were very loose and easy to come off, too. Seems like something that shouldn’t happen for an operating system that is supposed to be more “heavy duty” and “reliable” than windows.

westpac says:

Re: Re: Re:3 DLL's

I’ve seen loose keyboard connectors blow a PC motherboard. This is a hardware issue instead of software.

VMS is an amazingly stable OS. Our VMS servers never crash. But if you want to upgrade or add anything you’re locked into proprietary hardware and software. Ever since Compaq bought up DEC they’ve been trying to kill off the VMS product line and now the whole Alpha product line.

Kevin says:

Re: Re: Re: DLL's

“What about the security flaws/exploits of other OS’s? There are plenty of unix viruses.”

whoa there Dorpus. Who is feeding you this info? I’ve know of viri on windows, macos and I even remember them back on the Amiga, but I dont think I’ve ever heard of a unix/linux virus.

Worms, sure. But I’ll bet that most of the bad publicity that unix/linux got was from the two most craptastically exploitably programs apparently written by drunks: bind and sendmail. These two programs have a fairly simple function but for some reason keep getting cracked. If those were written correctly unix/linux would have a much better track record.

As for those terminals locking up when the keyboard was unplugged I suspect it was a hardware problem, not the OS, but even if it was you cant really judge a OS’s robustness by its ability to handle changes in hardware while its running. I dont even know if old sun terminals were running unix, it might have been some stripped down OS that ran an X server.

kettlechips says:

ms = bugs = profit

the basic difference/problem is that open source leans towards accountability and hence relability, while mickeysoft leans toward profitability thru monopoly, lawyers & obfusication. why fix something ifyou can charge for it in the next release. microsoft is a monopoly that minimises competition & hence improvement. ie despite what pr they generate, they are greedy, short sighted, arseholes who cause as much problems as they solve.

LittleW0lf says:

Re: ms = bugs = profit


When I read this subject line, only one thing came to mind…”We are getting a hell of a profit fixing Microsoft’s bugs!”

After all, if it wasn’t for Microsoft, I probably wouldn’t have the decent paying, great experience, “god I love to come to work” job I have right now. They are literally paying my paycheck with their lack of security.

Of course, my job as a Linux/BSD/Cisco administrator is stable, so I could always just spend all my time at work doing that, but it is more fun doing heavy patching of Windows boxes, and then of course the extra time spent investigating the break-ins and viruses under the Windows OS which makes my life complete…

Hidden and tags within document.

mgallagher says:

Analogies with other products

The article points out that what you really get when you purchase software is a license, not a “good” (although certainly in the economic sense you’re buying a good) so all of the consumer protection laws don’t apply. Clearly this will need to addressed legislatively, even though I’m generally opposed to such things.

With many products there’s a concept called “merchantability”, which basically says that if a device is sold as a sewing machine, it needs to be able to sew in the way a reasonable person would expect to do so. Another example is a used car, the steering should turn the wheels, it should move when expected to, it should eventually stop when the brakes are pushed. After that, you’re on your own.

Maybe there’s a way to include concepts like this for software. Perfection isn’t expected, but a package should state it’s intended functions, and should, at a minimum perform those functions in any reasonable computing environment. Using the Firestone example, I should be able to fit the tire to any appropriately sized wheel, and I should be able to expext a reasonable product lifetime when driven over typical surfaces. If I put the tires on the wrong size wheels and drive 150 MPH on gravel, well, I guess it’s my fault if I get a flat (or worse).

Security-wise there’s plenty of precedent for “reasonableness” in other areas – I can’t very well accuse someone of theft if I leave my CD player on the sidewalk overnight with no identification on it. If they break into my locked car to get it, that’s a different story. Maybe these sorts of examples can be made into a workable “reasonable” standard for security expectations for software vendors.

The key here is to provide some sort of information (and possibly recourse) to consumers without creating barriers to entry for new software authors. Not an easy problem, but probably not impossible either.

Rick Colosimo (user link) says:

Re: [False] Analogies with other products

Two comments:

1. The concept of implied warranties of merchantability or fitness for a particular purpose were legal constructs designed to allow for physically injured persons to recover when they were harmed by a product. Those doctrines became strict liability, which says that you can’t bargain away, as in an EULA, your protection from physical harm. Legal thinking then and now is that people should be allowed to bargain away their protection from economic harm since people and businesses do this all the time – it’s called insurance or hedging or any of a dozen other forms. Those concepts are not readily transferred to software.

2. You most certainly can be convicted of theft of a CD player with no name on it left on the street. States have slightly different versions of their statutes, but in NY for example, anything you find has to be turned in to the police and, if unclaimed, you may claim it. So your premise is unfortunately wrong (in spite of all we’ve heard, finders are not keepers and losers not always weepers).

Even if it were true, I’m not sure that “reasonableness” is as good a standard in this situation as we might think. I am not a Mac expert or even casual user, but do we all believe it’s *really* true that Macs are impervious to viruses, or that MS is simply a bigger target (for many reasons)? What Mac users think is “reasonable” may simply be luck or anecdotal evidence.

mgallagher says:

Re: Re: [False] Analogies with other products

Both are excellent points.

You are quite correct when you talk about exisitng liability concepts having trouble in application to software. The original article makes this point as well. That’s why I think we’ll eventually be in a situation where definitions and applicability will need to be legislatively determined. Not an appealing idea when you consider how bad some of our computing-related laws have been. But you’re right, in thier current form you’d have trouble getting merchantability laws to work for software.

As for the second point – I simplified the example to the point of inaccuracy. We’re not even talking about criminality here, rather civil matters (for which liability limits need to be defined). I probably should have referred to being able to recover damages if you haven’t met the burdens of discovery and minimization in relation to minding your own “security” – but that just seemed to be a little too obtuse.

So, thanks for the excellent points. Have a great weekend.

Joe Perches says:

Re: Re: Re: [False] Analogies with other products

The article says:

“But since the mid-1990s, a string of court decisions has upheld the validity of using license (nb: context implies shrink-wrap) agreements to limit a software maker’s liability.”

Is this true?

Have products sold over the counter ever been determined to be not Uniform Commercial Code?

Can anyone cite a reference please?

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...