Should Microsoft Be Liable For Bugs?
from the the-big-question dept
The big question that keeps coming up over and over again is whether or not Microsoft should be liable for all these bugs. Now it’s even being asked by Microsoft’s hometown paper. Those who favor the argument say that if any other product had the amount of flaws with the impact that Microsoft’s flaws have, there would be class action lawsuits galore. Those against it point out that it’s impossible to know how people will use software and to figure out ways to fix all bugs. Worse (and this is the part that concerns me the most) it would make it nearly impossible for small or independent software operations to release anything. It would slow down innovation. At the same time, even if Microsoft could be sued for the flaws, it would be unlikely that they would lose. The lawsuits would have to show that Microsoft was specifically “negligent” in their actions. While some may feel that Microsoft should be doing a better job, that doesn’t necessarily make them negligent.
Comments on “Should Microsoft Be Liable For Bugs?”
DLL's
I’ve read that most windows crashes are caused by bad DLL’s made by 3rd-party vendors. Not Microsoft’s fault.
Re: DLL's
Dorpus, this is old news and I think it was *supposed* to be fixed long ago. But on the other hand, an operating system should be able to protect itself from programs/drivers/etc. Unix/linux has always done this although admittedly a few times I’ve locked up linux was with video drivers, but who knows, they may have just locked up the card.
Mac computers have been really bad about this until recently, but the OS is now candy coated unix.
Anyway, I dont think they are complaining as much about bugs as they are about security flaws/exploits. The title of that article is really poor.
You’re lucky you didnt post that on slashdot, you’d be all crispy now.
Re: Re: DLL's
“Anyway, I dont think they are complaining as much about bugs as they are about security flaws/exploits. “
What about the security flaws/exploits of other OS’s? There are plenty of unix viruses.
“You’re lucky you didnt post that on slashdot, you’d be all crispy now.”
Too much traffic, too complicated filtering system, so I don’t do slashdot.
Re: Re: Re: DLL's
I think the point is that a preemptively multitasking, protected mode virtual memory operating system shouldn’t be letting third party DLLs crash the system. It just shouln’t happen.
Re: Re: Re:2 DLL's
I seem to recall that for about a decade after windows introduced plug-and-play, Sun terminals would still crash whenever someone accidentally unplugged the keyboard. The jacks were very loose and easy to come off, too. Seems like something that shouldn’t happen for an operating system that is supposed to be more “heavy duty” and “reliable” than windows.
Re: Re: Re:3 DLL's
I’ve seen loose keyboard connectors blow a PC motherboard. This is a hardware issue instead of software.
VMS is an amazingly stable OS. Our VMS servers never crash. But if you want to upgrade or add anything you’re locked into proprietary hardware and software. Ever since Compaq bought up DEC they’ve been trying to kill off the VMS product line and now the whole Alpha product line.
Re: Re: Re:3 DLL's
If you jiggle the keyboard on My XP box, you lose all ability to type – nothing bar a reboot will fix it. So it still happens.
Re: Re: Re: DLL's
“What about the security flaws/exploits of other OS’s? There are plenty of unix viruses.”
whoa there Dorpus. Who is feeding you this info? I’ve know of viri on windows, macos and I even remember them back on the Amiga, but I dont think I’ve ever heard of a unix/linux virus.
Worms, sure. But I’ll bet that most of the bad publicity that unix/linux got was from the two most craptastically exploitably programs apparently written by drunks: bind and sendmail. These two programs have a fairly simple function but for some reason keep getting cracked. If those were written correctly unix/linux would have a much better track record.
As for those terminals locking up when the keyboard was unplugged I suspect it was a hardware problem, not the OS, but even if it was you cant really judge a OS’s robustness by its ability to handle changes in hardware while its running. I dont even know if old sun terminals were running unix, it might have been some stripped down OS that ran an X server.
Re: Re: Re: DLL's
“Plenty of UNIX viruses”? Name me one. There have been a couple of worms (entirely different) but no viruses that I have ever heard of and I’ve been doing Unix for 25 years and more. Viruses just don’t work on UNIX because of its securty model.
Ok, then explain this.
that doesn’t necessarily make them negligent.
There is a call that lets you get the MAC layer address from your network card. When Mircosoft ‘patched’ for the blaster issue, that call now returns a fixed address.
Please explain how such programming is not negligent?
Re: Ok, then explain this.
“There is a call that lets you get the MAC layer address from your network card. When Mircosoft ‘patched’ for the blaster issue, that call now returns a fixed address.”
Please clarify–why is a call for the MAC address a problem, and what do you mean by ‘fixed address’?
Yes, because "the hood is welded shut."
Software vendors of closed source products should be held liable for flaws because the opaque nature of their products.
ms = bugs = profit
the basic difference/problem is that open source leans towards accountability and hence relability, while mickeysoft leans toward profitability thru monopoly, lawyers & obfusication. why fix something ifyou can charge for it in the next release. microsoft is a monopoly that minimises competition & hence improvement. ie despite what pr they generate, they are greedy, short sighted, arseholes who cause as much problems as they solve.
Re: ms = bugs = profit
Haha…
When I read this subject line, only one thing came to mind…”We are getting a hell of a profit fixing Microsoft’s bugs!”
After all, if it wasn’t for Microsoft, I probably wouldn’t have the decent paying, great experience, “god I love to come to work” job I have right now. They are literally paying my paycheck with their lack of security.
Of course, my job as a Linux/BSD/Cisco administrator is stable, so I could always just spend all my time at work doing that, but it is more fun doing heavy patching of Windows boxes, and then of course the extra time spent investigating the break-ins and viruses under the Windows OS which makes my life complete…
Hidden and tags within document.
Analogies with other products
The article points out that what you really get when you purchase software is a license, not a “good” (although certainly in the economic sense you’re buying a good) so all of the consumer protection laws don’t apply. Clearly this will need to addressed legislatively, even though I’m generally opposed to such things.
With many products there’s a concept called “merchantability”, which basically says that if a device is sold as a sewing machine, it needs to be able to sew in the way a reasonable person would expect to do so. Another example is a used car, the steering should turn the wheels, it should move when expected to, it should eventually stop when the brakes are pushed. After that, you’re on your own.
Maybe there’s a way to include concepts like this for software. Perfection isn’t expected, but a package should state it’s intended functions, and should, at a minimum perform those functions in any reasonable computing environment. Using the Firestone example, I should be able to fit the tire to any appropriately sized wheel, and I should be able to expext a reasonable product lifetime when driven over typical surfaces. If I put the tires on the wrong size wheels and drive 150 MPH on gravel, well, I guess it’s my fault if I get a flat (or worse).
Security-wise there’s plenty of precedent for “reasonableness” in other areas – I can’t very well accuse someone of theft if I leave my CD player on the sidewalk overnight with no identification on it. If they break into my locked car to get it, that’s a different story. Maybe these sorts of examples can be made into a workable “reasonable” standard for security expectations for software vendors.
The key here is to provide some sort of information (and possibly recourse) to consumers without creating barriers to entry for new software authors. Not an easy problem, but probably not impossible either.
Re: [False] Analogies with other products
Two comments:
1. The concept of implied warranties of merchantability or fitness for a particular purpose were legal constructs designed to allow for physically injured persons to recover when they were harmed by a product. Those doctrines became strict liability, which says that you can’t bargain away, as in an EULA, your protection from physical harm. Legal thinking then and now is that people should be allowed to bargain away their protection from economic harm since people and businesses do this all the time – it’s called insurance or hedging or any of a dozen other forms. Those concepts are not readily transferred to software.
2. You most certainly can be convicted of theft of a CD player with no name on it left on the street. States have slightly different versions of their statutes, but in NY for example, anything you find has to be turned in to the police and, if unclaimed, you may claim it. So your premise is unfortunately wrong (in spite of all we’ve heard, finders are not keepers and losers not always weepers).
Even if it were true, I’m not sure that “reasonableness” is as good a standard in this situation as we might think. I am not a Mac expert or even casual user, but do we all believe it’s *really* true that Macs are impervious to viruses, or that MS is simply a bigger target (for many reasons)? What Mac users think is “reasonable” may simply be luck or anecdotal evidence.
Re: Re: [False] Analogies with other products
Both are excellent points.
You are quite correct when you talk about exisitng liability concepts having trouble in application to software. The original article makes this point as well. That’s why I think we’ll eventually be in a situation where definitions and applicability will need to be legislatively determined. Not an appealing idea when you consider how bad some of our computing-related laws have been. But you’re right, in thier current form you’d have trouble getting merchantability laws to work for software.
As for the second point – I simplified the example to the point of inaccuracy. We’re not even talking about criminality here, rather civil matters (for which liability limits need to be defined). I probably should have referred to being able to recover damages if you haven’t met the burdens of discovery and minimization in relation to minding your own “security” – but that just seemed to be a little too obtuse.
So, thanks for the excellent points. Have a great weekend.
Re: Re: Re: [False] Analogies with other products
The article says:
“But since the mid-1990s, a string of court decisions has upheld the validity of using license (nb: context implies shrink-wrap) agreements to limit a software maker’s liability.”
Is this true?
Have products sold over the counter ever been determined to be not Uniform Commercial Code?
Can anyone cite a reference please?
Possible marketing advantage for Microsoft
If they *do* become liable in some way, then they can use it as a marketing advantage against Linux. “If on the off chance you are hurt by a remote exploit, we’ve got $50 billion you can sic your lawyers on! Top that, Red Hat!”
– adam
MS should not be liable...
I think it’s justifiable that MS could not be held liable, but if that’s the position MS holds, then they can’t turn around and criticize open source OS’s for their lack of liability…