OSNews

Perhaps we can get MS to pay up for all the lost productivity in the workplace due to Windows, word, etc crashing and having us lose valuable work time - not to mention reboot time waiting, screwing with the machine, etc. I'm a Mac OS X user now, but when I did use Windows, I can't tell you the amount of lost productivity I had. Microsoft, IMHO didn't care *because* they are a monopoly - they had no incentive to fix.

Im conflicted on this whole thing. While I think MS doesnt pay enough attention to security, they can't be blamed for holes. No software is perfect, and that's the truth. Now, if they're going to prove MS purposely put bugs in Windows, thats a different story.

If these guys win, I fear for all of the volunteer developers who will be forced to stop. Would you program for free if you could get sued for it?

Who would she sue if she had been running GNULinux? This is a legitimate question.

I should have added that I do not purport to be a legal expert. Any criticism or correction by real experts will be gratefully accepted. Also, here is a mirrored copy of the complaint:
http://www.hldownload.com/MScomplaint.htm

Good question, but remember that the premise for the lawsuit is that MS is a monopoly, and you have no choice in accepting the EULA. GNU/Linux is not a monopoly by ANY definition. You have a choice to accept, or reject, EULA's.

Does the MS software license have a "As-is" or hold harmless clause? If so then the lawsuit is really an uphill battle unless there is significant proof of negligence. While I have issues with Microsofts security practices in general I do not think they have been willfully negligent. I believe the no warranty clauses in the GPL (11 &12) should protect open source coders for the most part, even given willful negligence.

9/11 victim's families already are suing the building owners, the airport, and port authority, which I find disgusting. A horrific act commited by madmen is not something that you can blame on anyone but the madmen who were behind the plot. No ammount of precautions the building owners might have taken could have prevented this evil act.

I do agree with this suit though. It's about time someone held MS accountable.

Excuse me, I genearlized. I didn't mean that all 9/11 victim's families are suing. It would have been better to say SOME.

I am right there with you, people are sue happy. I need to read the article but is it certain where she lost her identity, could be from throwing away papers that has her ssn and other information. I wonder if the license agreements were altered a bit, if that would hold up in court

i believe in tort reform. I believe there are too many lawsuits that are hurting the US economy and american people.

That said, i think lawsuits against MS are a good thing. In a free market (a real one) competition would regulate MS' behavior (perhaps they'd improve security features due to competitive pressures). MS, though, is a monopoly that faces no regulation and no competition. That means the only thing left to change MS behavior is the prospect of lawsuits.

They are already suing the airliners, why not the owner or builder of the building. Hell they can sue MS because wasn't it proven their flight simulator was used for practice for the terrorists ?

"Good question, but remember that the premise for the lawsuit is that MS is a monopoly, and you have no choice in accepting the EULA."

"You have a choice to accept, or reject, EULA's."

Which is it? You can't have it both ways.

If Microsoft is a monoply, how can I use Linux, Mac OS etc?

Quote --- "While I think MS doesnt pay enough attention to security, they can't be blamed for holes. No software is perfect, and that's the truth. Now, if they're going to prove MS purposely put bugs in Windows, thats a different story."

I disagree. There is an important, though also very fine, line between an attack they have no conrtol over, and negligence. As an example, take Outlook and its past problem of auto-running attatchments. If a trojan gets on someones system because Outlook auto-ran the attatchment by default, partial blame SHOULD go to MS. If, on the other hand, it does not auto-run it by default, but the user enabled that feature or simply saved and opened the attatchment themself, then the user gets that partial blame instead of MS. Of course, the other part of the blame goes to the attacker.

The question on how this effects GNU and BSD licensed software is a much more difficult one however. It will be interesting to see how this plays out.

"As an example, take Outlook and its past problem of auto-running attatchments."

When did Outlook automatically run attatchments?

That if they are going to take the time and effort to ship a binary only product, they are the only ones that are able to make security changes, or know what is going on. Therefore, I think that they are liable.

I use linux, and I can (not that I am extremely capable to) make changes to the software, and inspect it as I choose. I do rely on others for a lot of fixes, but there are lots of eyes that see my sources, and therefore more open for someone to see a problem and fix it.

If they want to keep everything under lock and key, they are the one responisible for holes.

You actually rent Microsofts software, you pay to use it,
so yes they are fully responsable for the bugs and security flaws just as your landlord is for not fixing the pipes..

Quote --- "When did Outlook automatically run attatchments?"

More then one version of Outlook that would automatically run attatchments when an email was opened. I do not believe it has been an issue in more recent versions however. They learned there lesson on that one. Besides, its just an example to illistrate where I believe the line is between incidents beyond MSs control and negligence.

There is no technique for writing a large piece of software and avoid introducing security holes. I mean, even if you go the OpenBSD approach and sift through the entire code base every 6 months, you still miss something bad once every few years.

If this suit succeeds, then:

1) development will slow down. The only reason open source applications can grow so fast on so slim resources is that they release frequently and use the users as beta testers (one can make an argument that Microsoft does the same thing). If developers are liable for screwing up the user's computer, they will err on the side of caution and spend time looking for bugs instead of making radical changes to their program.

2) small/independent developers will go out of business. Either they will have to buy liability insurance, or they will have to maintain an expensive notarized paper trail detailing how many hours they spent looking for what security flaw, or they will have to put up a bit notice saying "this is alpha release - I am not liable" and give ignorant customers an excuse to stick with big, suable vendors.

3) open source will be in serious trouble because of the slippery slope effect. If it becomes the duty of programmers to make secure code, perhaps someone could argue that only licensed, bonded programmers should be allowed to touch the keyboard. If you don't pay $$$ for a degree, and don't pass an official exam, and don't work for a licensed corporation, you just might lose the right to release software to the public.

I have no love for Microsoft, but if this suit succeeds, it might destroy open source and seriously hurt the entire industry.

Please refer to your original question, and my answer. You changed the context of my note, and then changed the subject all together. I only answered your question about whom to sue fot linux problems, nothing more.

If I were a judge (or whoever it is the task to accept or recuse complaints). If there is no pledging (of security), there is no obligation. If the vendor (or editor) has not promised you that you would be secure, you can't sue him. It's like when you buy a house, then some thief breaks in. Are you going to sue the vendor or the constructor if you never talk about the house security? I bet only the thief will be sued, and your insurance company will ask you why the hell you didn't do anything to make your house secure?
Disclaimer: IANAL.

I don't have an account on MY Times so didn't read the article, but I'm wondering if there was a patch available at the time that her system was hacked?

Well I think we can all agree America is Sue-happy. But I do take take some exception to some of the analogies. For example the 9/11 example.

Yes, its ridiculous to sue the building people. I mean no one has in mind a normal building being built to withstand 2 planes. But there is a case to be made against the airlines. These men were able to

A) carry blades onto the plane
B) hijack the plane
C) enter the cockpit
D) fly the plane into a building

Step C at least is possibly negligence. I'm not saying I think they are responsible, but there is a case to be made. A similar case can be made against cars which are poorly designed to withstand crashes. It is reasonable to expect a certain amount of security in any product.

As to this specific case to MS. The courts will have to decide if MS was negligent in their security. On this I am inclined to side with MS. Enough news has been published to make people aware of virii. MS, whether you agree or not has undertaken security as a priority.

Correct me if I'm wrong, but aren't things like telephones regulated for a certain amount of reliability (at least in canada). If so, perhaps such a model is needed for OS, given that it is such a critical system

Quote --- "If it becomes the duty of programmers to make secure code, perhaps someone could argue that only licensed, bonded programmers should be allowed to touch the keyboard. If you don't pay $$$ for a degree, and don't pass an official exam, and don't work for a licensed corporation, you just might lose the right to release software to the public."

Actually, thats an interesting idea, though I disagree that it would necessarily force all programming to large corporations. I could see somthing like that happening. After all, I wouldn't want anyone but a licensed and bonded contractor doing work on my home, so why would I want any less for my software? Damaged software can be just as difficult on ones finances as a damaged home these days.

If anything, this would make it EASEIR for independant programmers. People who need software made would be more comfortable going with licensed and bonded independents for important projects, where as today they may prefer a larger company for liability reasons.

If MS is going to take the responsibility for storing personal information like Credit Card numbers, addresses, etc., then MS is responsible for ensuring the confidentiality and integrity of that information.

Perhaps it could be shown that MS has shown negligence in a specific system which lead to stolen identities.

>It's like when you buy a house, then some thief breaks in.
>Are you going to sue the vendor or the constructor if you
>never talk about the house security?

You do not buy MS software you rent it, you may only use it, the comparison is therefore wrong.

"A horrific act commited by madmen is not something that you can blame on anyone but the madmen who were behind the plot. No ammount of precautions the building owners might have taken could have prevented this evil act. "

Then, actually the same as "An illegal pirating commited by madgeeks is not something you can blame on anyone but the madgeek who were behind the code. No amount of precautions the OS developer might have taken could prevent all of those illegal acts".

"I do agree with this suit though. It's about time someone held MS accountable."

And on which basis ? Microsoft products are the targets of terrorists. Why should they be responsible ? They make an *OS*. Some people made fun of ATTACKING this product OS.

And just think twice before wishing it. If Microsoft lose, then a *precendence* is set, and this is a real danger, as then ANY legal action can use this precedence against ANY target.

I know many people hates Microsoft for some despictable action. The Microsoft should be punished regarding THOSE despictable action, nothing else. On the contrary, the whole legal system lose, and everybody lose.

What a mess this is going to be. I guess her computer must be siezed to see if she applied the MS patches regularly, updated to the latest secure version of the particular software she was running, was using antivirus software like everyone should, (maybe symantec or McAfee should be sued too!)...and the list goes on and on and on.
Maybe the websites should be sued because they "could" impliment 256 bit security if they wanted to, but hardly anybody does. And maybe the thief should sue the plaintiff for allowing him to access her identy so easily...after all it was just too tempting for the thief who we all know is really not a theif, but just has a mental illness and couldn't help himself when these identies that are so easily accessible and insufficiently protected through the lack of secure software!

As usual it will end up being everyone's fault .....except for the theif!!!

I agree to you in a way but you must also understand the avarage Windows user. MS is advertising as if Windwos is all good, secure, stable etc. They are not full responable for the blame but sure they must get some of the heat.

kreg... i totally agree and this will probably be what protects open source...

I guess with all the above responses it pretty much is loose/loose for everyone but the lawyer and the plaintiff. One thing that does bother me is whenever it finally does happen in a Linux machine, I guess you would ultimately be sueing the GPL...not for money, but to have it dismissed, (for reasons, see many responses above). I guess??

There's just potentially too much to loose for anyone involved in any way, shape or form with this.

I am not at all a legal expert. But the way I see it, that would only affect americans. Once again. People elsewhere shouldn't worry too much I guess.

"Yes, its ridiculous to sue the building people. I mean no one has in mind a normal building being built to withstand 2 planes."

Not arguing with you, just to inform you, and everyone else. The designers of the twin towers actually did design the towers to withstand the direct hit of planes. I forget which size, a 707, or a 737, or something like that. A bit smaller (relatively) then the planes that actually struck.

But nevertheless, they did plan and build the buildings in case a plane did hit. They did this because of the shear height of the buildings, and that a plane might accidently hit one of the towers because of technical problems (that was the reasoning).

So yes, even though we wouldn't think of it, architects and engineers do.

Remember, the lawyers are contesting that because Microsoft is a monopoly, they need to be held to these high standards, and that an EULA is something they shouldn't be able to hide behind.

The fact is, they are acting like they are a monopoly by not fixing their products, and selling products they know are insecure.

When you buy a car, and that car blows up because of a faulty part, is the company that built the car liable? Or is it your fault? I mean, EVERYONE is a car expert and knows which cars are not good.

No, it's the companies fault. They built a faulty product. This faulty product caused damages.

So suddenly, a monopoly does the same thing. Damn right it should be at fault.

People seem to forget that Microsoft IS a monopoly.

I think that this whole case is stupid, I dont like MS any more than the next guy, but its not there fault that some ppl dont have there computers running properly. If MS were to make some type of program similer to AVG or nortan then ppl would complain that there using not being fair, and when they dont include this program like now and leave it to the consumer to secure thier computer then they get slamed for having poor software. And yes MS code sucks but that doesn't mean that ppl cant get linu/Unix/BSD or get a firewall or somthing. People need to pull thier head s out of the sand and look at the reality MS has had a bad rep for this sort of thing for a long time, so if you use it then you know what your getting into. People need to stop blaming MS for everythong and install Linux or buy some scurity apps.

"Not arguing with you, just to inform you, and everyone else. The designers of the twin towers actually did design the towers to withstand the direct hit of planes. I forget which size, a 707, or a 737, or something like that. A bit smaller (relatively) then the planes that actually struck."

Taking a plane hit seems to be a commong requirement for large structures. I am not sure how it's done in America, but (according to a Russian nuclear engineer I talked to) the Soviet nuclear power plants were designed to withstand a plane falling on them from some height. And before you start talking about Chernobyl - much of the blame lies on the operators who didn't follow the safety manual when rebooting the reactor.

Not arguing with you, just to inform you, and everyone else. The designers of the twin towers actually did design the towers to withstand the direct hit of planes. I forget which size, a 707, or a 737, or something like that. A bit smaller (relatively) then the planes that actually struck.

Also remember that it wasn't the impacts that brought the towers down, it was the ensuing fires.

But I'm with Microsoft on this one. They shouldn't be forced to guarantee the quality of their products. If people use them and lose their data its their fault. Its not like alternatives don't exist. And its not like Windows cannot be made secure. These people are just too lazy to do things right. They are stupid and deserve what they get. But I do believe these people should be humiliated publicly for using Windows and losing their personal information. The more publicity this gets the more people will consider OSX, BeOS, Linux, GNU, BSD, etc. The media is extremely biased, so perhaps it too should be criticized for even mentioning Microsoft as being secure, each and every time they say it.

Don't know how it goes by your side of the world, but on my side, there is no difference whether you rent or you buy the house.

You actually rent Microsofts software, you pay to use it,
so yes they are fully responsable for the bugs and security flaws just as your landlord is for not fixing the pipes..

So is Red Hat, Suse, Mandrake, and all the others whether you paid for it or not(downloaded).

This lawsuit is about defective software rather than the criminals that abused it. Our legal system here in the states makes sure that when a judicial ruling occurs that is based on no prior precedents, it establishes a new precedent which binds it into defacto law. If this suit succeeds these following situations will occur because the ruling will set a new precedent and will apply to all software free or fee.


My copy of Quake III crashed on Red Hat Linux, I'm gonna sue ID Software and RedHat for defective software and emotional distress.

or

My copy of gLabel crashed on Red Hat Linux and Gnome, I'm gonna sue the devlopers of gLabel, Gnome and RedHat for defective software, lost work time, and emotional distress.


I can just see it now, a lawsuit filed against VU and Valve next year by a user whos experiance with Half Life 2 was compromised by cheaters and sues for 100 million dollars for defective software and emotional distress.

This is like the Eolas v. Microsoft suit. You can't apply a law or ruling to against one entity and not apply it to similar violations by other entitys. That means the greedy lawyers now see a cash cow and will go after Adobe, Macromedia, Intel, Sun, Mozilla.org(and all incarnates), AOL, Real and others. Even the W3C will get hit by a lawsuit.


There is just to many lawyers and lawyers abusing the system.

Quote:
"1) development will slow down. The only reason open source applications can grow so fast on so slim resources is that they release frequently and use the users as beta testers (one can make an argument that Microsoft does the same thing). If developers are liable for screwing up the user's computer, they will err on the side of caution and spend time looking for bugs instead of making radical changes to their program. "

M$ development will slow down, and that's a good thing. Since they have a monopoly, they get new version out too often for large enterprise to have enough time to handle, and thus, cost millions of money to upgrade every 2-3 years, witch is unacceptable. The rest of the industry will inovate without fear of being purchased of copied. So it's a good thing.

Quote:
"2) small/independent developers will go out of business. Either they will have to buy liability insurance, or they will have to maintain an expensive notarized paper trail detailing how many hours they spent looking for what security flaw, or they will have to put up a bit notice saying "this is alpha release - I am not liable" and give ignorant customers an excuse to stick with big, suable vendors."

Small vendor almost allways produce more quality code and check more with their customers than M$ does. So they don't have to fear any of this. Those who do fear are the one that produce crappy software and should even be in the software field in the first place.

Quote:
"3) open source will be in serious trouble because of the slippery slope effect. If it becomes the duty of programmers to make secure code, perhaps someone could argue that only licensed, bonded programmers should be allowed to touch the keyboard. If you don't pay $$$ for a degree, and don't pass an official exam, and don't work for a licensed corporation, you just might lose the right to release software to the public. "

What are you talking about? Open source has nothing to worry since people that use that kind of software do it by choice, not because they have to upgrade because they're not supported? I think it will even boost OSS as they already produce quality software over quantity.

Microsoft is a monopoly, don't forget that. This means that for the average consumer, an alternative doesn't exist. Soon, that won't be the case, but Microsoft has been a monopoly for some time, and that means they need to answer for it.

Also, it's wrong to assume the that user should be responsible for making Windows secure. If you buy a car that has the wrong sized tires, who's fault is it? If that car crashes because of those wrong sized tires, can people blame you for obviously not knowing that you car had the wrong sized tires, and going out and getting them replaced?

This is a big ugly issue.

Software makers all over the planet take responsibility for their software every day. This liability is enforced through the contracts that the developers have with their clients. The responsibility, duties, and obligations are enumerated in the agreements.

The problem is that this level of care is done typically only with individual, custom software, and is usually quite expensive. But if you go into a contract with a client and don't meet the expecations and performance spelled out in that contract, then expect ramifications.

With consumer software, you typically don't enter into these kinds of contracts. Most folks can't afford them because the difference to having software "mostly work" and "perfectly work" can be quite dramatic, especially very complex systems.

Consumer software makers live on the fine line of hyping and promoting Wonderkind software while denying all liability and responsability. Most companies try a reasonable effort to help consumers surmount basic problems, but if you, say, reinstall Windows, and still can't get their software to run, they're not going to go to heroic efforts to make it work. If they're really nice, they might even give you your money back, but if you read the assorted licenses et al, they're really not obligated to.

However, if a software glitch slams a Boeing 777 into the ground, you can be assured that Boeing WILL be held to task for the issue, because they sell and maintain the entire system. But Boeing is perhaps at an advantage in that they have really good control over the entire platform, whereas Joes Software doesn't know much about your machine save that it's running Win95, and that it's relying on Microsoft to handle the details like hardware drivers and what not.

This gets into the lovely finger pointing common to modern software "It's your vendor! It's the driver! It's Microsoft!".

Most other products live nice, secluded lives that make them vastly easier to support. If your car starts doing odd things, you can take it to the dealer be assured that they won't say "Well, our test car doesn't do that, so it must be you." They can "easily" take the entire system as a whole and isolate the problem, fix the problem, in isolation, and if it's an "engineering issue", forward the data back to the factory on how to fix it and perhaps prevent it in the future.

Computers, specifically Consumer computers, are not stable platforms. Somehow modern systems are able to take simple, deterministic bits and processes and turn them into unpredictable chaotic systems. This is a key factor on why support for these systems is so difficult and expensive.

Add to the fact that not only are the system themselves changing, but adding the connectivity issue and the fact that the external environment is simply getting more and more hostile exacerbates the problem.

When developers can rely on their platforms, when they can get assurances of quality and liability from the vendors they craft their systems on as well as the platforms they deploy their systems on, then we can have a more stable sytem environment, though I imagine at this stage a for less flexible one.

As far as certifications etc, there's another side of the coin. Contracting, say, a home addition requires the tasks of licensed contractors. These contractors are licensed through a similar process as an MCSE. They're tested. Here in California, they require a couple of years of experience before they can test, but I don't know about other states.

Minimally though, it comes down to the test. Remember, 50% of the those that tested are in the bottom half of their class.

But as a back up to the license contractors, there's the State mandated building codes AND building inspectors. These folks "test the work" of the contractors. Of course, the beauty of building a house is once it's built, it's pretty static, so the inspector need come at best only once.

How many software systems stay that stable? Can you fathom bringing somebody in as your project is ready to deploy to audit the entire system? Code freeze the project and docs while the inspectors come through to learn the requirements and ensure quality and stability? Can you as a consumer rely on the developer to audit and check their own work? Should building contractors also be inspectors?

How many folks today decided to NOT change something because it requires a time consuming regression test? "Well, we changed the JVM, so let's test all 1500 JSP pages, shall we?"

Yes, this can all be done, but the environment, economically, historically, and culturally, does not support it. I'm sure Boeing does something like this for their 777, but most business systems can't and don't. Ever have a business system written, tested, documented, running, and deployed when all of sudden they get the "WalMart" contract, with edicts on how Things Must Be Done?

This is the dillema, and there's no easy answer.

>Don't know how it goes by your side of the world, but on my
>side, there is no difference whether you rent or you buy the
>house.

If oyu buy a house you are responsable for the pluming, if you rent the landlord is, just as it is in @ your place.

The comparison is nice but you cannot compare a thief breaking
into a house with buggy and not correctly working software from Microsoft on wich the user cannot change the working of it (say: locks).

Quote:
"I think that this whole case is stupid, I dont like MS any more than the next guy, but its not there fault that some ppl dont have there computers running properly. If MS were to make some type of program similer to AVG or nortan then ppl would complain that there using not being fair, and when they dont include this program like now and leave it to the consumer to secure thier computer then they get slamed for having poor software. And yes MS code sucks but that doesn't mean that ppl cant get linu/Unix/BSD or get a firewall or somthing. People need to pull thier head s out of the sand and look at the reality MS has had a bad rep for this sort of thing for a long time, so if you use it then you know what your getting into. People need to stop blaming MS for everythong and install Linux or buy some scurity apps."

Windows has reach the status that it is everywhere and that anybody can use it. You can requiert 'casual user' to be an expert and to know everything about computer security, etc, etc. Do you know everything about your car or do you trust that GM, Ford, Honda or everyother carmaker had carfully checked everything for you (beside normal maintenance)? When something is considered dangerous for you the driver, a callback is issued and those carmaker are responsible to repair your car, even if the warranty is void. MS as reach that same status and must be held responsible for the lack of architecture of their systems. Security holes are their because people at M$ made mistakes. M$ now must assume them: they should pay the price like any other multinationals.

I see your point. And you're right. In fact, the comparison is inaccurate. Because you are effectively responsible for your own security, so if a thief breaks in your house, which has not been secured, you can't sue the proprietor (he has no obligation and you have agreed to rent the house, as is), but if the house explodes because of bad plumbing, you are entitled to sue the landlord (he is responsible for concealed flaws, even if he is not aware).

Interesting case. I wonder who is going to be held responsible.
Now I can say that I would accept the complaint, and that I am glad not to be the judge.

Quote:
"M$ development will slow down, and that's a good thing. Since they have a monopoly, they get new version out too often for large enterprise to have enough time to handle, and thus, cost millions of money to upgrade every 2-3 years, witch is unacceptable. The rest of the industry will inovate without fear of being purchased of copied. So it's a good thing. "

You make a good point about Microsoft. However, the same argument applies to the rest of the industry. Concerns about liability will slow down all development, commercial, open source, or free.
To take a specific example: gcc 3.3.1 was released in August; gcc 3.2.3 was released in May and by now is closed. Guess which compiler I am using to compile my (Gentoo) system? Correct, 3.2.3. Why? Correct, because 3.3.1 produces bad code once in a too-frequent while. So if the gcc people worried about liability, they would be testing and retesting gcc 3.3.1, and would release it sometime next year.
BUT try making a 3.2.3 cross-compiler for an ATmega16 AVR (an embedded processor). At least for me, it didn't work, so I have to use the less-stable 3.3.1 as a cross-compiler. If there was no 3.3.1, I would be out of luck because 3.2.3 just doesn't have all the features I need.
My point is: today, developers sarcrifice stability for features, and it's often a good thing.

Quote:
"Small vendor almost allways produce more quality code and check more with their customers than M$ does." [...]

Maybe. But Microsoft can afford to prove (if it gets sued again in the future) that it made an honest effort to look for bugs by keeping an audit trail or doing regression analysis or whatever. It is harder for small companies to afford the expensive audits.

Quote:
'"If you don't pay $$$ for a degree, and don't pass an official exam, and don't work for a licensed corporation, you just might lose the right to release software to the public. "
What are you talking about? Open source has nothing to worry since people that use that kind of software do it by choice, not because they have to upgrade because they're not supported? I think it will even boost OSS as they already produce quality software over quantity. '

If (for example) California passes a regulation that (for example) state schools must use software produced by (for example) software engineers or corporations licensed in the State of California, most open-source projects would not be able to compete.

> and that I am glad not to be the judge.

I am also because i think i would not be objective in this

Can someone explain why is is Tort Reform and not Court Reform? I always assumed it was a Typo when I saw that before, but everyone seems to use it.

Or maybe its Torte Reform, I'm all in favour of better cakes.
=;-)

They shouldn't be forced to guarantee the quality of their products.

Then it's a good thing that they do so voluntarily.

http://www.microsoft.com/windowsxp/evaluation/default.asp

GG

Will:
This is not the case of some unknown error slipping up in a release version of software. This is a case of negligence on MS side - credible security researchers have notified MS that some of their design decision might cause security problems, then security problems exploiting those design errors surface and never really stop appearing as new problems in implementation of a broken concept are found. Futhermore, patches are often ineffective and mask the problem instead of fixing it. It may be understandable that not every bug can be found, but if a sequence of events like this happens, I think the company should be considered guilty of gross negiligence.

Why do people keep repeating this tired old nonsense? Do they even know what a monopoly is? A company has a monopoly when it has the *only* available product or service in a market segment - when there are no alternatives. A company can have 100% marketshare and yet still not be a monopoly. "90% marketshare" does not mean "monopoly". It just means that MS are better able to meet the needs of their customers than the competitors - but those competitors are still there and are still alternatives, and therefore, MS has no monpoly hold.

Monopolies in general are only really a difficulty when they are legally enforced monopolies. Britain used to have this problem with the steel industry, the phone industry, and so on, because they were nationalised and so consumers had to put up with unbelievably shitty service with no legal competitors around. Now there is British Telecom, which must have 90% of the marketshare, and yet is *far* better than the old state monopoly, being cheaper, faster, and so on. No more waiting for a month for the Post office to enable your phone, thank God.

This singular fact - that MS is not a monopoly - is the reason that they keep trying to improve their products. Admittedly, their improvements may not please the geeks on this site, but those improvements, over time, are not aimed at the people who frequent this site. Their improvements are designed to serve the needs of the *customer*, they are not designed to be purely technical decisions - as many here would doubtless wish them to be. It is this positioning of their products and their ability to serve the needs of those customers that has built up MS's success over the years, and of course, their marketshare. People buy MS because they want to and because they percieve MS as providing the best solution for their particular needs. In a monopoly, they would buy MS because they *have* to, because there is no alternative, but for MS, this is not the case.

Another, related reason that MS is not a monopoly is that it has a massive installed base to compete with. Every time MS releases a product, it has to be better (as far as the consumers are concerned) than the previous, otherwise it will not sell. Every product that MS has competes with all the products that have went before.

All told, this "MS is a monopoly" talk is the utmost drivel and balderdash and anybody peddling it should feel ashamed of being either a fool or a demagogue.

Thank you.

"Remember, the lawyers are contesting that because Microsoft is a monopoly, they need to be held to these high standards, and that an EULA is something they shouldn't be able to hide behind."

This is purely arbitrary. Who get to decide which standards are the held responsible ? At which level ? Can I sue them if my Hard drive crash and loose data, even tho it's not Microsoft responsibility ? Because hey ! They have a monopoly !

"The fact is, they are acting like they are a monopoly by not fixing their products, and selling products they know are insecure."

Well, cars are insecure too. Constructor put some stuff to reduce the risks (belt, etc), but they can't give you a perfectly safe car. Nor can *ANY* OS developer can give you a perfectly hacker-safe OS.

"When you buy a car, and that car blows up because of a faulty part, is the company that built the car liable? Or is it your fault? I mean, EVERYONE is a car expert and knows which cars are not good. "

Your example just make not sense at all. You talk about a car burning itself, that we can compare to Windows, for example, crashing itself for no reasons.
Here we are talking about a THIRD PARTY THIEF that come unexpectedly to your car, and stole your credit card inside.
That's exactly what happened, with her Windows. So do you tell me that the car vendor is responsible for her stolen credit card inside the car, as much a Microsoft is responsible for her data stolen by an outsider hacker ?

"People seem to forget that Microsoft IS a monopoly."

Yes Microsoft is a Monoply. But people like you seems to forget they have to be sued for REAL reasons of illegal activities, and NOT for that crappy reason that set a dangerous precedence for EVERYONE.

I am not sure how to view this case. I do come from a time before law suits. I have often felt that too many sue for too little reason. But then again...

Microsoft offers closed software – they in effect say only Microsoft can fix this. Then if they know of a flaw or weakness in the security and do not fix it quickly they are in fact responsible for no other reason than they have barred everyone else from fixing it. This would be like GM or Ford making a car and refusing to sell the parts or service manuals so that others could fix problems. Then add in an unwillingness to make the repairs themselves. Ah, now you see the problems with closed code. So Microsoft has pulled this down on their own head. They have take full 100% responsibility for how MS products work. With 100% responsibility comes 100% liability. With Open source everyone can access the code and everyone in theory can fix it. But even more important is that no one is 100% responsible for the code or its structure. This greatly reduces the probability that someone will be liable enough for code to make suing worth while. It may well be this liability problem that brings about the end of closed proprietary software.

"The comparison is nice but you cannot compare a thief breaking into a house with buggy and not correctly working software from Microsoft on wich the user cannot change the working of it (say: locks). "

Uh ? Never heard of firewall ? anti-virus ? Yes, Windows CAN be changed to make it more secure (like say: locks on a house).

"Do you know everything about your car or do you trust that GM, Ford, Honda or everyother carmaker had carfully checked everything for you (beside normal maintenance)? When something is considered dangerous for you the driver, a callback is issued and those carmaker are responsible to repair your car, even if the warranty is void."

Sooo wrong it's frightening. Is my car from Honda can be used as normal in safe manner ? YES. Is my Windows from Microsoft can be used as normal in a safe manner ? YES.

Now, is stuff in my car can be stolen ? YES. is stuff in my OS can be stolen ? YES.

Is that so hard to understand for some people on this forum, or you guys so blinded by your hate that you just became fanatics without real logical foundation ?

Benedict, you bring a very interesting point. Many people points at Microsoft as being a monopoly, and at the same time advocating that Linux/OSX is better suited than Windows for most task.

Totally contradictory.

Either you qualify Microsoft as monopoly AND admit that Linux/OSX/etc aren't viable alternative because of Windows crushing superiority, or you continue pushing Linux as better than Windows but then stop repeating MS is a monopoly.

I've seen up to 53 posts so far and as I posted around # 20 or so everyone is giving out all the blame to everyone else except.....THE THEIF WHO STOLE THE IDENTY!!! Yes we need to make software more secure. Yes we need to all be careful and educate ourselves about "driving" the internet the same way we educate ouselves on driving a car. But this whole case in my opinion is nothing but a big agenda machine for some to make money, some companies to crush other companies, to control software maybe, maybe to trash the GPL, or even to license all software writers.......but NEVER to eleminate the theives!

How about this. You get caught with someone else's identity, you recieve the death penalty carried out immediately upon sentensing. That'll put a real quick stop to 90% of it.

Too long have software companies hiden behind licenses which totally absolve them from the consequences of their products. With Microsoft being a monopoly on the OEM PC market (yes Benedict, they are a monopoly in the regard of a person walking off the street into a PC store wanting to buy a PC they then have only 1 choice of OS in 99% of the PC stores) they have to be held responsible for their OS.

They also have to be more active in educating the average PC user in the concept of PC maintenance and software updating. The average user expects a PC to be like a toaster in as far as you buy it and you use it but it isn't it is more like a car where maintenace has to be provided on a regular basis. There is a lack of this knowledge being passed on by the powers that be in the computing industry and people like us who do know haw to deal with PC's would represent if lucky 5% of the PC users out there.

Companies like Microsoft have to have some consumer recourse on the products and quality of them they produce. No more should they (if they choose to hide their underpinnings) be allowed to hide behind licenses and accept absolutely no responsibility.

Unfortunately Judge Jackson disagrees with you! He ruled that MS was guilty of using and continuing to use monopolistic practices in the marketplace. The appeals courts NEVER, EVER overturned THAT decision, just the punishment. While they may not have 100%, [even standard oil only had like high 90's too] they are still big enough for the LAW to consider them a threat to the marketplace.

This is Great for consumers because this is something as a concequence of the court case. It could be argued [heck, we all know it to be more or less true] that MS on many occasions sacerficed stability and security for features to keep up its monopoly. Well, now their a monopoly, and this allows the beginings of regulation on it's industry. These are many of the same issues that we had when cars became dominate on the roads too..

Unfortunately, this means software may soon become like other engineering or professional crafts and start requiring licensing to practice. That's both good and bad. After all, most commercial products and structures in the world require certified engineers to sign off on design and structural integrity. Houses, medical care, food, cars, boats, medicine, trailers, skyscrapers, advertizing, accounting, medical devices, radios, child care, tvs, etc all have many requirements by law because when they were new, just like computers, many people abused the systems and tried to cheat, steal, misrepresent products. Computing is just going through the changes much faster, and we notice it more because we're big fans of them. I don't wish to see mandatory licensing happen...but if it was to, I'd be first in line to sign up for what ever they wanted to stay in business!

In the future, Windows can only be installed by a certified MCP/MCSE and require to have monthly visits from them for security patches installation/check up. 1st year will be free but afterwards you have to pay.

If you do not want to pay for these "warranty" service, you can
1. Go get certified by MS
2. Use alternative OS

mmmm.........

MS always markets 'ease of use' and 'freedom' and pretends that problems don't exist.

In Australia there is a legal term 'of merchantable quality' which means a product is of sufficient quality for its intended use. That means a cheap T shirt won't fall apart the first time you wear it or a car won't constantly break down.

EULAs work because most politicians are technically illiterate. They can understand that a car needs to be reliable and safe. They don't understand that software needs to be reliable too.

MS markets its products as simple and totally reliable. I have never seen an MS advertisement warning of the dangers of malware.

Perhaps Ralph Nader should start a software campaign "Unsafe at any MHz".

This applies to most other makers not just MS.

I see more and more people arumenting their position by using analogies. While this is effective, it is what I call the cheap and easy way to pass ones ideas.
Come on guys, you're all pretty educated, why not use some "Real" arguments to enforce your positions?
Analogies are not always so focused on the discussion. It's always easy to include some "Sophiste" sentences in their (those who took some Philosophy lessons will understand).
Let's stop saying: "well if windows was a car/building/anything then why wouldn't I etc..."

Cheers,

Olivier

No, not good enough. Apart from the fact that consumers can walk into many stores and buy Apple Macs, can buy linux in many a bookshop and PC store, and even off-the-shelf linux PCs in the likes of Walmart for goodness' sake, there's the singular fact that the channel through which they get the products doesn't matter, all that matters is that alternatives are available. So MS is not a monopoly. End of story here, people! As "The Pessimist" rightly and wisely says, you can't keep pushing your alternative OSs as superior and capable alternatives then claim MS is a monopoly. You can't have your cake and eat it too, you have to make a choice here.

Secondly, I detect a lot of rather horrible semi-fascist sentiments here. What's all this "MS must do this, MS must do that"? What the hell gives you or anybody else the right to force and threaten a free entity into following your will? MS is beholden to people through the actions and preferences of a vigourous free market. It HAS to serve the needs of its customers, or it will perish. At the moment, and for the last twenty years, it has done that very successfully - more successfully than anybody else in the computing industry. Of course, one size doesn't fit all by any means, and so many people choose other operating systems and products. Nobody is forcing anybody to use MS products, so why do you want to force MS to do all this nonsense??

If you don't like MS, then exercise your freedoms and do not purchase its products. Do not try to take away the freedoms of others by introducing transgressive force to have MS do what you want, while touting "freedom" and "monopoly" and other tissues of lies as your justification. Exercise your preferences freely through the marketplace, just like everybody else does every day. This is, ultimately, how MS is held responsible already, every single day.

Has anyone noticed that when an article about EULA's appears, someone always asks, "Does MS include an 'as is' clause? If so, you're stuck." Well, yes, every EULA says that...that is the basic use of a EULA.

This goes to show how few people have EVER read a single EULA.

Here are a couple of other goodies in almost any EULA:

The company claims to have the right to revoke your license at any time for any reason. Now with auto updates and activation, anything XP can be remotely turned off with no refund. Some pirate uses a key generator and happens to hit on your serial number, then spreads it all over the planet? Too bad, your software is gone, buy another copy of Office XP please...

How about my favorite: The software does not even have to do what it claims to do!

According to most EULA's, if you went by the letter, you could market a software that prints reports, but actually just plays a .WAV file of the CEO laughing at you. That is an extreme example, but if EULA's are really legal, the company would be safe from fraud charges.

Yes, I think companies should be held liable for their software, just like every other industry is responsible for their product.

Free software such as Linux or OpenBeos however, should be exempt. I figure you are on your own and get what you paid for, as if grandma gives you a handmade sweater.

Compiling your own is like building your own boat, it is your problem to deal with if it is full of holes. (No one to bail you out so to speak)

Now if you pay for SuSE Linux, then SuSE should have the same responsibility as General Electric, Kawasaki or Ford for the customer.

That is the risk of doing business.

Mutiny

What "choice" do I have if I want to share documents with others in a professional business context (consulting for example). Can I choose to send clients Openoffice documents when they use Word? Stop being so naive.

I believe you can send them a word-document, made with OpenOffice. What was your point?

Unless MS is the ONLY solution for any market segment (desktop, middleware, server, whatever), then it isn't a monopoly. That's it, end of story, nothing more needs to be said.

Seeing as there are plenty of alternatives, whether OSs (linux, macintosh), office software (OpenOffice), or middleware platforms (Java), it really isn't a monopoly, is it?

Even is OpenOffice did not exist and did not interoperate superbly well with MS Office documents, it still wouldn't be a monopoly. Businesses, and people, if they *really wanted to*, could muddle by asking partners to use alternative formats. But even that isn't the case, is it?

You can keep trying to redefine the term "monopoly" as much as you like, it doesn't change the simple market fact that MS is not a monopoly by any stretch of the imagination.

"The more publicity this gets the more people will consider OSX, BeOS, Linux, GNU, BSD, etc"

Yeah, BeOS is so secure... BeOS had so many secure problems who such a little marketshare !!!!!! Stop this nosense. BeOS is good for some things, certainly not for security.

On the monopoly stuff : I do not know what it means legally, I have no legal knowledge, and I am not american, so it would be difficult to say something not stupid. The thing is : microsoft have a behaviour similar to the former firms which had the monopoly. Even without having the monopoly : to have everything on microsft products from the ground is the culture of this firm ( a bit like apple; heck, I was freacked out by apple fanatics when I went to the French Apple expo...), and it seems to me it is changing.

Linux IS a serious competitor for microsoft. It is either the only one since microsft had such a power. All the thing about security (yes, microsoft had and still has security problems, but they are improving so fast; see windows 2003, its be default configuration, etc... So much better than the previsous versions) are just because there is now a viable alternative to microsoft products in the field of small and middle servers.

As for office stuff : there will be an obligation for microsoft to open its "standarts" for office files. It is already a reason for big offices to change over MS Office... When hiding will mean more money loss than opening formats, MS will open it.

>but remember that the premise for the lawsuit is that MS
>is a monopoly

In the past few years, there should be a Linux distro appearing at least once on major mainstream PC magazines as their cover mounted DVD/CDs. By this time the consumer has ample time to choose an alternative OS.

PS; My personal system is dual booted with Red Hat Linux 9 and WinXP-SP1.

Lots of interesting posts here. I'll bite on the trolls as far as monopoly goes. Monopoly is both a legal and economic concept. In both there is no requirement for 100% market share for a company to be defined as a monopoly. There is also nothing wrong with being a monopoly per se. That is not illegal. In some industries with high fixed costs and extensive infrastructure, monopolies are the only rational structure to have. Who needs or wants competing sewer companies?

The trouble is the tactics companies use to become monopolies, or remain monopolies. There are laws in most countries that govern what you can and can't do. For example, the Phone company can't start a bank and make everyone pay their phone bills only through that bank. That's called tying. Companies also can't use selective pricing to maintain a monopoly. Air Canada got in trouble last year for lowering prices only on routes where there was competition. That's called predatory pricing.

There can be no debate about this. These are objective and verifiable facts. Likewise, Microsoft was found in US Federal court to be a monopoly. That finding was upheald on appeal. They were found guilty of using illegal means to uphold and extend that monopoly. That was also upheld on appeal. We can debate all we want about how right or wrong these laws or those findings. But let's recognize the facts of the matter.

ummm. actually MS is a monoply. it's economics 101. they have successfully used their position to further their monopoly. if they were not a monopoly they wouldn't have been able to do that. that's why they are called monopolistic practices. if you want to get an online account with many banks you can only use explorer. MS uses non-standard html and other things like DirectX and ASP that are not supported by other browsers because it is closed source. MS has, many times, invented their own propietary version of a perfectly good open protocols or standards. joliet extensions, html, java, ASP, and many others. if you want to interact in certain ways with these MS machines you must be using their product. if they were not a monoploy people would reject the changes and use operating systems with standard protocols unless MS really reinvented the wheel, which they did not. it is true that you could buy a mac but you don't have a choice of operating system when you buy a PC. 99 percent of them come with windows because MS will not allow companies to sell other OSs on their PCs without paying more. if you're joe nobody and you just want to play games and check your account balance online then you don't really have a choice. there is a large segment of people out there that think windows is their computer. MS are not innovaters because they don't have to be. they have not drastically upgaded windows, not once, since 3.1, or even before that. there is still 16 bit code in XP. they just make each release shinier and include more useless, bloated crap to fool consumers.

>engineering or professional crafts and start requiring
>licensing to practice.

Such as a setup is a near monopoly by their own right (in relation who can practise).

>Unfortunately, this means software may soon become like >other engineering or professional crafts and start >requiring licensing to practice

In Australian POV, most Bachelor Computing degrees in Australia have been certified by the ACS (Australian Computer Society).

Just as a side comment.

There is some evidence that the fire resistant cladding used to protect the steel structure of the Twim Towers was not being properly maintained. Because of the intense fire it's unlikely this would have made a difference to the eventual outcome, but every extra minute would have given more people a chance to escape.

>actually MS is a monoply. it's economics 101.

Actually, MS is in "monopolistic competition"(i.e. due high brand preference). MS’s desktop market is not strictly a true "monopoly" in an economic sense. The terms shouldn’t be mixed up with one another. A true "monopoly" has only 1 seller within a market. This is not the case when you have dozens of Linux and BSD distro sellers(includes MacOS X) in the market place.

>if you want to get an online account with many banks you >can only use explorer.

It's the bank's choice in that regard...

>MS uses non-standard html and other things like DirectX >and ASP that are not supported by other browsers because >it is closed source.

It’s their product. IF you don't like it go to a product that has open standards.

>it is true that you could buy a mac but you don't have a >choice of operating system when you buy a PC

Walmart PC, Lindows... does that ring any bell...

>MS are not innovaters because they don't have to be.

Note that Apple(or any other Linux/GUN/XFree86 window managers e.g. KDE) just copied their GUI concepts from Xerox.

>they have not drastically upgaded windows, not once,
>since 3.1, or even before that.(SNIP)
I don’t recall NT Kernel running on 16bit X86 CPU(e.g. 80286 processor).

Recall the Pentium Pro’s issues with running 16bit OS(i.e. speed issues). At that time it’s recommended that one should run Windows NT (or any 32bit X86 OSfor that matter) since Pentium Pro(1st generation P6 family) has issues running with 16bit OS. That recommendation implies that Windows NT is a 32bit OS.

PS; Windows XP is just label for NT 5.1.

"But nevertheless, they did plan and build the buildings in case a plane did hit. They did this because of the shear height of the buildings, and that a plane might accidently hit one of the towers because of technical problems (that was the reasoning).

So yes, even though we wouldn't think of it, architects and engineers do."

Architects just draw pretty (or ugly) pictures so it's the engineers that do.

"My copy of Quake III crashed on Red Hat Linux, I'm gonna sue ID Software and RedHat for defective software and emotional distress. "

Having your game crash is significantly different to haveing your identity stolen. I know which I'd choose given a choice. Though I really don't think MS is to blame

I don't know if most people here are aware that a lot of computer HW is also constructed by means not so different from SW ie by use of HW description languages and then compiled or synthesized into a physical form ASIC or FPGA. These languages even look alot like C but with parallel constructs. Yet the HW industry has no EULA and does a far better job of creating robust HW that doesn't easily fail. Well ASICs are pretty hard to change but FPGAs are not unlike PCs in that they can be upgraded over the wire or over the internet.

Luckily the features 1st mentality of MS is unheard of in the HW industry so modifying my cable modem is probably only doable by the HW vendor that built it.

Its called engineering, HW has to perform within specification often semi open public specs etc, which begs the question, when did you ever see a spec for SW that you just bought (oops I mean licensed). Perhaps its because there are N thousand HW vendors to choose from. perhaps if there was a MicroHard company with 97% of the HW market we might also see a HW EULA and a don't call us if it breaks license. Luckily we don't!

my 2 bits

(HW & SW EE)

The hustler in the musical "Music Man" is a better analogy for Microsoft's behavior in the marketplace with respect to reliability and security.
Everyone wanted a marching band...It was the cool thing of the time. The Music Man provided all the instruments and music they would ever need...made big promises about how great the band would sound, an how proud of their children the parents would be [starting to sound way to familiar by now!]

We all know the guy can't direct music, or instruct players. When a small boy questions him about playing his instrument the Music Man dodges by saying something that it's the boys instrument and should practice real hard and "find" the music inside it. Anyway, it ends with the guy getting run out of town. He didn't really do anything "wrong" [because he sold them properly working instruments after all] but he still gets in loads of trouble.

That's about how Microsoft's rise to fame has been. Really, it's pretty close to that. They created a very popular program that everybody "needs" [We'll save comparing MS to the "Needful Things" store for another exercise!] and were quick to sell to everyone they could. Well, now the public is at the point where the little boy asks this isn't as great as we were promised, how to make sweet music, and MS has always said to "find it yourself" it's only NOW that people are ACTUALLY hearing them say it!

Hardware has really nice testing tools and FPGA's and ASIC's demand that you use good modular design techniques so you get decent speed and size. PC memory and CPU time is cheap so people don't care as much (shame).

Hardware does have Eula's they just wouldn't call them that. I can quite cleary remeber reading some specs sheets that had statements about situations where the hardware should not be used e.g mediacal applications. The staments were along the lines of don't cry to us if you put this in a heart monitor (or whatever) and you kill someone but in more legaese.

Hardware can be hacked too just look at all the work people put into making linux run on things.

Home users wouldn't read a specs sheet anyway let alone unders