"Mikkel L. Ellertson" <mikkel@xxxxxxxxxxxxxxxx> wrote:
But we do hold them liable for providing defective products. We
would hold a gun manufacturer liable if the gun blew up when you
fired it. We hold a car manufacture liable if the gas tank blows up
on you. Why not a software publisher that provides an insecure
system by default? Do they have a responsibility to provide a
quality product? Especially if they are a monopoly or near monopoly?
When you make design decisions that put ease of use, and market lock
in ahead of security, aren't you responsible for the results?
(Ingratiating the web browser into the OS to lock out a competitor's
software, or setting the mail program to execute attachments by
default that can modify the system so that you can do remote
administration of a machine, even though most machines are not going
to use the "feature", and it puts machines at risk...)
In almost any other industry, they would be liable for the damages
they caused by these kinds of design flaws.
Mikkel
It would be really nice to see Micro$oft held liable for selling a
defective product but it's not going to happen. Their EULA already lets
them skate free from just about anything their products do or don't do
short of them selling people a blank disk. Besides, there are way too
many ways they can cop out just by putting in a caveat that the end user
accepts all risks when they connect to the internet. Historically, M$
already did this when they claimed that NT was C2 secure way back when.
The gotcha was NT was only C2 secure if it wasn't connected to any other
system.
"jdow" <jdow@xxxxxxxxxxxxx> wrote:
Who is going to file the first lawsuit against an owner of a zombied system
for sending spam? It should be interesting legal theater.
I'm guessing it won't take that. As soon as a single legal finding
establishes that people are liable for damages caused by their systems a
whole lot of things would change. If you extend that to ISPs also being
liable if they don't at least attempt to prevent zombies, a bunch of
people who now simply ignore a problem they contribute to suddenly
become very interested in preventing the problem.
Unfortunately, I know quite a few idiots who own computers. They don't
want to spend the money or take the time to learn how not to get
infected by malware of whatever type. I set them up with Spybot or
something similar and the next thing I know, they've turned it off
because it interferes with the latest free toolbar or dancing gerbils
they want. I tell them why they need it and they don't want to hear it;
they just want their dancing gerbils. SIGH.
Cheers,
Dave
--
Politics, n. Strife of interests masquerading as a contest of principles.
-- Ambrose Bierce
