Should Microsoft Be Liable For Bugs?

from the the-big-question dept

The big question that keeps coming up over and over again is whether or not Microsoft should be liable for all these bugs. Now it's even being asked by Microsoft's hometown paper. Those who favor the argument say that if any other product had the amount of flaws with the impact that Microsoft's flaws have, there would be class action lawsuits galore. Those against it point out that it's impossible to know how people will use software and to figure out ways to fix all bugs. Worse (and this is the part that concerns me the most) it would make it nearly impossible for small or independent software operations to release anything. It would slow down innovation. At the same time, even if Microsoft could be sued for the flaws, it would be unlikely that they would lose. The lawsuits would have to show that Microsoft was specifically "negligent" in their actions. While some may feel that Microsoft should be doing a better job, that doesn't necessarily make them negligent.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    dorpus, 12 Sep 2003 @ 1:45am

    DLL's

    I've read that most windows crashes are caused by bad DLL's made by 3rd-party vendors. Not Microsoft's fault.


    link to this | view in thread ]

  2. identicon
    Kevin, 12 Sep 2003 @ 2:09am

    Re: DLL's

    Dorpus, this is old news and I think it was *supposed* to be fixed long ago. But on the other hand, an operating system should be able to protect itself from programs/drivers/etc. Unix/linux has always done this although admittedly a few times I've locked up linux was with video drivers, but who knows, they may have just locked up the card.
    Mac computers have been really bad about this until recently, but the OS is now candy coated unix.

    Anyway, I dont think they are complaining as much about bugs as they are about security flaws/exploits. The title of that article is really poor.

    You're lucky you didnt post that on slashdot, you'd be all crispy now.

    link to this | view in thread ]

  3. identicon
    dorpus, 12 Sep 2003 @ 2:39am

    Re: DLL's

    "Anyway, I dont think they are complaining as much about bugs as they are about security flaws/exploits. "

    What about the security flaws/exploits of other OS's? There are plenty of unix viruses.

    "You're lucky you didnt post that on slashdot, you'd be all crispy now."

    Too much traffic, too complicated filtering system, so I don't do slashdot.

    link to this | view in thread ]

  4. identicon
    bbay, 12 Sep 2003 @ 3:48am

    Re: DLL's

    I think the point is that a preemptively multitasking, protected mode virtual memory operating system shouldn't be letting third party DLLs crash the system. It just shouln't happen.

    link to this | view in thread ]

  5. identicon
    dorpus, 12 Sep 2003 @ 3:58am

    Re: DLL's

    I seem to recall that for about a decade after windows introduced plug-and-play, Sun terminals would still crash whenever someone accidentally unplugged the keyboard. The jacks were very loose and easy to come off, too. Seems like something that shouldn't happen for an operating system that is supposed to be more "heavy duty" and "reliable" than windows.

    link to this | view in thread ]

  6. identicon
    alternatives, 12 Sep 2003 @ 4:01am

    Ok, then explain this.

    that doesn't necessarily make them negligent.

    There is a call that lets you get the MAC layer address from your network card. When Mircosoft 'patched' for the blaster issue, that call now returns a fixed address.

    Please explain how such programming is not negligent?

    link to this | view in thread ]

  7. identicon
    Kevin, 12 Sep 2003 @ 5:23am

    Re: DLL's

    "What about the security flaws/exploits of other OS's? There are plenty of unix viruses."

    whoa there Dorpus. Who is feeding you this info? I've know of viri on windows, macos and I even remember them back on the Amiga, but I dont think I've ever heard of a unix/linux virus.

    Worms, sure. But I'll bet that most of the bad publicity that unix/linux got was from the two most craptastically exploitably programs apparently written by drunks: bind and sendmail. These two programs have a fairly simple function but for some reason keep getting cracked. If those were written correctly unix/linux would have a much better track record.

    As for those terminals locking up when the keyboard was unplugged I suspect it was a hardware problem, not the OS, but even if it was you cant really judge a OS's robustness by its ability to handle changes in hardware while its running. I dont even know if old sun terminals were running unix, it might have been some stripped down OS that ran an X server.

    link to this | view in thread ]

  8. identicon
    westpac, 12 Sep 2003 @ 6:34am

    Re: DLL's

    I've seen loose keyboard connectors blow a PC motherboard. This is a hardware issue instead of software.

    VMS is an amazingly stable OS. Our VMS servers never crash. But if you want to upgrade or add anything you're locked into proprietary hardware and software. Ever since Compaq bought up DEC they've been trying to kill off the VMS product line and now the whole Alpha product line.

    link to this | view in thread ]

  9. identicon
    Anonymous Coward, 12 Sep 2003 @ 8:07am

    Yes, because "the hood is welded shut."

    Software vendors of closed source products should be held liable for flaws because the opaque nature of their products.

    link to this | view in thread ]

  10. identicon
    kettlechips, 12 Sep 2003 @ 8:10am

    ms = bugs = profit

    the basic difference/problem is that open source leans towards accountability and hence relability, while mickeysoft leans toward profitability thru monopoly, lawyers & obfusication. why fix something ifyou can charge for it in the next release. microsoft is a monopoly that minimises competition & hence improvement. ie despite what pr they generate, they are greedy, short sighted, arseholes who cause as much problems as they solve.

    link to this | view in thread ]

  11. identicon
    mgallagher, 12 Sep 2003 @ 8:29am

    Analogies with other products

    The article points out that what you really get when you purchase software is a license, not a "good" (although certainly in the economic sense you're buying a good) so all of the consumer protection laws don't apply. Clearly this will need to addressed legislatively, even though I'm generally opposed to such things.

    With many products there's a concept called "merchantability", which basically says that if a device is sold as a sewing machine, it needs to be able to sew in the way a reasonable person would expect to do so. Another example is a used car, the steering should turn the wheels, it should move when expected to, it should eventually stop when the brakes are pushed. After that, you're on your own.

    Maybe there's a way to include concepts like this for software. Perfection isn't expected, but a package should state it's intended functions, and should, at a minimum perform those functions in any reasonable computing environment. Using the Firestone example, I should be able to fit the tire to any appropriately sized wheel, and I should be able to expext a reasonable product lifetime when driven over typical surfaces. If I put the tires on the wrong size wheels and drive 150 MPH on gravel, well, I guess it's my fault if I get a flat (or worse).

    Security-wise there's plenty of precedent for "reasonableness" in other areas - I can't very well accuse someone of theft if I leave my CD player on the sidewalk overnight with no identification on it. If they break into my locked car to get it, that's a different story. Maybe these sorts of examples can be made into a workable "reasonable" standard for security expectations for software vendors.

    The key here is to provide some sort of information (and possibly recourse) to consumers without creating barriers to entry for new software authors. Not an easy problem, but probably not impossible either.

    link to this | view in thread ]

  12. identicon
    Rick Colosimo, 12 Sep 2003 @ 9:26am

    Re: [False] Analogies with other products

    Two comments:

    1. The concept of implied warranties of merchantability or fitness for a particular purpose were legal constructs designed to allow for physically injured persons to recover when they were harmed by a product. Those doctrines became strict liability, which says that you can't bargain away, as in an EULA, your protection from physical harm. Legal thinking then and now is that people should be allowed to bargain away their protection from economic harm since people and businesses do this all the time - it's called insurance or hedging or any of a dozen other forms. Those concepts are not readily transferred to software.

    2. You most certainly can be convicted of theft of a CD player with no name on it left on the street. States have slightly different versions of their statutes, but in NY for example, anything you find has to be turned in to the police and, if unclaimed, you may claim it. So your premise is unfortunately wrong (in spite of all we've heard, finders are not keepers and losers not always weepers).

    Even if it were true, I'm not sure that "reasonableness" is as good a standard in this situation as we might think. I am not a Mac expert or even casual user, but do we all believe it's *really* true that Macs are impervious to viruses, or that MS is simply a bigger target (for many reasons)? What Mac users think is "reasonable" may simply be luck or anecdotal evidence.

    link to this | view in thread ]

  13. identicon
    Patrick, 12 Sep 2003 @ 10:32am

    Re: Ok, then explain this.

    "There is a call that lets you get the MAC layer address from your network card. When Mircosoft 'patched' for the blaster issue, that call now returns a fixed address."

    Please clarify--why is a call for the MAC address a problem, and what do you mean by 'fixed address'?

    link to this | view in thread ]

  14. identicon
    Adam Barr, 12 Sep 2003 @ 11:50am

    Possible marketing advantage for Microsoft

    If they *do* become liable in some way, then they can use it as a marketing advantage against Linux. "If on the off chance you are hurt by a remote exploit, we've got $50 billion you can sic your lawyers on! Top that, Red Hat!"

    - adam

    link to this | view in thread ]

  15. identicon
    mgallagher, 12 Sep 2003 @ 1:21pm

    Re: [False] Analogies with other products

    Both are excellent points.

    You are quite correct when you talk about exisitng liability concepts having trouble in application to software. The original article makes this point as well. That's why I think we'll eventually be in a situation where definitions and applicability will need to be legislatively determined. Not an appealing idea when you consider how bad some of our computing-related laws have been. But you're right, in thier current form you'd have trouble getting merchantability laws to work for software.

    As for the second point - I simplified the example to the point of inaccuracy. We're not even talking about criminality here, rather civil matters (for which liability limits need to be defined). I probably should have referred to being able to recover damages if you haven't met the burdens of discovery and minimization in relation to minding your own "security" - but that just seemed to be a little too obtuse.

    So, thanks for the excellent points. Have a great weekend.

    link to this | view in thread ]

  16. identicon
    Joe Perches, 12 Sep 2003 @ 1:33pm

    Re: [False] Analogies with other products

    The article says:

    "But since the mid-1990s, a string of court decisions has upheld the validity of using license (nb: context implies shrink-wrap) agreements to limit a software maker's liability."

    Is this true?

    Have products sold over the counter ever been determined to be not Uniform Commercial Code?

    Can anyone cite a reference please?

    link to this | view in thread ]

  17. identicon
    LittleW0lf, 12 Sep 2003 @ 5:34pm

    Re: ms = bugs = profit

    Haha...

    When I read this subject line, only one thing came to mind..."We are getting a hell of a profit fixing Microsoft's bugs!"

    After all, if it wasn't for Microsoft, I probably wouldn't have the decent paying, great experience, "god I love to come to work" job I have right now. They are literally paying my paycheck with their lack of security.

    Of course, my job as a Linux/BSD/Cisco administrator is stable, so I could always just spend all my time at work doing that, but it is more fun doing heavy patching of Windows boxes, and then of course the extra time spent investigating the break-ins and viruses under the Windows OS which makes my life complete...

    Hidden and tags within document.

    link to this | view in thread ]

  18. identicon
    mhh5, 15 Sep 2003 @ 12:24am

    MS should not be liable...

    I think it's justifiable that MS could not be held liable, but if that's the position MS holds, then they can't turn around and criticize open source OS's for their lack of liability...

    link to this | view in thread ]

  19. identicon
    unixman, 15 Sep 2003 @ 12:24am

    Re: DLL's

    "Plenty of UNIX viruses"? Name me one. There have been a couple of worms (entirely different) but no viruses that I have ever heard of and I've been doing Unix for 25 years and more. Viruses just don't work on UNIX because of its securty model.

    link to this | view in thread ]

  20. identicon
    glazier, 15 Sep 2003 @ 12:26am

    Re: DLL's

    If you jiggle the keyboard on My XP box, you lose all ability to type - nothing bar a reboot will fix it. So it still happens.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.