Microsoft's Little Liability Problem

[minator]

you wanted real and significant news that may actually affect all of us, why not post this article about Microsoft's loss in a patent case that affects all browser plug-in architectures.

No, the liability case has much larger implications than any patent spat.

Computer companies can produce software and hardware without warranty, no other industry can do this.  However there are strong consumer protection laws and if they can be brought to book over these it changes the entire software industry.

Microsoft has always operated by selling more and more features and shipping products early clearly without sufficient testing.  That would change overnight.

Good quality, well tested software would become a legal rquirement, it'll turn this industry on it's head, forever.

[minator]

Except of course that Microsoft lost that "patent spat", which demands that IE be re-written without ActiveX.

Re-write meaning they change two lines to break it or (more likely) they find some sneaky way around the patent.

MS won't lose the liability case.

Why do you think this?

If MS sell consumer products they should fall under consumer protection laws in which case the EULA will be overrulled and well, ouch!

MS could end up having to rewrite (meaning really rewrite) everything.

[minator]

Two lines of what?

Code, comment out something and suddenly Active X doesn't work.  I once went to a presentation by someone who had disassembled IIS and it was full of code that was never executed.

Because it would undermine their EULA and engine for their entire business model.  If your business earnt you 11 billion dollars a year, how much would you pay lawyers to keep things that way?  How did the antitrust case go again?

They lost.
The sanctions were weak because the government changed and decided it couldn't be bothered any more.

However this is very different, this is a civil case being handled by lawyers with previous experience.  Politicians can't help them here.

However, if the case was that the customer had done everything they could to maintain the security of the product, and MS had failed to notify the public of a horrendous vulnerability (which is currently the case regarding a live attack on IE users, details of which on the NTBugtraq mailing list), then the customer might have a case.

But that assumes all computer users are experts and know how to do this.  Part of this case actually covers this because this is not and never shall be the case. Read the write up on OSNews, it explains it very well.

Open source authors will suddenly become liable for any losses users may suffer as a result of their software having bugs/security flaws. Small commercial developers ditto.

They already are liable in Germany.
However there is simply no point in trying to sue someone if they have no money and they haven't made anything from the product.  I think Open Source authors while not being immune won't have anywhere near the same problems.  

One way or another software liability is coming and I for one think it's a good thing.  All other industries are liable for their products and software producers shouldn't be any different.

[minator]

So then Windows Update, every Flash clip, Java clip, embedded movie, audio doesn't work.  I don't think MS are going to hire you at any point soon

Given that Microsoft are famous for doing exactly that with their patches they hardly need to hire me :-D

Besides, I had a couple of hundred people buy my software and in 5 years only ever got 2 bug reports 8-)

There was a very interesting debate on OSNews a while back where a number of MS admins said they would deliberately not apply patches becasue they are quite likely to break their systems - that is how bad MS patches are.

However, my original point was that MS does not need to rewrite IE to remove some features, it's a relatively simple operation and they've done it already.

Operating a computer is not like operating a DVD player, and users can do a lot of damage, to themselves and to other people,

If you are a Unix admin I would agree with you but there is NO reason a desktop computer should be any more complex than a DVD player - what do you think a DVD player is anyway?

MS simply don't make systems that good and don't test them enough.  

Contrast that with my Camera, Phone or Camcorder all of which are highly complex real time systems which to date have worked perfectly *every* time.  These things are every bit as complex as a PC if not more so but the only way I'm going to harm anyone with my camcorder is if I smack them around the head with it.

If you consider these bad examples I can of course also show you a complex, secure but very easy to use Mac...

Future security problems with Windows were predicted *years* ago but did they do anything about it?

That's like saying that people can leave their doors open because thieves only steal from rich homes.

Unless you are acting out of pure spite you don't sue someoone who can't afford to pay out - that's the first thing the lawyer will tell you.

There are large companies involved in many open source projects. Open source isn't just about a few bedroom programmers writing software in their spare time, you know.

I'm quite aware of that but I was talking about bedroom coders.

Litigators would just target people like IBM for their actions, even if IBM were not directly responsible for the security leak.

They'd be laughed out of court for that exact reason.

Open Source and the law could get interesting because unless you were suing the company who supplied the software you would have to track down the exact cause of the fault and who wrote it before you could even begin a legal action.  You couldn't prove guilt otherwise.

With MS you only sue the company, not the individual programmer.