If Microsoft Cannot be Sued Over Liability, Can it be Sued for Negligence?

Dr. Roy Schestowitz

2009-11-13 18:19:23 UTC
Modified: 2009-11-13 18:19:23 UTC

"Our products just aren't engineered for security."

--Brian Valentine, Microsoft executive

Summary: Microsoft's inability (or unwillingness) to protect customers from severe flaws raises important questions regarding negligence

AS WE stressed last year, Microsoft publicly addresses flaws it is aware of only/usually when attacks begin. Otherwise, Microsoft lies about security. It tells what shareholders want to hear. So although the test of liability may not pass legal muster, negligence does. Should Microsoft be sued as some journalists have already suggested?

The latest serious exploit that affects Vista 7 (there are more examples appended at the bottom of this post) is so valuable for showing how Microsoft ignores security problems and improperly handles them until it's too late. SJVN argues:

I do wonder sometimes about Microsoft's quality assurance. No, I tell a lie. I always wonder about Microsoft's quality assurance. As in, "How can they keep making mistakes like this?" In the latest, a new SMB vulnerability has been found and exploited that can lock-up any Windows 7 or Server 2008 R2 system.

As reported in ComputerWorld, Laurent Gaffie posted details of the vulnerabilities, along with proof-of-concept exploit code, to the Full Disclosure security mailing list today, as well as to his personal blog. Gaffie claimed that his exploit crashes the kernel in Windows 7 and its server sibling, Windows Server 2008 R2, triggering an infinite loop. Or, as he puts in so well in the exploit's code: "'Most Secure Os Ever' --> Remote Kernel in 2 mn. #FAIL,#FAIL,#FAIL"

[...]

Oh, and Microsoft, hurry up and fix this. OK? This is embarrassingly bad.

This is not just "embarrassingly bad", it is practically very bad because exploit code is already out there while Microsoft is still "investigating".

Microsoft has reportedly begun investigating a potentially nasty denial of service vulnerability affecting Windows 7.

Microsoft has been caught hiding vulnerabilities and their fixes (secret fixes which invisibility of proprietary software enables), probably for raves about numbers, i.e. illusion of safety. How long has Microsoft known about this for and why is there no patch yet? ⬆

On Vista 7 insecurity:

Frans Pop suicide and Ubuntu grievances: Reprinted with permission from disguised.work
Workers' Right to Disconnect Won't Matter If Such a Right Isn't Properly Enforced: I was always "on-call" and my main role or function was being "on-call" in case of incidents
A Discussion About Suicides in Science and Technology (Including Debian and the European Patent Office): In Debian, there is a long history of deaths, suicides, and mysterious disappearances
Federal News Network is Corrupt, It Runs Propaganda Pieces for Microsoft: Federal News Network used to be OK some years ago
Hard Evidence Reinforces Suspicion That Mark Shuttleworth May Have Worked Volunteers to Death: Today we start re-publishing articles that contain unaltered E-mails
[Meme] Sometimes Torvalds and RMS Agree on Things: hype around chatbots
[Video] Linus Torvalds on 'Hilarious' AI Hype: "I Hate the Hype" and "I Don't Want to be Part of the Hype", "You Need to Be a Bit Cynical About This Whole Hype Cycle": Linus Torvalds on LLMs
Colin Watson, Steve McIntyre & Debian, Ubuntu cover-up mission after Frans Pop suicide: Reprinted with permission from disguised.work
Links 30/04/2024: Wireless Carriers Selling Customer Location Data, Facebook Posts Causing Trouble: Links for the day
Links 30/04/2024: More Google Layoffs (Wide-Ranging): Links for the day
Fresh Rumours of Impending Mass Layoffs at IBM Red Hat: "IBM filed a W.A.R.N with the state of North Carolina. That only means one thing."
Mark Shuttleworth's (MS's) Canonical is Promoting Microsoft This Week (Surveillance Slanted as 'Confidential'): Who runs Canonical these days? Why does Canonical help sell Windows?
What Mark Shuttleworth and Canonical Can to Remedy the Damage Done to Frans Pop's Family: Mr. Shuttleworth and Canonical as a company can at the very least apologise for putting undue pressure
Amnesty International & Debian Day suicides comparison: Reprinted with permission from disguised.work
[Meme] A Way to Get No Real Work Done: Walter White looking at phone: Your changes could not be saved to device
Modern Measures of 'Productivity' Boil Down to Time Wasting and Misguided Measurements/Yardsticks: People are forgetting the value of nature and other human beings
Countries That Beat the United States at RSF's World Press Freedom Index (After US Plunged Some More): The United States (US) was 17 when these rankings started in 2002
Record Productivity and Preserving People's Past on the Net: We're very productive these days, partly owing to online news slowing down (less time spent on curating Daily Links)
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Monday, April 29, 2024: IRC logs for Monday, April 29, 2024
Links 30/04/2024: Malaysian and Russian Governments Crack Down on Journalists: Links for the day
Frans Pop Debian Day suicide, Ubuntu, Google and the DEP-5 machine-readable copyright file: Reprinted with permission from disguised.work
Axel Beckert (ETH Zurich), the mentality of sexual violence on campus: Reprinted with permission from Daniel Pocock
[Meme] Russian Reversal: Mark Shuttleworth: In Soviet Russia's spacecraft... Man exploits peasants
Frans Pop & Debian suicide denial: Reprinted with permission from disguised.work
The Real Threats to Society Include Software Patents and the Corporations That Promote Them: The OIN issue isn't a new one and many recognise this by now
Links 30/04/2024: OpenBSD and Enterprise Cloaking Device: Links for the day
Microsoft Still Owes Over 100 Billion Dollars and It Cannot be Paid Back Using 'Goodwill': Meanwhile, Microsoft's cash at hand (in the bank) nearly halved in the past year.
[Teaser] Ubuntu Cover-up After Death: Attack the messenger
The Cyber Show Explains What CCTV is About: CCTV does not typically resolve crime
[Video] Ignore Buzzwords and Pay Attention to Attacks on Software Developers: AI in the Machine Learning sense is nothing new
Outline of Themes to Cover in the Coming Weeks: We're accelerating coverage and increasing focus on suppressed topics
[Video] Not Everyone Claiming to Protect the Vulnerable is Being Honest: "Diversity" bursaries aren't always what they seem to be
[Video] Enshittification of the Media, of the Web, and of Computing in General: It manifests itself in altered conditions and expectations
[Meme] Write Code 100% of the Time: IBM: Produce code for us till we buy the community... And never use "bad words" like "master" and "slave" (pioneered by IBM itself in the computing context)
[Video] How Much Will It Take for Most People to Realise "Open Source" Became Just Openwashing (Proprietary Giants Exploiting Cost-Free or Unpaid 'Human Resources')?: turning "Open Source" into proprietary software
Freedom of Speech... Let's Ban All Software Freedom Speeches?: There's a moral panic over people trying to actually control their computing
Richard Stallman's Talk in Spain Canceled (at Short Notice): So it seems to have been canceled very fast
Links 29/04/2024: "AI" Hype Deflated, Economies Slow Down Further: Links for the day
Gemini Links 29/04/2024: Gopher Experiment and Profectus Alpha 0.9: Links for the day
[Video] Why Microsoft is by Far the Biggest Foe of Computer Security (Clue: It Profits From Security Failings): Microsoft is infiltrating policy-making bodies, ensuring real security is never pursued
Debian 'Cabal' (via SPI) Tried to Silence or 'Cancel' Daniel Pocock at DNS Level. It Didn't Work. It Backfired as the Material Received Even More Visibility.: know the truth about modern slavery
Lucas Nussbaum & Debian attempted exploit of OVH Hosting insider: Reprinted with permission from disguised.work
Software in the Public Interest (SPI) is Not a Friend of Freedom: We'll shortly reproduce two older articles from disguised.work
Harassment Against My Wife Continues: Drug addict versus family of Techrights authors
Syria, John Lennon & Debian WIPO panel appointed: Reprinted with permission from disguised.work
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, April 28, 2024: IRC logs for Sunday, April 28, 2024
[Video] GNU and Linux Everywhere (Except by Name): In a sense, Linux already has over 50% of the world's "OS" market
[Video] Canonical Isn't (No Longer) Serious About Making GNU/Linux Succeed in Desktops/Laptops: Some of the notorious (or "controversial") policies of Canonical have been covered here for years
[Video] What We've Learned About Debian From Emeritus Debian Developer Daniel Pocock: pressure had been put on us (by Debian people and their employer/s) and as a result we did not republish Debian material for a number of years
Bruce Perens & Debian public domain trademark promise: Reprinted with permission from disguised.work
Links 28/04/2024: Shareholders Worry "AI" Hype Brings No Income, Money Down the Drain: Links for the day
Lawyer won't lie for Molly de Blanc & Chris Lamb (mollamby): Reprinted with permission from disguised.work
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Saturday, April 27, 2024: IRC logs for Saturday, April 27, 2024

If Microsoft Cannot be Sued Over Liability, Can it be Sued for Negligence?

Recent Techrights' Posts