Microsoft Sued for Defective Software

Door-opening Fascist writes "eWeek is reporting that a South Korean citizen action group, People's Solidarity for Participatory Democracy, is suing Microsoft for putting the SQL Slammer vulnerability into Windows. They are doing so on behalf of the South Korean people and businesses affected by SQL Slammer."

Re:Good Luck!

[Anonymous Coward]

Quoting from the article: "The action is predicated on the country's Product Liability Act, which enables consumers to sue for damage resulting from products. There is some question, however, as to whether software qualifies as a product under the terms of the law."

IOW, they're going to argue that South Korea's Product Liability Act (a) covers software and (b) supercedes MS's disclaimers in the EULA.

Re:Duh

[Realistic_Dragon]

"You buy the software, you choose to use it, YOU DEAL WITH THE CONSEQUENCES."

For the less well educated we esentially lie in a software monoculture. If you are an average small business owner, what choice do you have _but_ Microsoft products? (Lack of information rather than lack of choice here, not helped by constant FUD from a certain company.)

Hence, they did not choose to use the product - they were, to a greater or lesser extent, forced.

Re:Funny this came up today...

[skinfitz]

To have not patched this when slammer hit big time was incompetant. To have STILL not patched it by NOW is pure idiocy.

You have only your sysadmins to blame.

Re:Read before you file

[Skater]

Ever go to a hospital? They make you sign something that says you won't sue them if they mess up. So why are there plenty of medical malpractice lawsuits?

Because clauses like that are "exculpatory" (if I remember the term from my "legal environment" class correctly). They have no meaning, other than to scare the uninformed. As our instructor put it (a lawyer, mind you): "If things like that worked, I'd have a big sign on my car that said, 'Not responsible if I hit you.'"

--RJ

no warranty does not matter

[danoatvulaw]

Microsoft's dislcaimer of warranty is ineffective on several levels. First, under the UCC, a purchaser has a right to a "perfect tender" - that is that the purchase perfectly conforms to what whatever was purchased purports to be. For example - you could not sell a vcr that only worked 50% of the time when it felt like it, or only on a wednesday, (unless you disclosed that up front) and the purchaser agreed in a definite and seasonable expression of assent. Some legislation has proposed so scale this back in the terms of software (UCITA).

Second, products come with an implied warranty of merchantability and fitness for purpose. It essentially means that they are manufactured correctly and that they will be able to do what it is claimed they do.

Bottom line is that anyone can claim that there is no warranty that goes along with their product, but some warranties the court will imply and refuse to not enforce, or will enforece other law tantamount to a warranty. The implied warranties above are examples of those that rise above that of contract, that they can be enforced regardless of what is put in the agreement. The agreement may create a presumption that you have waived these rights, but the court could also find that agreement void as unconscionable.

Re:Read before you file

[pcwhalen]

Sorry to disagree, my Brother. MS has an excellent defence with its "No Warantee" in the EULA.

The difference with med malpractice is that the claim is for gross negligence: actions so blatantly wrong that they are outside the realm of normal medical conduct. Otherwise, a doctor that has you sign an "informed consent waiver" before a procedure can be bulletproof, but it STILL DOESN'T STOP A PATIENT FROM SUING. It just stops the patient from winning.

If the GPL says "no warantee," too bad, so sad South Korea.

"Brooklyn owes the charmer under me" Steely Dan

Re:One more responsible party

[theLOUDroom]

To borrow the Ford Pinto analogy from previous posts, it seems somewhat like somebody cutting your brake lines and then you suing Ford for making the lines so easily accessible. I think the person who cut the lines is truely responsible.

No it's not. You are clearly unaware of the facts of the situation. Yes, MS had a patch out before the worm hit, but:

• The bug was downplayed as minor.
• The patch was not a service pack, nor was it scriptable, and it required you to shut down the server.
• Even if you installed all the MS patches in the order they came out, you would have still been vulnerable. A later patch re-opened the flaw.

A more fair analogy would be:

A car manufacturer knows their brakelines have a very high likelyhood of catastrophic failure. They issue a recall, but not in their usual manner and make it very difficult and time consuming to get your car repaired. They also state that the likelihood of failure is low. Later on they find another flaw in their vehicle, and issue another recall. When a vehicle is taken in for the second recall, the crappy brakelines are put back on (without informing the owner), and if you want the better ones you have to have the car recalled one more time.


See the point? Yeah they fixed things, but they made it unnecessarily difficult to implement the fixed. And later on another "fix" reopened the system.


As far as the author of slammer being liable, I don't think they should be. The person who released it onto the net should be. Some don't see this distinction as important, but I see it as very important. I should be able to play around wth viruses/worms on my home network all I want, but if I let them get onto the net I should be held responsible. I find viruses to be really interesting programs. They're almost like the software equivalent of battlebots. Besides, knowing how viruses work is very important if you want to write anti-virus software.

Is it really illegal to write a virus these days?