Doug wrote:
>> access to the Web. At the very least, he deserves credit, IMHO, for
>> revealing the soft underbelly of the Web, which is now so central to
global
>> capitalism.
>As Doug writes, 'underbelly of MS'. But this underbelly has been
revealed many
>times in the past (Melissa virus a while ago) but nobody cared. There
are
>penty of researcher who pointed out weaknesses in MS systems that could
affect
>_anybody_ not just network systems. The French Association of Linux
Users has
>published a paper is reaction to this one (you can find the link on
>lwn.net/daily) where they say that MS should be liable for the damage
and for
>refusing to modify its systems after previous notices concerning
security.
>Plus the responsability of gvt that just bought MS products without
paying any
>attention to security issues. All this in the context of the law
proposal to
>use only opensource systems in France (I think it is www.osslaw.org).
Some years ago I read an article in a legal journal on software liability. The article claimed that as the computer industry moved from corporate software to consumer software the industry should become more liable for defective products. The idea was that corporations are big boys and can protect themselves when purchasing software to ensure that the software does what the buyer needs, but that liability was more protective of consumers because they do not have the knowledge or the means to protect themselves.
I know, that sounds idealistic, but I think that is the heart of consumer law. So far as I can see, it has not been observed in consumer software. But still, it seems to me that technically Microsoft is liable for the lack of safety of its products.
What irks me about Microsoft products is that their safety problems are nothing new. IBM, for example, learned the same things the hard way 30 and 40 years ago. All of us concerned with computer security knew long ago, you do not mix data (email, documents, spreadsheets) with programs (macros, vbs) in the same file! It's not a secret. It just seems to me to be negligent to the point of criminality to market something as unsafe as Outlook in this day and age.
Anyhow, what says the law on liability for programs that are "unsafe at any speed"?
-- John K. Taber