05.10.09
ISP Under Unfortunate ‘DDOS Attack’ by Microsoft Corporation; Liability of Software Debated in Europe
Summary: Microsoft servers run amok and questions about liability return
SIMON PHIPPS has just found this very interesting message about an ISP which was brought down to its knees by “Windows Update”. It is actually a recurring issue that affects networks in all sorts of ways (e.g. global Skype downtime).
We were facing a distributed denial of service attack from the world’s largest “botnet:” Microsoft’s “Windows Update.”
[...]
As Spider-Man creator Stan Lee once noted, “with great power comes great responsibility.” Microsoft, by virtue of its control over Windows-based PCs, has the ability to shut down the entire Internet at will — and must be careful not to do it, inadvertently, by turning 90% of the world’s PCs into a “zombie army.”
Furthermore, content delivery networks such as Akamai, which distributes Microsoft’s updates, must not be allowed to discriminate against smaller providers by making updates uncacheable (at least by a standards-conforming Web cache) and then denying smaller ISPs access to a cache that WILL cache them.
This is reminiscent of past incidents (see [1] and [2] at the bottom of this post). Yesterday we wrote about FAA where the damage of Microsoft’s security, reliability and stability track record seems immense (in a very negative way). Now we find this from UC Berkeley right at the top of the news.
University of California, Berkeley, officials said Friday that hackers infiltrated restricted computer databases, putting at risk health and other personal information on 160,000 students, alumni and others.
Can liability put an end to this? That’s the question the European Commission is asking and Glyn Moody reports on this matter.
Should Software Developers Be Liable for their Code?
Should Microsoft pay for the billions of dollars of damage that flaws in its software have caused around the world? It might have to, if a new European Commission consumer protection proposal becomes law. Although that sounds an appealing prospect, one knock-on consequence could be that open source coders would also be liable for any damage that errors in their software caused.
Here’s what the European Commission is proposing:
A priority area for possible EU action is “extending the principles of consumer protection rules to cover licensing agreements of products like software downloaded for virus protection, games or other licensed content”, according to the commissioners’ agenda. “Licensing should guarantee consumers the same basic rights as when they purchase a good: the right to get a product that works with fair commercial conditions.”
EU consumer commissioner Kuneva said that more accountability for software makers, and for companies providing digital services, would lead to greater consumer choice.
We have already covered this issue of liability and a reader wrote to us yesterday and offered his opinion too:
I suppose that this means that it is soon possible for the new administration to use military force to deal with Microsofters, if they don’t dismantle their movement voluntarily:
Pentagon girds for cyber warfare
Official: No options ‘off the table’ for U.S. response to cyber attacks
Not so long ago, someone (or some group) did the electronic equivalent of cutting holes in the perimiter fence and taking out the guard towers by deploying Microsoft products inside a US Army base inside Afghanistan. The damage was quite bad as a result, and maybe the corrective actions were kept quiet and in-house, but certainly there is a paper trail leading back to those who brought MS products into the base.
In a recent speech, President Obama mentioned that US workers must come first. If that priority is followed, then it leads to removal of threats to US workers. Considering that the conficker Windows worm cost over $ 9.1 billion in the first three months, and that is on par with the other Windows worms, the 100′s of billions saved over a few years by getting rid of any last trace of MS can easily pay for a new tech sector *and* a new economy.
Should Microsoft be made responsible and liable for damages caused by its software? Would this serve as a preventive measure? █
____
[1] Are we being DOS attacked by a Microsoft employee?
Now I find it funny that a person that lives about 5 minutes from Redmond which is the headquarters of Microsoft is DOS attacking us and I don’t believe that this is a coincidence.
[2] Bots Helped To Boost Microsoft Live Search Gains
In a blog post, Compete analyst Steve Willis attributed Microsoft’s search gains to prizes awarded to users participating in Live Search Club, which features games that post queries to Microsoft’s search engine.
[...]
Microsoft is essentially being DDoSed by thousands of people hundreds of times per minute, but they are mistaking this rise in traffic for people actually using Live Search.”
