If Microsoft Cannot be Sued Over Liability, Can it be Sued for Negligence?

Dr. Roy Schestowitz

2009-11-13 18:19:23 UTC
Modified: 2009-11-13 18:19:23 UTC

"Our products just aren't engineered for security."

--Brian Valentine, Microsoft executive

Summary: Microsoft's inability (or unwillingness) to protect customers from severe flaws raises important questions regarding negligence

AS WE stressed last year, Microsoft publicly addresses flaws it is aware of only/usually when attacks begin. Otherwise, Microsoft lies about security. It tells what shareholders want to hear. So although the test of liability may not pass legal muster, negligence does. Should Microsoft be sued as some journalists have already suggested?

The latest serious exploit that affects Vista 7 (there are more examples appended at the bottom of this post) is so valuable for showing how Microsoft ignores security problems and improperly handles them until it's too late. SJVN argues:

I do wonder sometimes about Microsoft's quality assurance. No, I tell a lie. I always wonder about Microsoft's quality assurance. As in, "How can they keep making mistakes like this?" In the latest, a new SMB vulnerability has been found and exploited that can lock-up any Windows 7 or Server 2008 R2 system.

As reported in ComputerWorld, Laurent Gaffie posted details of the vulnerabilities, along with proof-of-concept exploit code, to the Full Disclosure security mailing list today, as well as to his personal blog. Gaffie claimed that his exploit crashes the kernel in Windows 7 and its server sibling, Windows Server 2008 R2, triggering an infinite loop. Or, as he puts in so well in the exploit's code: "'Most Secure Os Ever' --> Remote Kernel in 2 mn. #FAIL,#FAIL,#FAIL"

[...]

Oh, and Microsoft, hurry up and fix this. OK? This is embarrassingly bad.

This is not just "embarrassingly bad", it is practically very bad because exploit code is already out there while Microsoft is still "investigating".

Microsoft has reportedly begun investigating a potentially nasty denial of service vulnerability affecting Windows 7.

Microsoft has been caught hiding vulnerabilities and their fixes (secret fixes which invisibility of proprietary software enables), probably for raves about numbers, i.e. illusion of safety. How long has Microsoft known about this for and why is there no patch yet? ⬆

On Vista 7 insecurity:

Google as a 'Bullshit Generator' Disguised as Intelligence: It'll probably cause Google to get sued a lot, both by individuals and companies
As Expected, Google in the UK Now Experiments With Slop Instead of Web Search: At this point more people ought to stop and think: Does Google's search engine deserve trust?
Sabotaging Linux on Behalf of Microsoft With UEFI 'Secure' Boot (De Facto Remote 'Kill Switch'), Then Defaming, Stalking and Harassing Critics of 'Secure' Boot for 12 Years, Then SLAPPing Their Spouses and Them: The sorts of stubborn lunatics we've been dealing with
For Second Day in a Row, Top Story in The Register MS is "Microsoft Says": The editor in chief exercises control over everybody else
LLMs as Attack Method Against Free Software and Programming: DDoS in "hey hi" (slop) clothing
Stability and Reliability, Backward Compatibility: I don't fancy relying on social control media as "sources"
What "the News" Looks Like in 2025: The "says" (or "sez") phenomenon
History Will Be Distorted, Sometimes Intentionally, Under the Guise of Intelligence (Manipulated/Curated Slop): Militarised misinformation or military-grade chaff is a national security threat, even domestically
Financial Engineering Companies: A Company Worth 4 Trillion Dollars Would Not Borrow 100+ Billion Dollars at Interest Rates Like Today's: Many headlines perpetuate the lie Microsoft had just 2 waves of layoffs
Microsoft is Googlebombing "Linux" While Paying Former News Sites to Publish SPAM: How much lower will IDG sink?
The Data You Don't Give Away is Your Advantage: stop sharing data that does not need to be shared
Being Obedient or Doing the Right Thing: The world always changes for the better because of people who think "Outside the Box", not the cogs
Gemini Links 01/08/2025: Happy Hacking Keyboards and New Gemini Arrivals: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, July 31, 2025: IRC logs for Thursday, July 31, 2025
Moving on in Techrights, Geeks Gonna Geek: In the coming weeks we plan to focus (as we explained last week) on patents, GNU/Linux issues, and the occasional philosophical essays
Slopwatch: Google News Has Lost the Plot: Almost the majority of articles returned for "Linux" are fakes
Links 31/07/2025: Australia Restricts YouTube Access, Personal Privacy at Risk: Links for the day
Links 31/07/2025: Spotify Collapses and Spotify Now Forcing Some Users to Undergo Face-Scanning: Links for the day
A Lot of Supposedly "Successful" Businesses Are Just Debt-Racking Vessels Without Any Prospects of Financial Sustainability: The probability of bankruptcy of any business is more than 0%
theregister.com: The Voice of Microsoft US?: It basically sold out
Yes, You Can Love and Adore Things Whilst Also Criticising Them: Is society being divided and groomed/primed to be resistant to constructive criticism?
Links 31/07/2025: War in Ukraine, Security News, and Cyberattacks Against Journalists on the Rise: Links for the day
Gemini Links 31/07/2025: Fake Money and Gemini Diaries: Links for the day
An Illusion and Cult Worship of Magnitude (Ubiquity as "Victory"): GNU has been around for over 40 years and it'll likely continue to exist for another 40 (in some form)
Google: From Pointing to Relevant Sites to Pointing to Social Control Media to Actually Parroting Social Control Media as "Facts": Google has become a misinformation company
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, July 30, 2025: IRC logs for Wednesday, July 30, 2025
How to Report Apple Layoffs Without Saying the "L" Word: don't look for the "L" word
Wall Street Does Not Care About Microsoft's Impending (August) Layoffs, It Believes Lies From Microsoft, Whose Debt Grows Rapidly: If Microsoft is doing so well and swimming in money, why so many cuts (about 29,000 layoffs so far this year)?
Wayland Considered Harmful (to GNU/Linux Adoption): it's not limited to games
My Experience With Judges Has been Positive, But We Must Still Pursue SLAPP Reform in the United Kingdom: We believe it'll be a "feather in the cap" if we can help change laws in the UK to better protect investigative reporters
Slopwatch Makes the Web Better: Remember what happened to BetaNews?
Slopwatch: Google News is Pumping in Lots of Web Traffic Into Fake Sites That Say "Linux": somewhere between 30% and 40% of today's "news" about "Linux", as seen by Google News, is LLM slop
Links 30/07/2025: Climate Calamities Highlighted, Kyrgyzstan Crackdown on Expression/Freedoms: Links for the day
Gemini Links 30/07/2025: Watson’s List of Limits, Lysenko 2000: Links for the day
Riot for peace & Love: Catholic Influencers and Digital Missionaries welcome Jubilee of Youth: Reprinted with permission from Daniel Pocock
Some People See What Others See... But Only 40 Years Later: When people deviate from "the norm" they typically get ridiculed and dismissed as "crazy"
Links 30/07/2025: Tea Class Action and Google Killing the Web With Slop: Links for the day
Last Month Our IRC Community Turned 17: Funnily enough we never missed a single day when it comes to logging
"The Unix Kernel": Linux was inspired by MINIX
The Register Relays Microsoft Marketing, Dubs That Marketing "Research": Hours ago they did a "Microsoft sez" piece
Dealing With Sociopaths, Liars, and Cranks: A dysfunctional society such as this would never develop
Not Owning Mobile Phones: It's not about resistance; it's common sense
Google 'Search' is Fast Becoming No Better Than Social Control Media Infested With Bots: Google emerged almost 30 years ago as a company looking to organise the Web and direct people towards informative pages. That Google is dead.
PCLinuxOS Had Functional Backups Before the House Fire, the Site Will be Restored in New Webhost: This is the direction we want for GNU/Linux, not some IBM sales strategy
Gemini Links 30/07/2025: Two Sides of Me and "Hooked on Cosmic Voyage": Links for the day
Microsoft Will Continue Resorting to Crimes in Order to Keep GNU/Linux Usage Down: It is a real problem and we'll revisit it later this week
GAFAM 'Revolving Doors' at The Register and a "Bribe Price List": "an analyst at Microsoft"
Microsoft Rapidly Shrinking (No, It's Not About Efficiency, It's About Unbearable Debt): We'll soon see how much debt grew in the past quarter
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, July 29, 2025: IRC logs for Tuesday, July 29, 2025
Corruption is the Standard Operating Procedure at the European Patent Office (EPO): The EPO is a dictatorship that stains Europe
Local Staff Committee Munich (LSCMN) at the European Patent Office (EPO) Requests an Urgent Meeting to Avoid Abolishing the Office: This is dictatorship led by the most corrupt
Slopwatch: Fake 'Linux' 'Articles' and Spamfarms/Slopfarms: at least 5 fake articles in one day

If Microsoft Cannot be Sued Over Liability, Can it be Sued for Negligence?

Recent Techrights' Posts