If Microsoft Cannot be Sued Over Liability, Can it be Sued for Negligence?

Dr. Roy Schestowitz

2009-11-13 18:19:23 UTC
Modified: 2009-11-13 18:19:23 UTC

"Our products just aren't engineered for security."

--Brian Valentine, Microsoft executive

Summary: Microsoft's inability (or unwillingness) to protect customers from severe flaws raises important questions regarding negligence

AS WE stressed last year, Microsoft publicly addresses flaws it is aware of only/usually when attacks begin. Otherwise, Microsoft lies about security. It tells what shareholders want to hear. So although the test of liability may not pass legal muster, negligence does. Should Microsoft be sued as some journalists have already suggested?

The latest serious exploit that affects Vista 7 (there are more examples appended at the bottom of this post) is so valuable for showing how Microsoft ignores security problems and improperly handles them until it's too late. SJVN argues:

I do wonder sometimes about Microsoft's quality assurance. No, I tell a lie. I always wonder about Microsoft's quality assurance. As in, "How can they keep making mistakes like this?" In the latest, a new SMB vulnerability has been found and exploited that can lock-up any Windows 7 or Server 2008 R2 system.

As reported in ComputerWorld, Laurent Gaffie posted details of the vulnerabilities, along with proof-of-concept exploit code, to the Full Disclosure security mailing list today, as well as to his personal blog. Gaffie claimed that his exploit crashes the kernel in Windows 7 and its server sibling, Windows Server 2008 R2, triggering an infinite loop. Or, as he puts in so well in the exploit's code: "'Most Secure Os Ever' --> Remote Kernel in 2 mn. #FAIL,#FAIL,#FAIL"

[...]

Oh, and Microsoft, hurry up and fix this. OK? This is embarrassingly bad.

This is not just "embarrassingly bad", it is practically very bad because exploit code is already out there while Microsoft is still "investigating".

Microsoft has reportedly begun investigating a potentially nasty denial of service vulnerability affecting Windows 7.

Microsoft has been caught hiding vulnerabilities and their fixes (secret fixes which invisibility of proprietary software enables), probably for raves about numbers, i.e. illusion of safety. How long has Microsoft known about this for and why is there no patch yet? ⬆

On Vista 7 insecurity:

The US Government is Now in the Business (Literally!) of Saving Microsoft and Intel: This means that President TACO/Cheeto now has greater financial incentive to also prop up Microsoft and Windows
Over at Tux Machines...: GNU/Linux news for the past day
Links 23/08/2025: Science, War, and Important Win for the British Media Against SLAPPers Who Abuse Women: Links for the day
Gemini Links 23/08/2025: BaseLibre Numerical System and Back to Oldschool: Links for the day
"Deserved Victory" for "Women That Suffered": "GNM defended its reporting as being both true and in the public interest and in a judgment on Friday"
Links 23/08/2025: onmicrosoft.com as Spam Cannon, The Cheeto-Intel Deal Is Official: Links for the day
Wired Complained About LLM Slop Only Days Before It Got Caught Doing That Itself: Never throw stones in a glass house
IBM "Value" Down 14.16% in a Month, Red Hat Layoffs Allegedly Discussed 12 Days Ago: "IBM is a dinosaur. Dinosaurs get extinct when the don't keep up."
We're Seeing More Countries Where Windows Isn't Even in Second Place Anymore (Third or Worse): In a way, Microsoft can barely even hold onto second place anymore
Microsoft Workers on Canonical's Payroll: If you want something that's sort of like Ubuntu but is not controlled by Canonical, then look into Linux Mint, Debian, or LMDE
GNU/Linux Climbs to 4% in Sierra Leone: Sierra Leone isn't a very rich country (to say the least), but it's better off than some of its neighbours
The SLAPPS Run Out of Oxygen Because They're Abuse of Process: At the end of the day we plan to publish over 1,000 articles explaining what happened
The Register MS Gets Paid by the Employer of the Previous Editor in Chief to Promote the "AI" Ponzi Scheme, Which Does Considerable Damage to the Web and to Online Journalists: The Register MS can 'badmouth' slop all it wants; it gets paid to inflate this bubble. It's actively participating in it.
Soon It'll be Autumn, Time to Repair Things: Where they don't charge an arm and a leg
Doing Our Best to Cover Software Patents When the Mainstream Media Does Not: Even the FSF has its limits
Gemini Links 23/08/2025: August Questions and Network Solutions: Links for the day
IRC Proceedings: Friday, August 22, 2025: IRC logs for Friday, August 22, 2025
Microsoft Has Issues in Guyana: It's not just Guyana
About 25% of the "Linux" News/Results in Google News Today Are LLM Slop, Almost 20% From the Same Rogue Operators of Slopfarms: Google, which tries to market itself as an LLM giant, apparently fails to understand what's wrong with it
Harassing People on Holiday: There are "no-go areas"; but that assumes all laws firms have ethical standards
The Great, Undeniable Value of Paper Trail, Not Purely Digital Systems: Suppose you have nothing but bits on someone else's computer and "word of mouth"...
The Company Behind Ars Technica, Reddit and Wired Caught Publishing LLM Slop (It Also Admits It Now): Condé Nast busted
Links 22/08/2025: Lagrange 1.18.8, Wired Magazine and Business Insider Caught Resorting to LLM Slop: Links for the day
This Saturday It's Gonna be 3.5 Years* Since Russia Invaded Ukraine. No Microsoft Protests Against Microsoft Having Provided Russia With Services.: Companies do not have consistent policies and enforcement of "corporate values" is somewhat of an egg salad
Slopwatch: Sites Gone Rogue, Google Promoting Lies, and DDoS Attacks by Plagiarism Giants: Charlatans and frauds engage in a war against artistic industries, mislabeling plagiarism as "AI"
Links 22/08/2025: Cisco Layoffs, LA Times Says "AI Hype is Fading Fast": Links for the day
Gemini Links 22/08/2025: K for Kentucky and Caddy Versus LLM Slopbots: Links for the day
The "End Software Patents" Initiative of the FSF Explains "WHY [to] ABOLISH SOFTWARE PATENTS": We hope to cover patent-related issues more and more as the big anniversary of the FSF approaches
Freenode Sniffing: The grown-ups left the building
The Only Thing Worse Than Misinformation is Misinformation Sold to Everyone as "Intelligence": Misplaced trust is worse than none at all
The Register MS Now Openly Admits LLM Hype Does Damage, But It's Also Being Paid to Participate in the LLM Hype (With Paid 'Articles' and 'Webcasts' for Paying Advertisers): The Register MS gets paid to do this
End of the Smartphone Era? No.: Maybe the media should focus on producing accurate, factual news
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, August 21, 2025: IRC logs for Thursday, August 21, 2025
Enshittification of Airports, Airlines, and Airplanes: If people are willing to tolerate standard declines and enshittification (nowadays sold as "pivot to AI" or "replaced by AI" or "AI layoffs") they will pay for it some other way
Latest Is Not Greatest: The Case of "Foldable" Tech: don't be shamed into abandoning old things just because the "fashion industry" of Apple and Samsung tells you to
Airlines and Their Tricks That Only Work in the 'Digital Age': People sceptical of the direction technology has taken are not "Luddites"
Open Source Initiative (OSI), Which Became a Propaganda Front of Microsoft and "Hey Hi" (Hype, Misnomer), Wants You to Forget These Scandals: A lot of these issues won't be set aside until there's a resolution
The Culture of Overnight Coding: An industry-wise push-back is needed
Windows Down to New Lows in Guinea Bissau and Many Countries Around It: If Android is accounted for, Windows is down to about 10%
Gemini Links 21/08/2025: Modern Dating, Debian 13, and Apache: Links for the day
Microsoft Has Had About 10 Waves of Mass Layoffs So Far This Year (Not Two as Mainstream Media and Slopfarms Endlessly Claim): Notice how the MSM (Mainstream Media) never mentions the debt of Microsoft. It is a conscious, deliberate decision.
Links 21/08/2025: Covid Cases on the Rise, "Social Media Trolls", Russia's Attacks Intensify: Links for the day
Gemini Links 21/08/2025: The Attraction of Back Alleys, Initramfs, and BSD ISPs: Links for the day
Links 21/08/2025: Stephanie Shirley Dies and "Groklaw Domain Hijacked?": Links for the day
Search in 2025 (Age of DDoS Attacks Under the Guise of "AI" "Innovation"): One common concern when things go "live" is that any random bot out there can execute queries, pumping up RAM and CPU usage, as happened when we used MediaWiki and WordPress
Using Slop for Images Does Not Make Your Site Look Advanced or Witty, It Just Makes Your Whole Work Look Like Presumed Plagiarism: Lazy slobs and Serial Sloppers use the guise/excuse of "AI" to plagiarise and spam the Web
Financing of the "Hey Hi" (AI) Bubble by Those Who Profit From Planetary Destruction (Global Warming): It's about personal gain, too
Richard Stallman Will Speak in Ethereum Cypherpunk Congress: it's good to see that the FSF pays considerable respect to it founder, who is moreover invited to speak at events
(At Least) Second Wave of Mass Layoffs in Microsoft This Month: This is not the first time this month that Microsoft has mass layoffs
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, August 20, 2025: IRC logs for Wednesday, August 20, 2025

If Microsoft Cannot be Sued Over Liability, Can it be Sued for Negligence?

Recent Techrights' Posts