11.13.09

If Microsoft Cannot be Sued Over Liability, Can it be Sued for Negligence?

Posted in Law, Microsoft, Security, Vista 7, Windows at 1:19 pm by Dr. Roy Schestowitz

“Our products just aren’t engineered for security.”

Brian Valentine, Microsoft executive

Summary: Microsoft’s inability (or unwillingness) to protect customers from severe flaws raises important questions regarding negligence

AS WE stressed last year, Microsoft publicly addresses flaws it is aware of only/usually when attacks begin. Otherwise, Microsoft lies about security. It tells what shareholders want to hear. So although the test of liability may not pass legal muster, negligence does. Should Microsoft be sued as some journalists have already suggested?

The latest serious exploit that affects Vista 7 (there are more examples appended at the bottom of this post) is so valuable for showing how Microsoft ignores security problems and improperly handles them until it’s too late. SJVN argues:

I do wonder sometimes about Microsoft’s quality assurance. No, I tell a lie. I always wonder about Microsoft’s quality assurance. As in, “How can they keep making mistakes like this?” In the latest, a new SMB vulnerability has been found and exploited that can lock-up any Windows 7 or Server 2008 R2 system.

As reported in ComputerWorld, Laurent Gaffie posted details of the vulnerabilities, along with proof-of-concept exploit code, to the Full Disclosure security mailing list today, as well as to his personal blog. Gaffie claimed that his exploit crashes the kernel in Windows 7 and its server sibling, Windows Server 2008 R2, triggering an infinite loop. Or, as he puts in so well in the exploit’s code: “‘Most Secure Os Ever’ –> Remote Kernel in 2 mn. #FAIL,#FAIL,#FAIL”

[...]

Oh, and Microsoft, hurry up and fix this. OK? This is embarrassingly bad.

This is not just “embarrassingly bad”, it is practically very bad because exploit code is already out there while Microsoft is still “investigating”.

Microsoft has reportedly begun investigating a potentially nasty denial of service vulnerability affecting Windows 7.

Microsoft has been caught hiding vulnerabilities and their fixes (secret fixes which invisibility of proprietary software enables), probably for raves about numbers, i.e. illusion of safety. How long has Microsoft known about this for and why is there no patch yet?

On Vista 7 insecurity:

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 23/11/2020: Linux 5.10-rc5, GIMP Turns 25, 4MLinux 34.2, Escuelas Linux 6.11, MPV Player 0.33

    Links for the day



  2. How to Put on Airs of Professionalism Like a Boss

    "Boardroom suits are not meant to be flashy, but to conform. Simple lines and smart ties -- the opposite of what Richard Stallman would wear, show that you are either a well-machined cog or a serious adversary."



  3. IRC Proceedings: Sunday, November 22, 2020

    IRC logs for Sunday, November 22, 2020



  4. Legal Action at the European Patent Office (EPO) Leveraged Against Management... for Robbing EPO Staff and Robbing Europe, by Extension

    The EPO is being looted for its value; the staff is rightly concerned and there’s legal action on the way, filed reluctantly as there’s clearly no other option (a last resort/necessary recourse)



  5. Cory Doctorow at Privacy Week 2020 on DRM, Freedom/Software Freedom, Regulation, Etc.

    “We Used To Have Cake, Now We’ve Barely Got Icing” by Cory Doctorow.



  6. Links 22/11/2020: KaOS 2020.11, Calindori 1.3, KStars 3.5.0

    Links for the day



  7. New Position Paper on the Unified Patent Court (UPC) Says It's “Not the Best Solution for Europe” -- Clearly an Understatement

    UPC proponents (profiteers) aren't enjoying support anymore; not only has progress stalled (come to a complete stop) but the whole debate about the UPC (or anything conceptually like it) turned toxic and negative because facts come out, overriding lobbyists of litigation giants



  8. Mortality Rates Increase at the EPO and Christmases (or Holidays) During Corona Mean Fewer Days Off

    There's still no sign (other than hand-waving and empty gestures/smiles) that the EPO's management wishes to right the wrongs and undo the damage done over the past decade or so; in some ways, today's management is worse than ever before (grossly incompetent and eager to break the law at every turn)



  9. Newly Abnormal: A Crackdown on EPO Staff and Labour Rights in 'Survey' Clothing (Willis Towers Watson)

    In a very characteristic fashion, with zero consultation/input from staff (or staff representatives/union leaders) EPO President António Campinos proceeds to implementing illegal ‘reforms’, assuring any remaining non-sceptics that he’s just another Benoît Battistelli



  10. IRC Proceedings: Saturday, November 21, 2020

    IRC logs for Saturday, November 21, 2020



  11. [Meme] Good Advice From the FSF, So It's Time to #DeleteGitHub

    A good gift for the FSF would be git; not GitHub, but git



  12. Go Distributed, Go Encrypted, Go Secure, Transparency Still Possible

    Earlier today we enhanced access to our (sometimes anonymised) IRC logs by issuing text (ASCII) versions, which will from now onwards be a nightly/daily occurrence; we're also making everything we publish accessible from a large number of IPFS nodes (akin to P2P)



  13. IAM Celebrating and Glorifying Illegal Patents With Fake 'Awards' and Bogus 'Endorsements'

    IAM's fake 'awards' are nothing more than business and agenda-steering lies; it's time to call out again the real corruption that's driving IAM (which is itself supporting and advocating corruption)



  14. Been There, Done That: Team UPC's 'October' Becomes 'Early November' and Now Late November

    The self-serving litigation fanatics who mislead their customers are still at it; Bristows says that UPC has no issues other than “delay”



  15. The Only Real Dialogue the 'European' Patent Office is Having... is With Litigation Parasites, Even Foreign Ones

    The EPO's mask falls off again, revealing a ruthless herd immunity-like mentality that welcomes patent trolls, threatens/condemns actual scientists, harms Europe and basically does a disservice to everybody



  16. Inside the EPO During Corona: SUEPO (EPO Staff Union) and the Central Staff Committee Blast the Office for Illegal Practices and Threaten Legal Action

    The Staff Union of the European Patent Office (SUEPO) and the Central Staff Committee (CSC) are escalating their tone; the management of the Office and the Organisation is running out of time as staff loses its patience and its tolerance for the repeated abuses by the administration



  17. IRC Proceedings: Friday, November 20, 2020

    IRC logs for Friday, November 20, 2020



  18. Links 21/11/2020: Coreboot 4.13, EasyOS 2.5, Wine 5.22, Gmusicbrowser 1.1.16

    Links for the day



  19. Links 20/11/2020: Xfce 4.16pre2 and Qt Releases

    Links for the day



  20. Open Letter to Mogzagain (No Worries)

    figosdev responds to a concerned reader of Techrights, who wants Free software to succeed



  21. Better Privacy Than Pretty Good Privacy

    We're getting into distributed-as-in-decentralised and encryption-enabled page distribution; we're also likely to be adopting Sequoia-PGP over time



  22. Inside the EPO During Corona: The EPO is Violating Workers'/Stakeholders' Privacy and Breaking Data Protection Law (Again)

    There's no respect for the law or for the dignity/privacy of EPO staff; whenever the subject is being brought up there's nothing but stonewalling and the Data Protection Officer is a friend of the offender, who would be reluctant to oversee anything



  23. Conduct of EPO Management Lacks “Basis in Legality” According to EPO Staff Representatives

    The ongoing assault on staff of the EPO isn't going unnoticed and for the impression of consent (acceptance of this assault) a survey is being imposed on workers (with pressure put by line managers to participate); Europe as a whole is under assault from the EPO, whose decision-making groups are entirely infiltrated by special interests (to give an impression of professional consultation)



  24. Inside the EPO During Corona: Managers Don't Think of the Children, Cut Their Budget for First Time in Half a Century

    The systematic attack on staff's rights and welfare shows no signs of stopping; the so-called 'president', who isn't even showing up for meetings with staff, has turned Europe's second-largest institution from cash cow into a cash laundering apparatus that eats its own workers



  25. IRC Proceedings: Thursday, November 19, 2020

    IRC logs for Thursday, November 19, 2020



  26. Links 20/11/2020: Mir 2.2, Istio Releases, Linux 5.9.9

    Links for the day



  27. Inside the EPO During Corona: Sending Staff Home to Justify Cutting Their Benefits and Maybe Even Key Allowances

    Questions linger and are being raised by the Central Staff Committee of the EPO, seeing that there's no sign of standard EPO contracts being respected anymore



  28. Inside the EPO During Corona: Acting Chairperson of the Central Staff Committee of the EPO Suggests Involving Staff Representatives in Corona Task Force

    Back in summer, not too long after many scandals (even talk of layoffs) and after the June elections, Cláudia Lopes sent the following letter to the dictator and his Chief of Staff



  29. Inside the EPO During Corona: There's No Rule of Law Anymore and That Takes Its Toll on 'Low-Level' Staff

    The EPO continues to assault its sole real asset (highly knowledgeable staff on the payroll), dooming any prospects of recovery during or after the crisis; to make matters worse, nobody holds the EPO accountable anymore (at least staff representatives are trying to)



  30. Nettle and Sequioa for Encryption (as GnuPG Alternative)

    Concerns about GnuPG's Koch facilitating or allowing practices that aren't secure and are even proprietary raise concern among privacy and security specialists; alternatives exist already


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts