11.13.09

If Microsoft Cannot be Sued Over Liability, Can it be Sued for Negligence?

Posted in Law, Microsoft, Security, Vista 7, Windows at 1:19 pm by Dr. Roy Schestowitz

“Our products just aren’t engineered for security.”

–Brian Valentine, Microsoft executive

Summary: Microsoft’s inability (or unwillingness) to protect customers from severe flaws raises important questions regarding negligence

AS WE stressed last year, Microsoft publicly addresses flaws it is aware of only/usually when attacks begin. Otherwise, Microsoft lies about security. It tells what shareholders want to hear. So although the test of liability may not pass legal muster, negligence does. Should Microsoft be sued as some journalists have already suggested?

The latest serious exploit that affects Vista 7 (there are more examples appended at the bottom of this post) is so valuable for showing how Microsoft ignores security problems and improperly handles them until it’s too late. SJVN argues:

I do wonder sometimes about Microsoft’s quality assurance. No, I tell a lie. I always wonder about Microsoft’s quality assurance. As in, “How can they keep making mistakes like this?” In the latest, a new SMB vulnerability has been found and exploited that can lock-up any Windows 7 or Server 2008 R2 system.

As reported in ComputerWorld, Laurent Gaffie posted details of the vulnerabilities, along with proof-of-concept exploit code, to the Full Disclosure security mailing list today, as well as to his personal blog. Gaffie claimed that his exploit crashes the kernel in Windows 7 and its server sibling, Windows Server 2008 R2, triggering an infinite loop. Or, as he puts in so well in the exploit’s code: “‘Most Secure Os Ever’ –> Remote Kernel in 2 mn. #FAIL,#FAIL,#FAIL”

[...]

Oh, and Microsoft, hurry up and fix this. OK? This is embarrassingly bad.

This is not just “embarrassingly bad”, it is practically very bad because exploit code is already out there while Microsoft is still “investigating”.

Microsoft has reportedly begun investigating a potentially nasty denial of service vulnerability affecting Windows 7.

Microsoft has been caught hiding vulnerabilities and their fixes (secret fixes which invisibility of proprietary software enables), probably for raves about numbers, i.e. illusion of safety. How long has Microsoft known about this for and why is there no patch yet? █

On Vista 7 insecurity:

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.

Permalink Mail Send this to a friend

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New

CAFC Decision Still Overridden by Overzealous Patent Lawyers in the Press, The Guardian and Other Corporate Press (CBS and AFP Included) Still Guard the Establishment

Analysis of a sceptical kind of corporate press coverage regarding software patents in the US; great examples of how Microsoft- and Gates-funded press outlets tend to get it all wrong on the facts, smearing digital freedom fighters
Software Patents Debate Still Open in New Zealand and the US

In spite of distraction attempts, the debate over software patents continues to stress that there is a real danger
WebM is No Ogg, It is Not Freedom-Respecting Anymore, Even in Countries That Have No Software Patents

Why Google needs to fix the licence of VP9, or simply stop pretending that it should be the only de facto standard for multimedia
Microsoft Violates Google Licences

The champion of 'IP' and licensing (extortion) is not much of a champion after all, based on new reports, not just a lot of old ones
Skype Teaches Us That All Microsoft Software Should be Assumed Spyware Unless Proven Otherwise

The broader implications of Microsoft adding spying 'features' to Skype
Links 23/5/2013: Threat to Civil Rights in UK, KDE 4.11 LTS

Links for the day
Links 22/5/2013: Debian GNU/Hurd, New Go Language Release

Links for the day
The FRAND Apple-Microsoft Conspiracy Attempts to Destroy Android/Linux, Ban Imports

How Microsoft and Apple are using patents in bulk (sometimes acquired in unison, e.g. from Novell and Nortel) to artificially lower market saturation of the Android operating system or drive costs up
Gates Foundation: Buying Influence for Bill's Ego and Bill's Profit

New examples of power being acquired and investments (i.e. for profit) being funnelled into the beneficiaries
Bill Gates Enters Financial Centres With His Goons Becoming US Budget Chief, Top Bankers

How Bill Gates' staff is entering positions of financial power, indirectly giving Gates power over US (national and international) finance
IBM Ignores Small Companies' Interests, Denies Patent Scope is a Problem, Focusing on Its Own Problems (Trolls) Instead

How David Kappos and IBM (his longtime employer) continue to ignore the obvious problem which kills small businesses and everyone is complaining about
The New York Times Publishes Factually-Flawed Patent Propaganda Benefiting Microsoft and Apple

Eamonn Fingleton is rewriting history in the US' top newspaper, insinuating that patents contributed to the rise of software duopolists
Software Patents Eligibility Likely to be Decided by SCOTUS

Analyses suggest that an escalation by appeal to SCOTUS is likely to be the next stage in 'Bilski 2.0'
Does Bill Gates Try to Flush GNU/Linux Down the Toilet in Kerala?

Renting Microsoft software rather than using Free (as in freedom, or libre) software?
Links 21/5/2013: Handbrake Turns 0.9.9, NetBSD 6.1

Links for the day
Links 20/5/2013: First Salifish Smartphone, Mageia 3 Released

Links for the day
Microsoft Corruption (Illegal Tenders) Stopped by European Court

Microsoft cannot bypass public tenders, based on a ruling from a court of law in Europe
Not Satire: Microsoft Wants to Show the World How Security is Done

Software security 'standard' to be led by the company which made insecurity an acceptable engineering practice?
Microsoft is Struggling to Maintain Industry 'Standards'

With Microsoft's common carrier and browser share down considerably Microsoft finds itself increasingly irrelevant and it tries subversive means of making another comeback
Microsoft Entryism and Bribery Get the Microsoft Way Implemented

A recollection of very dirty tactics from Microsoft, which uses money to oppress, overthrow, and even hijack its opposition
Patent Policy Laundering in the European Union and New Zealand

How the so-called 'free' trade agreements help spread patent policy which favours software patents
Ongoing Focus on Patent Litigation and Patent Trolls Reduces Focus on Software Patents

The problem with increased focus on the players that use software patents litigiously and the litigation itself
Andrew Y. Schroeder Shows That Patent Lawyers Are Sociopaths

Bully and law misuser is trying to get his way with foul language, intimidation, and sheer lack of professionalism
IBM-backed Book on 'Open Innovation'

OpenForum Europe (OFE), which helps IBM's turf wars in Europe, releases a new book filled with its talking point
Joseph E. Stiglitz Criticises the Patent System

More critical words about the patent system and the way it is harming lives
Senator Schumer Should Focus on Software Patents, Leaving Patent Trolls (Side Effect) Aside

Reform in the USPTO and the US courts should focus on patent scope and not patent holders
Links 20/5/2013: Plenty of Linux News, Google/Android Announcements

Links for the day
IRC Proceedings: May 12th, 2013-May 18th, 2013

IRC logs for May 12th, 2013 (and subsequent days until May 18th, 2013)
Microsoft Spin Regarding Skype Spying Does Not Withstand Scrutiny

Microsoft's response to allegations that Skype is spying on all users is full of holes
MPEG-LA Ruined the Licence of WebM, Made it Less Freedom-Respecting

The Microsoft-, Nokia-, and Apple-backed patent troll appears to have ruined the freedom assured by Google's multimedia format, which was previously made free only after public pressure