EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

11.13.09

If Microsoft Cannot be Sued Over Liability, Can it be Sued for Negligence?

Posted in Law, Microsoft, Security, Vista 7, Windows at 1:19 pm by Dr. Roy Schestowitz

“Our products just aren’t engineered for security.”

Brian Valentine, Microsoft executive

Summary: Microsoft’s inability (or unwillingness) to protect customers from severe flaws raises important questions regarding negligence

AS WE stressed last year, Microsoft publicly addresses flaws it is aware of only/usually when attacks begin. Otherwise, Microsoft lies about security. It tells what shareholders want to hear. So although the test of liability may not pass legal muster, negligence does. Should Microsoft be sued as some journalists have already suggested?

The latest serious exploit that affects Vista 7 (there are more examples appended at the bottom of this post) is so valuable for showing how Microsoft ignores security problems and improperly handles them until it’s too late. SJVN argues:

I do wonder sometimes about Microsoft’s quality assurance. No, I tell a lie. I always wonder about Microsoft’s quality assurance. As in, “How can they keep making mistakes like this?” In the latest, a new SMB vulnerability has been found and exploited that can lock-up any Windows 7 or Server 2008 R2 system.

As reported in ComputerWorld, Laurent Gaffie posted details of the vulnerabilities, along with proof-of-concept exploit code, to the Full Disclosure security mailing list today, as well as to his personal blog. Gaffie claimed that his exploit crashes the kernel in Windows 7 and its server sibling, Windows Server 2008 R2, triggering an infinite loop. Or, as he puts in so well in the exploit’s code: “‘Most Secure Os Ever’ –> Remote Kernel in 2 mn. #FAIL,#FAIL,#FAIL”

[...]

Oh, and Microsoft, hurry up and fix this. OK? This is embarrassingly bad.

This is not just “embarrassingly bad”, it is practically very bad because exploit code is already out there while Microsoft is still “investigating”.

Microsoft has reportedly begun investigating a potentially nasty denial of service vulnerability affecting Windows 7.

Microsoft has been caught hiding vulnerabilities and their fixes (secret fixes which invisibility of proprietary software enables), probably for raves about numbers, i.e. illusion of safety. How long has Microsoft known about this for and why is there no patch yet?

On Vista 7 insecurity:

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. IRC Proceedings: Thursday, January 16, 2020

    IRC logs for Thursday, January 16, 2020



  2. Links 16/1/2020: Mozilla Layoffs, PinePhone Braveheart Shipping, KDE Plasma 5.18 LTS Reaches Beta

    Links for the day



  3. Microsoft is a Market Leader in Lying and Corruption

    Microsoft is working hard to describe itself as the exact opposite of what it is and what it has been; ‘Internet rot’ helps a lot with this agenda, not to mention control of the media (the narrative)



  4. The European Patent Organisation Continues to 'Piss All Over' Separation of Powers

    The EPO continues to scatter invalid patents (IPs) that are European Patents (EPs) all over Europe and nobody can stop this, not even the judges of the EPO because they lack independence (by their very own admission)



  5. Zealots of Team UPC (Patent Litigation) Now Attacking the Courts and the Judges, Removing Their Mask on the Face of Things...

    The tactics of Team UPC aren't changing, only the shamelessness associated with these tactics is changing (because it looks like the end of days to them)



  6. Microsoft Now Uses or Leverages Software Freedom Against Free Software

    A reader's explanation of what Microsoft is trying to accomplish with its so-called 'embrace' and what steps will come next (how they manifest themselves)



  7. IRC Proceedings: Wednesday, January 15, 2020

    IRC logs for Wednesday, January 15, 2020



  8. Links 15/1/2020: CentOS Linux 8.1, Oracle VirtualBox 6.1.2 and GNU Sed 4.8

    Links for the day



  9. OSI Board at Microsoft: This is How Institutions Die or Completely Lose Their Purpose/Direction

    The photo (or meeting) may mark the turning point of the Openwashing as-a-Standard Initiative (OSI), which less than a year earlier took a bucket of money from Microsoft



  10. IRC Proceedings: Tuesday, January 14, 2020

    IRC logs for Tuesday, January 14, 2020



  11. When Microsoft's Actions Speak for Themselves (About Back Door Access)

    Unwittingly, people are being reminded of the 'special relationship' between Microsoft and the US Army (or government); The back doors or bug doors are still there, even 7 years after Edward Snowden's NSA leaks



  12. Why You -- Yes, You Too -- Should Consider Migrating to GNU/Linux

    The window is closing (and Windows/Vista 7 closing down); the chance to use machines that the users actually control is still there



  13. Can We Please Stop Lying for Microsoft in the Mainstream Media?

    Dishonesty for short-term financial gain (e.g. advertising money) will be a big loss in the long run. There’s a reason why so many news sites perish and Datamation (where I wrote more than a decade ago) now throws away remnants of reputation by spreading a big lie from Microsoft.



  14. It's Only Factual and Truthful to Point Out That About Half of the EPO's Management Committee Are From the President's Nation (and Many Are Underqualified Friends of His)

    The patent-granting extravaganza of what a reader and contributor of ours likes to call "Club Med" will result in great pain (not just for the Office but for Europe as a whole); pointing out who's to blame (the culprits) is an exercise in practicality



  15. Stranger Than Fiction: Team UPC's Mental Condition

    Team UPC's delusions continue to unmask UPC proponents (in 2020) as totally and entirely detached from reality



  16. Links 14/1/2020: IBM Joins LOT Network; X.Org Server 1.20.7, Tails 4.2.2 and Zanshin 0.5.71 Released

    Links for the day



  17. Vista 7 is Dead, Long Live GNU/Linux

    A reminder of Microsoft’s universal “PC tax” ambitions — evidence that the company was never interested in ‘playing nice’ with anybody



  18. Links 14/1/2020: Git v2.25.0 and End of Vista 7

    Links for the day



  19. Systematic Abandonment of the Independence of Judiciary at the EPO (or Collective Amnesia)

    The ‘constitution’ or the convention upon which the EPO is based (known as EPC) is routinely violated and nobody seems to care anymore; the EPO governs itself and conducts itself without as much as a fundamental legal text



  20. They Always Say They Love Linux (and 'the Children')

    Microsoft says it “loves Linux” and the Gates Foundation insists it “loves children” but the real underlying motivations have more to do with monopoly (Windows, Monsanto etc.) and nothing to do with “Linux” or “children” or whatever



  21. The Media's Obligation is Not to Repeat the Lies of EPO Management, But Money Changes Things

    The ridiculous lies about prospects of the Unified Patent Court are now spreading to EPO-friendly publishers — few powerful people to whom truth isn’t valued as much as the customers (their subscribers and sponsors are law firms)



  22. IRC Proceedings: Monday, January 13, 2020

    IRC logs for Monday, January 13, 2020



  23. The FSF and GNU Need a Better Savannah to Attract GitHub Refugees

    Thomas Grzybowski's explanation of why GitHub poses a risk to software freedom and what can be done about it



  24. Links 13/1/2020: Linux Lite 4.8, Linux 5.5 RC6, Corebird Continues as ‘Cawbird’

    Links for the day



  25. GNU is Not Linux and Not UNIX, Either

    When GNU started it needed to clarify that it wasn't UNIX but a UNIX-like replacement for it; now it needs to argue, sometimes in vain, that calling GNU with Linux just "Linux" is factually wrong



  26. Mansion of Pedophilia – Part VII: Guilty Verdict in Case of Pedophilia (Staff at the Mansion of Bill Gates), But Where Was the Mainstream Media?

    We take our first glimpse at court documents and a preliminary look (overview) of what the case in question entailed, with updates on the record for almost 5 years



  27. IRC Proceedings: Sunday, January 12, 2020

    IRC logs for Sunday, January 12, 2020



  28. Open Letter to Richard Stallman About the Free Software Movement

    New letter to the founder of GNU and the FSF; the authors "wish to have it published as an open letter as well."



  29. Links 12/1/2020: End of Windows 7, LibreOffice 6.4 RC2 and Sparky 5.10

    Links for the day



  30. EPO Management Already Meddles in (Illegally and in Clear Violation of the EPC) BoA Cases. Now It Does the Same to Bundesverfassungsgericht (FCC, Germany's Constitutional Court).

    Germany’s Federal Constitutional Court (FCC) cannot be left alone by Team UPC, its media front groups (or pressure groups with publication as a weapon) and the EPO’s active ‘harassment’ of those assessing legality; this merely reinforces many people’s negative views (the EPO operating outside the rule of laws which govern it)


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts