[28593] in North American Network Operators' Group
Re: product liability (was: Virus Update)
daemon@ATHENA.MIT.EDU (William Allen Simpson)
Tue May 9 12:26:34 2000
Message-ID: <39183B9F.D0352B43@greendragon.com>
Date: Tue, 09 May 2000 12:24:23 -0400
From: William Allen Simpson <wsimpson@greendragon.com>
MIME-Version: 1.0
To: Jim Mercer <jim@reptiles.org>
Cc: nanog@merit.edu
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
Jim Mercer wrote:
> actually, i don't think this is strictly microsoft's fault.
>
> the companies that "lost" that $8,000,000,000 are responsible for their own
> actions. they ignored the vulnerability reports as well.
>
I don't accept this argument. You are saying that we need to sue our
customers for using a faulty product, rather than the vendor of the
faulty product. My understanding of product liability doesn't jibe
with that illogic.
Very few customers follow security digests, and fewer have the resources
to enforce installation of patches and non-default setup. The product
is functioning as delivered.
The only recourse for our customers would have been to use a non-M$
product. M$ has been using a monopoly position to leverage Internet
services.
While we encourage our customers to use better products, time and time
again, we find that they install M$ anyway. Their accounting runs
on 98+NT, their patient record system run on 98+NT, heck, their
constituent mail tracking package runs on 98+NT.... They use NT for
"firewall", NAT, etc.
> how long would they keep a voice mail system that automatically dialed the
> return number, regardless of local or long distance charges?
>
Speaking from past experience, they would keep a Rolm PBX that fails
to record such things -- because it's too expensive to replace the system
in lost time and business -- then sue Rolm for the consequential damages
(resulting in near bankruptcy for Rolm, which was bailed out by IBM).
But, this case is even worse, the equivalent of incurring a long-distance
conference call to every previous caller, upon picking up the phone
without dialing anything!
> one would hope that incidents like this would help educate the decision
> makers, but, alas, they are just sheep being gobbled up by the microsoft wolf.
>
Your BSD signature reveals your bias.
While I may agree with the sentiment, suing our customers for ignorance
would likely be counter-productive for regaining lost revenues....
WSimpson@UMich.edu
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
