Software is a consumer product. Period. Subject to consumer protection laws at least in the US. You may think it is not a fair comparison. I don't personally think the licensing agreements are fair and I think the legality will eventually be brought into question.
Which brings the extended analogy into play here. Micro$oft has written into their license that, "Disclosure of the results of any benchmark test of the .NET Framework component of the Software to any third party without Microsoft's prior written approval is prohibited." .... I am not allowed to share my satisfaction/dissatisfaction with the product based on real world testing. Lets see if Firestone makes you sign a contract that says you can't test thier tires and tell anybody about it?
"Renting, leasing, or lending the Software (including providing commercial hosting services) is also prohibited." See this sounds like a violation of fair use of material. This really is the same as fair use of any copyrighted material.
Let's continue, "Reverse engineering, decompiling, or disassembling the Software is prohibited, except and only to the extent that such activity is expressly permitted by applicable law notwithstanding this limitation." Oh, so now if it is broke and causes my multi-billion dollar business unit millions of dollors of loss I can't try to fix it myself.
After a really long rant on how Micro$oft is not liable for any DIRECT damages due to thier negligence, etc. comes in the BIG letters, "ALSO, THERE IS NO WARRANTY OR CONDITION OF TITLE, QUIET ENJOYMENT, QUIET POSSESSION, CORRESPONDENCE TO DESCRIPTION, OR NON-INFRINGEMENT WITH REGARD TO THE SOFTWARE." read that to mean your privacy means diddly squat. So those tires you have might have supersecret spy cameras in them and its just too bad for you we built them that way.
Again in big letters, "TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL MICROSOFT OR ITS SUPPLIERS BE LIABLE FOR ANY SPECIAL, INCIDENTAL, PUNITIVE, INDIRECT, OR CONSEQUENTIAL DAMAGES WHATSOEVER" and just in case you didn't get it right before, they ain't liable for squat. So the whole Firestone case with all the dead bodies, they wouldn't have to pay.
Then the final coup de grace (in large letters), "THE ENTIRE LIABILITY OF MICROSOFT AND ANY OF ITS SUPPLIERS UNDER ANY PROVISION OF THIS EULA AND YOUR EXCLUSIVE REMEDY HEREUNDER SHALL BE LIMITED TO THE GREATER OF THE ACTUAL DAMAGES YOU INCUR IN REASONABLE RELIANCE ON THE SOFTWARE UP TO THE AMOUNT ACTUALLY PAID BY YOU FOR THE SOFTWARE OR US$5.00." My million dollar loss gets me software cost plaus five bucks.
Then the license isn't even really a signed agreement. How that contract has become legally binding boggles my mind. What a coup for corporate America.
my
$.02
----Original Message Follows----
From: "JAVIER OTERO" <[EMAIL PROTECTED]>
To: ~Kevin Davis³ <[EMAIL PROTECTED]>,<[EMAIL PROTECTED]>
Subject: RE: Microsot Liability for vulnerabilities
Date: Wed, 23 Jul 2003 12:55:23 -0500
MIME-Version: 1.0
Received: from outgoing3.securityfocus.com ([205.206.231.27]) by mc7-f2.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Wed, 23 Jul 2003 16:55:29 -0700
Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])by outgoing3.securityfocus.com (Postfix) with QMQPid 34420A444D; Wed, 23 Jul 2003 16:47:11 -0600 (MDT)
Received: (qmail 17762 invoked from network); 23 Jul 2003 17:56:00 -0000
X-Message-Info: JGTYoYF78jEHjJx36Oi8+Q1OJDRSDidP
Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm
Precedence: bulk
List-Id: <security-basics.list-id.securityfocus.com>
List-Post: <mailto:[EMAIL PROTECTED]>
List-Help: <mailto:[EMAIL PROTECTED]>
List-Unsubscribe: <mailto:[EMAIL PROTECTED]>
List-Subscribe: <mailto:[EMAIL PROTECTED]>
Delivered-To: mailing list [EMAIL PROTECTED]
Delivered-To: moderator for [EMAIL PROTECTED]
content-class: urn:content-classes:message
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Message-ID: <[EMAIL PROTECTED]>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Microsot Liability for vulnerabilities
Thread-Index: AcNRLuvBVmmmhRvvRSOCPjc1D9c81QAEzsrA
Return-Path: [EMAIL PROTECTED]
X-OriginalArrivalTime: 23 Jul 2003 23:55:29.0859 (UTC) FILETIME=[E56C0130:01C35175]
I come from IBM old machines (360, 370, 303x, 308x) working with old technology (from 60s) in hardware and software, they fail maybe one time each a month, now this "old" technology fails each year or less.
Why the "new" technology fails too much?
Is realy for serius bussiness? or for toy bussines?
OK the computer technology is 50 years old, if we remembrer the airplanes 50 yeas ago like DC3, DC3 is MORE secure for fligth than actual system computers in general, imagine if the DC3 crash each 100 fligths, does you parents fligth? how many fligths each day? if the 1% crash MY GOOD !!!!!, How many demands .....
My 2 mexican cents.
Ing. Fco. Javier Otero De Alba Grupo Smartekh Antivirus Expertos Bussiness Continuity Inftegrity 5243-4782 al 84 Ext.300 México, D.F.
-----Mensaje original----- De: ~Kevin Davis³ [mailto:[EMAIL PROTECTED] Enviado el: Martes, 22 de Julio de 2003 09:48 p.m. Para: [EMAIL PROTECTED] Asunto: Re: Microsot Liability for vulnerabilities
I'm not making excuses for bad code. However, I don't feel that comparing software products to other consumer products is quite fair. One thing to keep in mind when comparing software with other products is that software and software engineering is a very young field particularly when taken in the context of selling products to the general public in any significant measure. The consumer car industry has been around for 100 years. Software standards and quality control standards are just now starting to take some semblance of shape. Add on top of that having to deal with an environment (computer hardware) which changes so fast that in less than five years it is obsolete and almost every component replaced with something different. And at the same time consumers demand ever increasing sophistication in their software. Everything becomes a moving target.
It is not really even fair, IMO, to compare it to state of the art consumer electronics which often has less than desirable failure rates and product lifespans. Although there may be quite a few new components, a large portion of the design and components are typically based upon many decades and decades of proven design techniques. What about plasma TVs? They cost as much as a car, and are supposedly susceptible to burn in and a lifespan of about 1/4 of a normal TV. It is not uncommon to spend $1000's of dollars on a doctor only to have them accomplish nothing and assuming no malpractice was committed, you have no recourse to recoup your money. In fact the doctor can operate on you, you can die, and not only is he exempt from being sued, he still expects to get money for it. Big money. It mostly boils down to understanding the product/service, it's market, and the associated risks. There probably have been many fields that have had poor reliability and quality control track records in the first decade or two they offered products to the general public.
Another item to throw in the mix is that the demand for *secure* consumer software is extremely new. It really hasn't come to a head until the last few years. For the longest time people were screaming at Microsoft to make a more *stable* Operating system (and rightly so) and security was much less of a concern.
I do hope and expect that software will become better as the field matures. It will not happen overnight, though. It didn't with any field of any complexity.
~Kevin Davis³
What possibly could go wrong?
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
