Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Sued for Defective Software

michael posted more than 11 years ago | from the consumer-safety dept.

The Courts 641

Door-opening Fascist writes "eWeek is reporting that a South Korean citizen action group, People's Solidarity for Participatory Democracy, is suing Microsoft for putting the SQL Slammer vulnerability into Windows. They are doing so on behalf of the South Korean people and businesses affected by SQL Slammer."

cancel ×

641 comments

Sorry! There are no comments related to the filter you selected.

BAH (-1, Troll)

Ty (15982) | more than 11 years ago | (#5896048)

MS is worth more than South Korea as a whole

fuck them!

Re:BAH (0)

Anonymous Coward | more than 11 years ago | (#5896069)

Sorry? Shouldn't that be fuck Microsoft? What do you have against South Korea? You know South Korea are the nice ones, right?

Re:BAH (4, Funny)

setag (549313) | more than 11 years ago | (#5896094)

MS is worth more than South Korea as a whole

fuck them!

Wow. Your logic is flawless.

In other news MS is worth more than Ty(15982) [slashdot.org] ...

Re:BAH (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5896178)

Are you bright? witty? Do you have friends that laugh at your jokes? We at lrse hosting" [lrsehosting.com] are looking for a select few individuals to join our ranks at the internet's premier source of wit [sporks-r-us.com] and style [geekizoid.com] .

Do YOU have what it takes? Register TODAY and FIND OUT!!!!

Just wait... (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5896051)

until Microsoft countersues all of Korea for the sheer volume of spam it generates.

Somewhere in Redmond... (4, Funny)

Scoria (264473) | more than 11 years ago | (#5896060)

Gates: Ballmer, loyal comrade, I've an assignment for you.
Ballmer: Yes, master?
Gates: Say, how much would it cost to purchase the country of South Korea?

Re:Somewhere in Redmond... (3, Funny)

slyxter (609602) | more than 11 years ago | (#5896075)

South Korea.NET
Does have a nice ring to it.

Re:Somewhere in Redmond... (5, Funny)

int2str (619733) | more than 11 years ago | (#5896196)

You mean:

Gates: Ballmer, loyal comrade, I've an assignment for you.
Ballmer: Yes, master?
Gates: Tell GW, South Korea needs to "liberated", too! ;)

Fuck the South Koreans (-1, Flamebait)

Anonymous Coward | more than 11 years ago | (#5896061)

Hope North Korea nukes their asses.

Silly lawsuit (3, Insightful)

PD (9577) | more than 11 years ago | (#5896065)

First, this is not good if he wins, because someone could sue a GPL author for the same kind of deal.

Second, it seems that it would be like suing Stephen King for causing nightmares.

Re:Silly lawsuit (-1, Flamebait)

Anonymous Coward | more than 11 years ago | (#5896103)

yeah but GPL software is normally distributed without warranty. where as windows, Microsoft SQL etc... is

Re:Silly lawsuit (4, Insightful)

Bill Currie (487) | more than 11 years ago | (#5896155)

Either you're trolling, being sarcastic or just plain haven't noticed the NO WARRANTEE blurb in the MS EULA. The only software I know of that had a warrantee was some telco software I worked on a part of in my previous job and it was done on a contract basis (I'm sure there are other examples).

Re:Silly lawsuit (0)

rkz (667993) | more than 11 years ago | (#5896341)

Very few EULA's can stand up in any court, because the user just goes clickety click and even the judges know that noone reads the things. I think a Service Level Agreement is a totally different issue if you want somoneone to sue then get a bespoke software company to write your software and negoiate a contract making them liable for security issues...
I doubt many would go along with it buy you might find somone stupid.

Re:Silly lawsuit (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5896352)

Are you bright? witty? Do you have friends that laugh at your jokes? We at lrse hosting" [lrsehosting.com] are looking for a select few individuals to join our ranks at the internet's premier source of wit [sporks-r-us.com] and style [geekizoid.com] .

Do YOU have what it takes? Register TODAY and FIND OUT!!!!

Re:Silly lawsuit (5, Insightful)

Anonymous Coward | more than 11 years ago | (#5896145)

First, this is not good if he wins, because someone could sue a GPL author for the same kind of deal.

How so? Last I checked, people who released software under the GPL didn't spend millions on advertising that claims said software is secure and reliable.

Plus, GPLed software has the source publicly available, so the argument could be made that reviewing the code before deploying it would comprise 'due diligence' on the part of anyone who wished to use that software, and that if someone didn't do that, it's negligence on their part.

With Microsoft, you can't take a look at their code, you just have to take them at their word (HAH!) when they say how good it is.

GPL = no warranty (1)

Matt Ownby (158633) | more than 11 years ago | (#5896152)

Well the GPL specifically says that it comes with absolutely no warranty and that if it happens to wipe out all your hard drive data, that's just too bad.

Therefore, assuming that the GPL is immune, we can now relax and laugh at Microsoft's plight. :)

Re:GPL = no warranty (0)

Anonymous Coward | more than 11 years ago | (#5896212)

And you're going to tell me that you think any of Microsoft's software comes with any warranty?

Excuse me while I laugh myself blue in the face.

Re:GPL = no warranty (5, Interesting)

The Turd Report (527733) | more than 11 years ago | (#5896220)

Except MS has the same wording in their license.

Re:Silly lawsuit (1)

molarmass192 (608071) | more than 11 years ago | (#5896157)

Totally agree. I'm (chokes) with MS on this one (gah that hurts to say). However, it brings about an important fallacy in many IT manager's trains of though, you can't hold a software maker libel for their crap product, open source or not. Sorry to say this, but tough banana's PSPD, you made your bed, you sleep in it, and for god's sake try to learn from it.

Re:Silly lawsuit (1)

Telastyn (206146) | more than 11 years ago | (#5896242)

Didn't slammer start in Korea?

That'd be more like suing Mattel if Stephen King wrote a story that gave you nightmares of barbie dolls.

Re:Silly lawsuit (2, Insightful)

andyh1978 (173377) | more than 11 years ago | (#5896318)

First, this is not good if he wins, because someone could sue a GPL author for the same kind of deal.
GPL license text [gnu.org] And in capitals, too:
NO WARRANTY

11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.

12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Re:Silly lawsuit (0)

Anonymous Coward | more than 11 years ago | (#5896369)

Of course they can't sue an open source project. They aren't paying money for the open source project. For there to be a remote chance some sort of contract existed between the two parties, they would have had to have given some form of money to the developer. Your comment can be equated to person A suing person B because person A used person B's paper on topic C that had incorrect data in it. Person B owes nothing to Person A. Topic C is presented as is. I really don't know what you're smoking here.

"Putting" the vuln in? (4, Funny)

mrseigen (518390) | more than 11 years ago | (#5896067)

is suing Microsoft
for putting the SQL Slammer vulnerability into Windows

Conspiracy theories inside, who actually intends to put a vulnerability into a product? Perhaps this should be "not fixing the vulnerability" or potentially even "ignoring the problem". I don't think any of Microsoft's programmers intentionally insert bugs into their shipping products... although... nah, it couldn't be.

Re:"Putting" the vuln in? (1)

jfdawes (254678) | more than 11 years ago | (#5896122)

What do you think the raw socket access in Windows XP is?

Re:"Putting" the vuln in? (1)

Textbook Error (590676) | more than 11 years ago | (#5896173)

An excuse for Steve Gibson's paranoid ravings?

Re:"Putting" the vuln in? (1)

evilviper (135110) | more than 11 years ago | (#5896139)

RMS, under an assumed name, is now a highly paid Microsoft programmer... Destroying them from the inside.

Wouldn't be the first time. (5, Insightful)

death to hanzosan (669177) | more than 11 years ago | (#5896180)

Google: AARD:

A Serious Message and the Code That Produced It [ddj.com] .

Microsoft included a bug in the Win 3.1 Beta that caused Dr. DOS users to crash.

Unsurprisingly the makers of Dr. DOS lost their jobs, like many other victims of malicious code.

Re:"Putting" the vuln in? (1)

bergeron76 (176351) | more than 11 years ago | (#5896264)

If I'm not mistaken, didn't one of the Security patches UNPATCH the original patch for this vuln? If that's the case, I can see an arguement for incompetence; but at this point, I'm still on the fence with this whole issue.

I think this is what the submitter meant by "putting the SQL Slammer vuln [back] into Windows".

Just a hunch...

Conspirecy theory #65535 (1)

Drasil (580067) | more than 11 years ago | (#5896272)

Microsoft is distributing insecure software on purpose in order to boost the need for their 'trusted computing' master-plan.

Disclaimer: By reading this statement you agree that I will not be held responsible for any damage resulting from such use.

Re:"Putting" the vuln in? (0)

TrollBurger (575126) | more than 11 years ago | (#5896337)

Do these five lines mean anything:

<html>
<form>
<input type crash>
</form>
</html>

Microsoft putting bugs in their software intentionally?! You wouldn't read about it: http://slashdot.org/article.pl?sid=03/05/02/184524 1&mode=thread&tid=126&tid=95&tid=128&tid=1 13"

Maybe... (4, Insightful)

Bendy Chief (633679) | more than 11 years ago | (#5896071)

Maybe those people and businesses affected by Slammer should have gotten their lazy asses in gear and patched and/or firewalled like all the half-decent sysadmins in the world. Great idea, guys, run a SQL server connected to the net.

I hope the Judge kicks these people through the goalposts of life.

Re:Maybe... (4, Insightful)

darkov (261309) | more than 11 years ago | (#5896340)

That's right, Microsoft's defects are our problem, we should get our lazy arses into gear becuase we haven't got anything better to do than evaluate, install, test and support Microsoft's constant patches. God forbid that we spend anytime on what we actually bought the software for, running our business or whatever. Lets all just be extensions of Microsoft's flawed development strategy: we're all testers!

It seems life's arelady kicked you or your brain through the goalposts.

Nuke The B******s! (5, Funny)

wfberg (24378) | more than 11 years ago | (#5896077)

Ow wait, South-Korea.. Those are the good guys, right? Dagnammit!

Re:Nuke The B******s! (1)

TrekCycling (468080) | more than 11 years ago | (#5896211)

We could always add them to the Axis of Evil.

Re:Nuke The Gooks! (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5896236)

Are you bright? witty? Do you have friends that laugh at your jokes? We at lrse hosting" [lrsehosting.com] are looking for a select few individuals to join our ranks at the internet's premier source of wit [sporks-r-us.com] and style [geekizoid.com] .

Do YOU have what it takes? Register TODAY and FIND OUT!!!!

What they'll be told: (5, Interesting)

Wakko Warner (324) | more than 11 years ago | (#5896078)

Shut up and patch your systems like the rest of the planet.

Software isn't a physical thing so it's impossible to make it bug-free.

You knew about this vulnerability for months, there was a patch for it, and you did nothing about it."

Pick a defense, any defense...

- A.P.

Re:What they'll be told: (4, Interesting)

Mr Bill (21249) | more than 11 years ago | (#5896141)

I don't think they are complaining about their own systems being compromized, but the network effects of thousands of other computers grinding parts of the internet to a halt.

My mail server runs on Linux, but it was unavailable for at least 30 minutes because of the Slammer worm. Not because it was vulnerable, but because of all the idiots dumb enough to put SQL server on an open network...

Re:What they'll be told: (-1, Flamebait)

RollingThunder (88952) | more than 11 years ago | (#5896181)

# Shut up and patch your systems like the rest of the planet

I work with Koreans. There's about a ten times higher likelihood of all software becoming bugfree, than these yahoos (speaking widely and pejoratively, the best way to be offensive in my books) learning to update their software.

After telling them five or more times to always disable telnet - they use that exclusively and not SSH.

Updates? Only if you burn them on a CD-ROM. Never mind that CD-ROM will be out of date within a week, and a proper update source would work better.

Turning off unneeded services? Well, how can you KNOW you don't need them? Better leave them on.

Firewalls? OK, but only if we can open up all the ports so we can keep swapping movies.

Antivirus? Nah, that's just crazy talk.

Thinking? Understanding WHY you do something, instead of just what to type? Hell will freeze over first. They just want to be digital parrots, that get lost at the first odd response.

Yes, I'm getting nice and bitter about it. :/

Re:What they'll be told: (4, Insightful)

Otter (3800) | more than 11 years ago | (#5896311)

...and if they do win, there are two possible outcomes:

1) It's the end of software sales in South Korea. That means Red Hat and FreeBSD, too.

2) Lawyers come up with some new way to avoid liability. EULA's become more convoluted and "ownership" of software becomes even more tenuous.

No idea how a case like this would be tried in the Korean system, but that's a lot of damage a witless or simply anti-American jury could do to a major technology power.

bad news for opensource (2, Redundant)

feed_me_cereal (452042) | more than 11 years ago | (#5896082)

As much as I hate Microsoft, this is total BS. If this becomes precedent, how the hell can anyone write an opensource app? Software is a clear case of when "buyer beware" is neccesary. Get software from the people you've grown to trust for not releasing bug-ridden shit. I really don't see how it could work any other way.

Re:bad news for opensource (5, Interesting)

Malcontent (40834) | more than 11 years ago | (#5896130)

Opponents of open source frequently argue that proprietary products are better then open source because "you can sue somebody".

Here somebody is suing MS. Let's see how that works out.

Re:bad news for opensource (1)

ctve (635102) | more than 11 years ago | (#5896192)

But why should a consumer have to put up with buggy software, when any manufacturer who delivers a crap car or pharmacutical gets their arses sued?

Re:bad news for opensource (1)

feed_me_cereal (452042) | more than 11 years ago | (#5896266)

Because the concept of a car isn't completely re-invented twice a year, bad pharmacuticals can easily kill you, and neither of these industries can release patches which can resolve the problem before anything goes wrong.

Should you be able to sue a restaurant if their food doesn't taste very good? Should you be able to sue your car manufacturer if a criminal smashes the window and steals your stereo? Microsoft doesn't claim that their software is uncrackable. Perhaps if someone made a false claim, they could be sued for that, but there are definately lines to draw, and the place to draw them is where lawsuits destroy the industry.

Precedent? (3, Insightful)

mrjive (169376) | more than 11 years ago | (#5896083)

Although the zealots will be amused by this story, this could set a dangerous precedent for other similar vulnerabilities (especially unintentional ones). What happens, for example, when some group of people (in this case, a country) decides to sue the openSSL group for a flaw in their encryption that allowed credit card numbers to be stolen?

I'm glad to see that someone is trying to hold MS liable for their mistakes, but this is the wrong way to go about it.

Re:Precedent? (1)

cranos (592602) | more than 11 years ago | (#5896147)

Just a couple of points, this case is being heard in South Korea and as such has no effect outside of that country.

Secondly last I checked openSSL was a free download and install without any money changing hands. Thus it is not a purchase. By the way IANAL.

Re:Precedent? (1)

Dark Lord Seth (584963) | more than 11 years ago | (#5896205)

What happens, for example, when some group of people (in this case, a country) decides to sue the openSSL group for a flaw in their encryption that allowed credit card numbers to be stolen?

Your group of people would get laughed at, pointed at, and ridiculed while they are being told to have audited all code they were going to use before using it on production systems. If I wanted, I could read through the entire Apache source code to look for any bugs before compiling it. I can also choose not to do that, but the fact remains that I have the possibility to look over my source codes and edit them. Hence why any (new) security breaches due to Apache would largely be my own fault. Even besides that, there's nothing to sue for. If I download the source codes for Apache the Apache Software Foundation doesn't make me pay anything, nor does it offer paid support.

Re:Precedent? (1)

mrjive (169376) | more than 11 years ago | (#5896268)

Ok, so perhaps openSSL was a bad example, but perhaps a for-profit OSS outfit like RedHat could suffer a similar fate.

I doubt that this case will get very far though, MS's lawyers, armed with the EULA will put the smack down I'm sure.

Re:Precedent? (5, Insightful)

Realistic_Dragon (655151) | more than 11 years ago | (#5896262)

In case you didn't notice, free software (being free and supplied at no charge) carries no warranty, expressed or implied.

This is all fine because they made no representation to you about what it could do. They never made any claims that it was fit for purpose.

Sure - Mandrake, RedHat et al might be in trouble, but open source software and especially the writers are legally in the clear.

Personally I believe that if someone impliments OpenSSL badly _in a way that I cannot check_ and requires me to trust my data to them then they _should_ be liable for damages. (So this would cover, say, implimentations of SSL where the host was cracked or traffic sniffed at a later point where it was in plain text, or the key was compromised.) However, this is not the fault of the OpenSSL developers, and so they should not be liable.

In contrast to this Slammer was caused (in part) by Microsoft making it very hard to install a critical security fix, and not properly notifying people of the peoblem (in their usual 'security fix language' it was described as a minor issue), when part of their responsibility in selling you SQL server was making it secure. Thus they should be at least partly responsible for the damages.

Re:Precedent? (1)

asobala (563713) | more than 11 years ago | (#5896343)

Even more interestingly, who do you sue if a group of programmers have written a program but aren't represented by an entity (such as the GNOME foundation, Apache foundation, etc.) Sue every individual developer? What about 20-line patches?

And so on.

Well, it's a start.... (1)

SniperPuppy (443143) | more than 11 years ago | (#5896084)

Not that I'm expecting much to come from this, but the more attention drawn to the problems (and the more people who say, "We're not just gonna sit around and take it anymore"), the better.

I just hope that the Koreans are a lot more stubborn than all the U.S. states that have ever-so-quickly accepted MS's settlement offers...

Read before you file (5, Insightful)

Zebra_X (13249) | more than 11 years ago | (#5896087)

Clearly they haven't read their software agreements. It specifically states that MS is not responsible for damage caused as a result of their products. A better chance to procecute MS would have been during the Code Red incident. One might have argued that not being proactive enough about patching consitituted "negligence" on their part. I guess it can't hurt to try!

IANAKL (4, Interesting)

Biff Stu (654099) | more than 11 years ago | (#5896237)

(I am not a Korean laywer)

Does anybody know if the click-through license is worth a rat's ass in Korea? Does Korean law give the plantifs an edge that they wouldn't have in the US? Any Korean laywers out there?

Re:Read before you file (1)

dzym (544085) | more than 11 years ago | (#5896334)

A better chance to procecute MS would have been during the Code Red incident.
Not really. The patch for that was out for about half a year before the worm struck... definitely negligence.

I'm not surprised by this (2, Funny)

George Walker Bush (306766) | more than 11 years ago | (#5896088)

Fellow Americans, this blow by Korea against the great American bastion of Microsoft is just the latest act in a string of transgressions by this rogue state. Te must remember that they are part of the axis of evil. As all of you undoubtedly know from watching the news, we believe they already have several nuclear weapons, and they are currently working on developing more.

Many American lives have been killed by the Koreans, and if we don't stop Korea now with diplomacy or force if need be, there will certainly be more bloodshed in the near future.

They are a rogue state, and while it may be true that when people may think of Korea, they think great Starcraft/Warcraft players, cell phones, and cheap cars, we must remember that they are a dicatatorship lead by a megalomaniac leader, Kim Jong Il, who wants to see the downfall of the West.

We must view Korea as the threat and enemy to global peace and the American way like they are.

Thank you and God bless America.

Re:I'm not surprised by this (1)

Scoria (264473) | more than 11 years ago | (#5896151)

they think [of] great Starcraft/Warcraft players, cell phones

I often recall penis enlargement spam, actually, "sir." :-)

Re:I'm not surprised by this (1)

Omega Leader-(P12) (240225) | more than 11 years ago | (#5896208)

I shoudn't bite but...SOUTH Korea not the DPRK. Even Bush isn't that dumb.

(And this coming from a Canadian, Eugh).

It's about time someone grew some nads (-1, Flamebait)

castlec (546341) | more than 11 years ago | (#5896089)

Even if it does have to come from some commies. Maybe I'm just a microhater.

Re:It's about time someone grew some nads (1)

setag (549313) | more than 11 years ago | (#5896142)

ummmm. S. Korea is not communist. That would be North Korea you are thinking of.

Funny this came up today... (2, Interesting)

default luser (529332) | more than 11 years ago | (#5896104)

I work for a major defense contractor, and our WAN got hit by Slammer today. Brought down all the remote sites for hours.

Silly how little explots like this can cost millions of dollars.

Re:Funny this came up today... (2, Informative)

skinfitz (564041) | more than 11 years ago | (#5896308)

To have not patched this when slammer hit big time was incompetant. To have STILL not patched it by NOW is pure idiocy.

You have only your sysadmins to blame.

Shifting blame... (3, Insightful)

Mortanius (225192) | more than 11 years ago | (#5896105)

I somehow doubt that Microsoft intentionally put this hole into SQL server, so that should probably steer clear of anything malicious. Negligence, perhaps, but this would open a whole can of worms (at least, if it were to show up in the US courts. Although now that this is happening in SK, I'm sure it'll make its way to our shores soon enough.)

I feel sorry for the companys who were sent to their knees over this vulnerability, but if there was a patch out months and months beforehand that could've avoided all this, the end-user needs to share some of the blame for this... There's not much more Microsoft could have done for it, if they'd forced the installation of the patch they'd have been even higher on the privacy zealots' shitlists than they already are.

I do seem to recall in the back of my mind that there was some nasty side-effect of the patch though, although it escapes me at the moment...

Like (5, Funny)

NetMasta10bt (468001) | more than 11 years ago | (#5896106)

They actually bought Windows in the first place!!

HUMM.... (1)

ForestGrump (644805) | more than 11 years ago | (#5896110)

Intresting to note that they are suing over a SQL vulnerability. Why don't they extend it to the whole 9x line of releases for its insucerities?

But in the recent days of doze security, I feel the XP firewall is a good add in.
I do feel however that the firewall should be enabled by default, not disabled. I've tried products such as black ice and zone alrm to find them annoying and overly useful. this XP firewall is transparent and has no annoying warnings =) Good security move!

-Grumpy old man.

Re:HUMM.... (1)

benna (614220) | more than 11 years ago | (#5896167)

Yeah its convenient but its shitty security. That pretty much somes up most microsoft products.

Good Luck! (0, Redundant)

His name cannot be s (16831) | more than 11 years ago | (#5896111)

Uh, didn't they read the EULA.

They are not allowed to sue if the software Fscks up.

Heh, now Microsoft/BSA is gonna audit their asses off.. Hope they are in compliance.

Slashdot had a little lamb
with fleece as white as snow
every time the lameness filter kicks in
my Brains out I wish to blow!

Re:Good Luck! (2, Funny)

WTFmonkey (652603) | more than 11 years ago | (#5896247)

Right... South Korea's currently at 56% pirated.

Re:Good Luck! (1, Informative)

Anonymous Coward | more than 11 years ago | (#5896270)

Quoting from the article: "The action is predicated on the country's Product Liability Act, which enables consumers to sue for damage resulting from products. There is some question, however, as to whether software qualifies as a product under the terms of the law."

IOW, they're going to argue that South Korea's Product Liability Act (a) covers software and (b) supercedes MS's disclaimers in the EULA.

Re:Good Luck! (0)

Anonymous Coward | more than 11 years ago | (#5896303)

Yes and no. Chances are their might be little precedent about this under South Korean law. Remember that there are two kinds of laws: those that are "defaults" but can be overriden by contracts, and those that are binding. The EULA is only valid in any country inasfar as it doesn't go against local binding law. For example, if I sign a contract that allows my doctor to perform euthanasia, then that contract is not valid everywhere, because euthanasia laws are often binding. In the specific case of the EULA, it has been carefully engineered to move within the boundaries of US and general western binding law. If there is any branch of Microsoft incorporated in Korea (there probably is), then that branch can be sued there, and who knows what they'll do...

Microsoft fixed the problem before it happened (4, Interesting)

Dishwasha (125561) | more than 11 years ago | (#5896115)

Let it be noted that Microsoft already had SQL SP3 out which fixed the problem before it ever occurred. PSPD should try using a vulnerability that could actually hold water in court like Code Red or it's dirivative, or any other Word ActiveX open-execution macro vulernability.

Duh (3, Insightful)

JanusFury (452699) | more than 11 years ago | (#5896117)

You buy the software, you choose to use it, YOU DEAL WITH THE CONSEQUENCES.

True, Slammer was bad, but it's not like MS intentionally added it, and they DID agree to a EULA when they installed it. Of course software companies should be responsible, but it's not like MS isn't trying (though they're not doing a terribly good job.) Idiotic lawsuits like this set a bad precedent.

Re:Duh (3, Insightful)

blamanj (253811) | more than 11 years ago | (#5896162)

So you'd also like to hear "Your Pinto exploded? To bad, you shouldn't have gotten rear-ended."

No automobile company would get away with selling products as defective as most commercial software. Why should the software industry be immune from product liability?

Re:Duh (1)

JanusFury (452699) | more than 11 years ago | (#5896241)

In this case at the very least, there are two major differences:
1. Everyone knows Windows is buggy. Everyone knows software is buggy; especially Microsoft software.
2. You essentially agree not to hold a company liable for bugs when you install their software and agree to the click-through EULA. (This is not true of all software; but is definitely true of MS software.) IANAL, but technically, this lawsuit is a violation of the EULA, which makes it even more preposterous.

Re:Duh (1)

rgmoore (133276) | more than 11 years ago | (#5896344)

Your point 2 is not necessarily true. The EULA claims to disclaim certain types of liability, but that is necessarily subject to applicable law. If the law says that you can't give up your implied warrant of merchantability, you haven't given it up even if you sign a document purporting to do so. I don't know what Korean law says on this point, but it's entirely possible that some of the disclaimers in the Microsoft EULA are not legally valid there, in which case Microsoft could be liable. Companies continue to put this type of clause into their EULA both because there are some jurisdictions where it does apply (and they're obviously trying to change the law so that it applies in as many places as possible, see UCITA) and because they think that it will convince people that they don't have a case.

Re:Duh (1)

ctve (635102) | more than 11 years ago | (#5896357)

But that also depends if having an EULA which says "too if it don't work" is actually a morally acceptable thing to do.

Courts can, and have ruled that manufacturers have a duty of care when they make their products.

Re:Duh (4, Insightful)

.com b4 .storm (581701) | more than 11 years ago | (#5896329)

So you'd also like to hear "Your Pinto exploded? To bad, you shouldn't have gotten rear-ended."

No automobile company would get away with selling products as defective as most commercial software. Why should the software industry be immune from product liability?

Well in this case, "you shouldn't have gotten rear-ended" is not a good analogy. A better analogy would be the front door on your house. If you leave it unlocked, well that's pretty stupid. It's not the lock manufacturer's fault you didn't lock it. Similarly, if you don't patch a server for a vulnerability that's been known for months, it's not the software developer's fault.

This isn't to say Microsoft software is inherently secure or better or blah blah blah. Don't take it that way. But in this case, it is the fault of the sys admins for not patching their damn systems. Or for that matter, running SQL servers accessible by the public internet. There's a difference between getting rear-ended, and backing out into traffic without looking first. If you don't take adequate precautions, you (at the very least) share the burden of guilt for what happens.

Re:Duh (1)

NineNine (235196) | more than 11 years ago | (#5896373)

Auto companies avoid this problem by doing a recall to fix the problem. Software companies avoid this by releasing patches (which MS did do in this case, a LONG time before the worm hit).

If your Pinto explodes because you ignored the recall, that's your fault, not Ford's.

Re:Duh (1, Insightful)

Anonymous Coward | more than 11 years ago | (#5896170)

Sctually, if it's S Asia, they likely didn't agree to the license agreement. wink wink.

Re:Duh (2, Informative)

Realistic_Dragon (655151) | more than 11 years ago | (#5896294)

"You buy the software, you choose to use it, YOU DEAL WITH THE CONSEQUENCES."

For the less well educated we esentially lie in a software monoculture. If you are an average small business owner, what choice do you have _but_ Microsoft products? (Lack of information rather than lack of choice here, not helped by constant FUD from a certain company.)

Hence, they did not choose to use the product - they were, to a greater or lesser extent, forced.

Re:Duh (1)

JanusFury (452699) | more than 11 years ago | (#5896327)

Can you honestly say that in this day and age, the entire country of South Korea is 'forced' to buy and use Microsoft Windows? Hardly. This isn't fair, or reasonable. This is a bunch of south korean businesses that were hit hard by their stupidity/negligence (not patching), trying to recoup their losses by ripping off a company in court. If they were suing Apple or Red Hat, you'd be singing a different tune, I bet.

Who cares about the spacifics (-1, Troll)

benna (614220) | more than 11 years ago | (#5896137)

The spacifics of why they are being sued is unimportant. They are an evil large american corperation and any suite brought against them is a good one. Down with coperate america. and for a certain AC I was talking to last night...I am NOT calling for the violent overthrough of the bush administrating. Unfortunatly that would be ilegal and so I will not support violence.

damn, boy, ever hear of spell checking? (0, Offtopic)

BigChigger (551094) | more than 11 years ago | (#5896201)

Nothing here. MOve along. BC

lemme get this straight... (4, Insightful)

anotherone (132088) | more than 11 years ago | (#5896143)

They're suing MS, because their (South Korea's) tech people suck? Correct me if I'm wrong but I'm pretty sure that MS had a patch out for the slammer months before the outbreak... it's their own fault if they can't keep their servers updated.

Re:lemme get this straight... (5, Interesting)

kiwikasper (590249) | more than 11 years ago | (#5896261)

Actually, even tho Microsoft had a patch available for the SQL vulnerability months before Slammer hit, a subsequent patch re-opened the vulnerability. Maybe their techs did all the patches when they were released.

This is what's needed (2, Interesting)

Zeio (325157) | more than 11 years ago | (#5896163)

If they expect governments to enforce the overzealous EULAs, and to insinuate the product has real monetary value and it should be criminal to misuse it, then they should be liable for its actions. The door swings both ways. To use the ridiculous but relevant car analogy, check out Ford/Firestone with the tire recall, they hat to eat a big huge monetary crap-sandwich to make up for that. They also have to provide parts for cars for 5 years after they sell them, by law, and they must also be subject to anti-lemon and consumer protection law.

While I don't foresee Microsoft getting chastised, lambasted and castigated as it should be here in the US where being a rich company has many, many benefits, I do see an opportunity for Microsoft to have to be held accountable for its actions in the EU and Asia. Also in Asian countries the logic is: If you expect me not to pirate this, it better do something good.

I hope this teaches Microsoft that the venue by which they made the 40 billion they have sitting in the bank is us, the victims of pre-installs on new PCs (I believe 80% of the MSFT revenue is from pre-install), we should get a piece of that if we are wronged by the software.

There is a huge disparity between what is claimed on the glossy box and what is delivered in reality, and the consumer needs to be protected from fraud and fiscal liability due to product failure.

It applies to every other business. Software should be the same.

Also, EULAs claim the license isn't transferable and resalable, I content that this means it then has no value. No one can tell you you can't sell your used car.

Setting precedents, and liability (2, Interesting)

cfallin (596080) | more than 11 years ago | (#5896165)

If this goes through, it could set a precedent of liability for software bugs... that's bad, of course.

Here's an interesting thought: maybe closed source software could be hit harder by this because keeping the source closed could be considered hiding the vulnerability? IANAL, of course.

Another thing - aren't there liability issues for engineers in other fields as well - like holding a bridge engineer accountable if the whole thing falls down? Of course, a software bug isn't quite that serious, but still...

VA Software Announces SourceForge Enterprise Ed (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5896179)

slammer (5, Insightful)

Twillerror (536681) | more than 11 years ago | (#5896184)

Hard sell for the exploit that caused slammer. Maybe other exploits/bugs.

SQL has a pretty good record for security. The exploit had also been patched before the worm.

The exploit was not put in on "purpose". I guess it could have been, but that is a pretty hard to believe.

The virus spread fast, but only because there is not a million SQL servers out there exposed. So it spread across the web fast, big deal.

Furthermore good administration ( especially for a db server), ie. a good firewall could have blocked it. There is the desktop engine that could have been hit, but most apps that use it are still in the server category.

The exploit itself is not a defect. Sure it could be used by an attacker, but in itself it didn't make the software defective. This could spawn a big argument. Is an exploit that would never actually impede a program unless someone uses it really a bug?

Code red was a buffer overrun in an ISAPI .DLL. Even though no one ever used the .DLLs in question ( I think it was .hda, .hdq files ) they could have been. You could argue that someone could have written a program that used to long a URL and crashed IIS. The slammer was using a port in a way it was never intended to be used.

I agree that companies should be held accountable, but intent and the way a company handles the defect also.

MS essentially called a recall by issueing the patch. It said, send in the part and we'll fix it, but in a more modern approach. How can you sue a company that found the exploit and offered a free fix?

A bit of a stretch.... (1)

Penguin2212 (173380) | more than 11 years ago | (#5896188)

This seems to be quite a bit of a stretch. Of course it would make sense if they were suing for damages caused by the slammer fiasco, but to accuse Microsoft of intentionally putting the bug in there is quite ridiculous. Either way, the outcome of the case will have overall grave consequences.

let 's put things in perspective ... (3, Interesting)

DataShark (25965) | more than 11 years ago | (#5896191)

if we see this in a *absolut* way then it is a bad, bad, thing because it increases greatly the cost of putting a product in the market (be it open source or not).

Anyway there is a very important point about *incidents* like this : they get people's attention about the completly crazy EULAs that some SW companies (namely Micosoft) and content providers (RIAA/Hollywood mob) are currently imposing to they 're costumers ...

imposing a bit of regulation about the limits of what could be put in a EULA is IMHO a very good think ...


if the ppl who launched this lawsuit make the /. cummunity, and the online community in general, think a bit about this issues then they made already a very good thing ... (ah, and btw i 'm yet to see MS loose in court ... :-( )


Cheers from Portugal

Re:let 's put things in perspective ... (4, Insightful)

Cheffo Jeffo (556675) | more than 11 years ago | (#5896353)

But, you're missing the more important point, this suit has NOTHING to do with EULAs, except for a bunch of /.rs trying to hammer home a (valid) point by squinting until they see an opening that fits their needs.

Consider the reasons why Slammer was such a problem:

- there was a bug in SS2K
- exploit used a stateless connection (UDP)
- the state of Internet border security is "allow everything but ..."
- admins didn't apply a patch that had been available for 6 MONTHS (more than enough time to test)
- admins don't properly protect their servers

Of these, only the first is Microsoft's fault and they are the only ones who fixed their contribution to the problem proactively.

But, since Microsoft has deep pockets and geeks hate them, let's sue them ...

Time to grab some perspective -- patch and defend your fucking systems, people !!!

Cheers,

JAKD

The obvious answer (5, Funny)

WndrBr3d (219963) | more than 11 years ago | (#5896194)

Obviously they haven't read Microsofts EULA for SQL Server 2000 which simply states:

Owned.

Mr. Bush? (0, Flamebait)

WndrBr3d (219963) | more than 11 years ago | (#5896230)

Soooo... does this make it okay to bomb the entire peninsula??

elsewhere.. (1)

ramzak2k (596734) | more than 11 years ago | (#5896249)

Kim Jong Il [markfiore.com] pointed to buggy software produced at redmond as sure signs of american belligerence against DPRK.

"american hegemoney moust stop ! the secureless systems we have can be used to launch attack on our country", he was heard saying.

Why sue over this? (1)

jrl87 (669651) | more than 11 years ago | (#5896275)

Who is stupid enough to sue anyone, especially Microsoft, for something they didn't have control of. Sure it could have been prevented, but seriously if they took the time to look over every inch of code to make sure there were no flaws, we'd probably still be using windows 3.1. If your going to sue Microsoft come up with something that will actually stand up in court ... Although I hate to say it Microsoft isn't really that bad, but they could be much much better.

In other news... (5, Funny)

JackMonkey (631985) | more than 11 years ago | (#5896276)

Following Microsoft's audit of South Korea, North Korea has agreed to dismantle its nuclear program, fearing repercussions.

We should sue them (2, Funny)

Anonymous Coward | more than 11 years ago | (#5896279)

For wrecking Blizzard's Diablo servers.

haha! (0, Troll)

phillk6751 (654352) | more than 11 years ago | (#5896322)

serves them[Microsoft] right!

Warranty of marketability (2, Redundant)

Ryan C. (159039) | more than 11 years ago | (#5896338)

or "or fitness for a particular use" is a concept in most legal systems and is what would determine this case. In the U.S., even if the license says "this may not work, tough.", the consumer still has a right expect it to work for the advertised purpose.

So you could recover damages from a car that explodes when you try to start it, since that's not what a "car" is supposed to do. But you can't recover damages froma car that explodes when you hit a tree, since that is outside the expected use of a car.

I'd say there's no case here since SQL did what it was supposed to do, it just had a flaw. Since the flaw was not covered by any warranty, tough luck.

-Ryan C.

Hypocritical (2, Funny)

camusflage (65105) | more than 11 years ago | (#5896354)

This is funny, considering the crushing amount of spam that comes from misconfigured boxen in the .sk address space. As has been pointed out, the patch was available well before slammer hit. That they didn't apply it points more to poor administration than anything else.

Microsoft is not libel.. (1)

nurb432 (527695) | more than 11 years ago | (#5896374)

The agreed to the EULA before use, which specifically states that Microsoft wont be held libel for most things ( beyond original purchase price )...

So.. not much of a leg to stand on..
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?