My comments are not those of an attorney or even a computer programmer. I am simply a technician, who, by the way, just spent the last three days cleaning up after Nimda. But, I do have something to point out here. So, here goes:
Despite Microsoft's well-concealed disclaimers, the public advertising of their products has always represented them to be the best things since sliced bread. There are no printed cautions on the packaging, like with cigarettes, that warn the consumer. It could look a little like this:
"Warning! The Attorney General has determined that the enclosed software may contain security vulnerabilities that could result in lost or compromised data, free access to personal information about the user, or damage to other software programs or hardware. Retrieval of lost data, or repair of damage caused by viri exploiting such vulnerabilities could cost many times the price of this product. Microsoft is not responsible for any resultant damages, no matter how good we make our products sound in our advertising."
In television advertising for pharmaceuticals, there are typically trailers that warn potential consumers of the side-effects of a drug. Nothing similar to that is contained in Microsoft television advertising. It might sound something like this:
"Take only under the direction of a Programmer! Some users experience side-effects, including: anxiety due to missing or corrupted data; sleeplessness due to long hours spent re-formatting hard drives and re-installing software; blurred vision from over-exposure to monitor screens while scanning Web pages for patches and fixes; soreness of fingers from pushing the reset button; hair loss due to pulling it out in frustration; poverty due to expenditures for third-party software utilities or technical assistance. If any of these symptoms occur, upgrade immediately to the newest version."
Obviously, Microsoft also has attorneys, and probably a lot of them. Their job, of course, is to keep Microsoft from being held responsible for flaws in the software. So, if one looks at liability from strictly the legal point of view, it's anyone's guess who would win a suit over security vulnerabilities. After all, just about any product can be abused, and there are risks inherent in most human activities.
There is a question of moral responsibility, however, and, on that side, I think Microsoft is the clear loser. Consider the difference between many smaller software developers and Microsoft. I have at least 10 programs installed on my computer right now that were purchased at very reasonable prices, and explicitly included rights to all future updates and versions at no additional charge. Under such an agreement, the developer is demonstrating a true appreciation for the consumer's patronage, and acknowledging a responsibility to the consumer, in a continuing relationship over years to come. Microsoft acknowledges no such appreciation, or responsibility. If they did, then Windows XP would be free to registered users of any previous Windows version, who have paid dearly over the years, not just in dollars, but in frustration.
If there is a legal liability, I would think it would lie somewhere in the differences between representations Microsoft makes of its software in their advertising and the realities of product performance. I guess it would be a "false advertising" claim. In fact, much of the distrust of new Microsoft products that consumers are expressing right now is really based on Microsoft's failure to live up to past promises.
It's a shame, in a way, that our law relies so much on the technicalities of proof, rather than on good, common sense.
Dan Juroff
