Civic Group Considers Pressing Charges Against Microsoft for Internet Crash

The Korea Times ^ | 02/03/2003 | By Soh Ji-young

[gaucho]

A leading civic group is gearing to take legal action against Microsoft, the creator of the computer software blamed for the disastrous Internet crash last month.

People's Solidarity for Participatory Democracy (PSPD) said it is considering filing a class action suit against the software giant for the ``Slammer'' worm which paralyzed the country?s Internet servers on Jan. 25 by unleashing huge volumes of Internet traffic.

The worm was traced to a widely known flaw in Microsoft's SQL software, a Web server application.

The group said it plans to build its case on a ``product liability law?? passed last July that holds a manufacturer responsible for physical and property damage caused by flaws in its product.

More than 3,000 subscribers of high-speed Internet services had signed up to take part in the class action suit as of Thursday, the civic group said.

A legal advisory team will meet within this week to discuss the details of the proposed suit, it added.

``Although Microsoft says it issued warnings about the worm through e-mails and other public notices, we do not believe the company performed its duty to the fullest, considering it had a list of all SQL Server users,?? a PSPD official said.

``The suit will provide an opportunity to review the country?s information and telecommunication policies,?? the official said, adding that some legal experts are also gearing to lodge similar suits against Microsoft regarding the Internet shutdown.

[gaucho]

I still say that Microsoft should be banned from selling software until they can produce products that are not as vulnerable to attacks.

[jammer]

I am second to no one in feeling disgust for MS. However, suing them is like suing a cigarette manufacturer--if I get lung cancer, it is MY fault, not theirs. People (including me, when I have to) who purchase and use MS products know what they are getting into and choose to use them anyway. I just cannot see any basis for me or anyone else to sue them. Having said that, I am not an attorney and I do not understand why they call ours a legal "system", much less understand that "system".

[JudyB1938]

The problem with that is we don't have to smoke, but we do have to use Microsoft products. Sure, others may be better; but we are locked into them since they are the standard across the board. They know it, too. That's why they are so arrogant about not fixing known problems. I sometimes think they do it on purpose, to force people to "upgrade".

[jammer]

Yeah, the market pretty much dictates it. What you say is true. But there ARE alternatives--my software interfaces with companies every day that use those alternatives--so I look at lawsuits with a jaundiced eye.

[TechJunkYard]

I think these kinds of suits will go exactly nowhere.

Microsoft's license agreements disclaim all responsibility for their products. I wouldn't be surprised if MS were to put a "user must keep up-to-date with patches" clause into all of their EULAs, if it's not already there. MS knows its way around a courtroom, if it gets to that. It won't

MS knows its way around the PR biz. Last week MS bought some very expensive advertising space in the NYT to begin its spin campaign. The spin is amplified further on its web site. Most business PC users surveyed last week were willing to put the blame on system administrators instead of Microsoft.

I don't like it, you don't like it, but the truth is we will be stuck with the "install now, patch later" model for quite some time, and we need to accept that and get good at it.

This is reality. If you use any computer connected to the Internet, you need to stay updated on the security situation and the software fixes for your platform. You can't run, crying, to MS when using their products leaves your systems exposed. Deal with it.

[HAL9000]

I think these kinds of suits will go exactly nowhere.

It's true that Microsoft's customers do give up their rights to sue Microsoft under the EULA.

But there is a large class of non-Microsoft computer users who were damaged by the MSSQL security hole. They are not covered by the EULA, and they can sue Microsoft.

Then Microsoft can sue their own MSSQL customers who did not install the patch to recover the indemnified damages.

[JudyB1938]

The problem with "alternatives" is that people like me (home PC users) are afraid to try them. We have no support system to teach us or come to our rescue. It's going to be more people like you who dictate what people will use. Use in the office equates to usage in the home.

Individuals really ARE sick of Microsoft and all the dangers they allow and would switch in a hot minute if they felt comfortable with it.

Since your company has already made the switch, what's the feedback you get from other companies? Are they considering the same?

[gaucho]

I agree that suing won't get anyone anywhere. That said, I think that the inherent vulnerabilities in MS products and their pervasive use makes them a real danger to our infrastructure. I'm not trying to start some kind of OS war, but I am deeply concerned about the reliability of MS products.

You can't run, crying, to MS when using their products leaves your systems exposed. Deal with it.

I do -- I use unix (OSX & Solaris) and the one Windows box in our shop is usually physically disconnected from the net.

[TechJunkYard]

I think that the inherent vulnerabilities in MS products and their pervasive use makes them a real danger to our infrastructure.

You're correct, of course. Several hundred Windows boxes on my RoadRunner subnet are still (still!!) batting the NIMDA worm around, creating extra noise and clogging up my web server's logs (almost to the point where I almost didn't notice some boob in Korea trying the formmail.pl exploit on me....)

Unfortunately there's nothing we can do about MS now.