[vox] From another Linux list...something worth pondering
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[vox] From another Linux list...something worth pondering
<IANAL>
I've been bouncing this idea off people in my local LUG-land and it's
generated some interest. Basically it's an idea about a class for a
class-action suit and the basis for a negligence claim:
Form a class of people who:
A - use Microsoft products and lost data or incurred downtime due to
infections from CR*/Nimda
or
B - do not use Microsoft products but incurred downtime or lost data
due to CR*/Nimda
Sue Microsoft for negligence.
"But they issued patches for these exploits," you say.
Yes, but they kept selling freshly pressed OS CD's that were still
defective. I.e., they refused to recall and re-press product that
they acknowledged (presumably this is where the lawyer would argue
about "reasonable consumers" or some such) through patches and
advisories was defective.
This is akin to Ford recalling Explorers, providing replacement tires
to anyone who wants them, but putting Firestones on anything that
leaves the showroom.
Sounds like negligence to me (...hence the <IANAL> bracketing of the
whole message since I'm pretty much a moron).
Issues that immediately come to mind:
- The shrink-wrap license on Windows is a get-out-of-jail free card.
-> a class A suit would be testing the validity of shrink-wrap
licenses
-> a class B suit would completely dodge the shrink-wrap issue since
they never agreed to the license terms
-> this split would mean that a sickeningly vicious and dirty set of
class-action attorneys would have to argue the case (forgive me
for
being redundant)
- Such a suit would affect any software manufacturer selling
shrink-wrap
software.
-> Yes, but only the negligent ones (sorry, and I write software for
a living so I should know better)
-> or: Yes, but should manufacturers of software be exempted from
pulling
boxes off the shelves when auto makers, meat packers, and toy
manufacturers have to issue costly recalls?
-> Network-installed OS's don't have a recall issue. This still
leaves
RedHat et al out to dry, but future shrink-wrapped installs could
go get
updates upon installation. The attractiveness of a class suit
against
RH (e.g.) over current and past actions is much lower than that of
an MS
suit (one advantage to riding the rocky road this far I suppose).
- One could argue that the analogy between Firestones and Windows is
faulty
since Windows doesn't kill people (well, so long as they're not on a
WinNT
battleship or on Windows-based life support or ...).
-> I would be surprised if it couldn't be successfully argued that a
product is defective even though noone dies from its use.
- Is this or is it not a good precedent to set?
-> Well, is it?
- Another possible criterion for class membership would be expense
incurred
due to bandwidth costs on bill/traffic lines
-> I've already encountered a few people who are in such situations
and have
logs showing massive Nimda and Code Red traffic
-> one guy has 55,000 logged Nimda hits on one of his colo'd servers,
and I
believe that's unique combined hits (i.e., at ~16 requests per
hit), easy
enough to verify).
</IANAL>
Thoughts?
|
