Do Manufacturers Have Any Responsibility?
I'll readily admit that I don't use any Microsoft products: in fact, none of my machines has a DOS or a Windows partition. And I think early 1997 was the last time I sat down at an x86 box running Windows. But this spring's outbreak of viruses has caused me to think about the burden that should be borne by a manufacturer.
Any manufacturer has both a moral and a legal accountability to its customers. The various manufacturers of automobiles, children's toys and tobacco products, for example, have learned painful lessons about accountability through product liability suits.
“ILOVEYOU” and “Killer Resume” exploit holes in Microsoft Outlook that any less-avaricious company would have tried to stop several software generations ago. (I might note that the first RFC concerning security is 602 (December 1973), and was written by Bob Metcalfe, the inventor of Ethernet.) In my view, Microsoft has willfully ignored customer security for at least 20 years.
As Gene Spafford (Purdue University) has pointed out, even though Microsoft (and the tobacco companies) sell products that customers appear to want to buy,
does that make the tobacco companies less culpable for selling a product they know to be dangerous? Does it matter that the consumers shell out money willingly for the product? (Even those who have some idea of the danger believe they have no control or choice.)
There is a fundamental question involved in the area of informed consent. If the consumers actually understood the technology and the risks posed by their choices, and if they actually were able to make an unconstrained choice, would they make the purchases? If not, there is a moral (and potentially, legal) obligation for the vendor to make wise decisions on their behalf.
Gerald Shifrin (on the IP mailing list) noted:
As an ordinary non-attorney consumer of computer products, it seems reasonable to me to expect that my software should ask permission before sending email to everyone in my address book or performing a mass deletion or modification of my files. If vendors like Microsoft allow or assist unsolicited foreign email to perform these acts, they are, at least in my mind, guilty of gross negligence.
In fact, I found it puzzling that after “Melissa” and then “ILOVEYOU” and now “Killer Resume”, the newspapers aren't noting mass filings of product liability suits against Microsoft. If the world's economy can be brought to its knees by very simple code delivered via e-mail to PCs running Outlook or Observer or Explorer, then parts of that economy should be holding the manufacturer responsible.
Kevin G. Barkes (on the IP mailing list) posted:
Another real-world analogy: you're tooling down the Interstate in your Chevy and hit a bump in the road. The doors fall off and the engine explodes. You have the ambulance driver stop at the dealership on the way to the trauma center so you can chew out the service manager. He sneers at you condescendingly and points to a paragraph of six-point type buried in a totally unrelated portion of the owners' manual:
The doors of your car will fall off and the engine will explode when you hit a bump while traveling on an Interstate highway. One of our engineers thought this feature would be neat and we have added it at no extra charge to you. If you disagree (you weenie), you can disable this feature by performing the following procedure. First, obtain three chickens, two brown recluse spiders, a length of nylon rope and a virgin ...
Barkes points out that “Melissa” and “ILOVEYOU” were “badly-written programs created by rank amateurs”. What would happen if a really malicious first-rate programmer wanted to target Microsoft Outlook or Outlook Express?
Another list member said this about Spafford's posting:
To further agree with Gene's point about tobacco and “what consumers want”, let me suggest that at any one point the market offers only a tiny subset of what is possible to create for consumers. Mere selection cannot create possibilities that are not developed or invented. Monopolies distort the creation of selections—in particular in systems' properties like security.
Because of its installed base dominance, Microsoft's primary drive for innovation comes from a need to motivate an orderly “upgrade” revenue stream, while at the same time blocking competitors from entering the market to take that revenue away. That means innovations will be small, incremental, and extremely easy for customers to adopt.
By the time you read this, all questions on the DoJ's case against Microsoft will have been answered, pending a decade of appeals. But even a partly knowledgeable reaction on the part of customers may well put Microsoft into the product liability dock, and send Outlook and its kin the way of the Chevy Corvair.
Peter H. Salus, the author of A Quarter Century of UNIX and Casting the Net, is an LJ contributing editor. He can be reached at email@example.com.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Back to Backups
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- A New Version of Rust Hits the Streets
- Google's Abacus Project: It's All about Trust
- Secure Desktops with Qubes: Introduction
- Seeing Red and Getting Sleep
- Fancy Tricks for Changing Numeric Base
- Secure Desktops with Qubes: Installation
- Working with Command Arguments
- Linux Mint 18
Until recently, IBM’s Power Platform was looked upon as being the system that hosted IBM’s flavor of UNIX and proprietary operating system called IBM i. These servers often are found in medium-size businesses running ERP, CRM and financials for on-premise customers. By enabling the Power platform to run the Linux OS, IBM now has positioned Power to be the platform of choice for those already running Linux that are facing scalability issues, especially customers looking at analytics, big data or cloud computing.
￼Running Linux on IBM’s Power hardware offers some obvious benefits, including improved processing speed and memory bandwidth, inherent security, and simpler deployment and management. But if you look beyond the impressive architecture, you’ll also find an open ecosystem that has given rise to a strong, innovative community, as well as an inventory of system and network management applications that really help leverage the benefits offered by running Linux on Power.Get the Guide