Advertising
seattlepi.com
Subscribe | Contact Us | Seattle Post-Intelligencer
Jump to:  Weather | Traffic | Webtowns | Mariners | Seahawks | Sonics | Calendar
BUSINESS ?
 NEWS
 Local
 Sports
 Nation/World
 Business
   VC Notebook
   Layoff Tracker
   Bill Virgin
   Personal Finance
   AP Biz Wire
   AP Tech Wire
   Boeing
   Microsoft
 A&E
 What's Happening
 Lifestyle
 NW Outdoors
 Photos
 Special Reports
  
 COMMENTARY
 Opinion
 Columnists
 Letters
 David Horsey
 Saturday Spin
 Forums
 
 COFFEE BREAK
 Comics & Games
 TV Listings
  
 SHOPPING
 Archives
 NWclassifieds
   Jobs
   Autos
   Real Estate
   Rentals
   Place an Ad
 NWsource
   Coupons
   Online Shop
  
 P-I ANYWHERE
 E-mail Newsletters
 News Alerts
 PDA
 Digital Editions
 RSS Feeds

OUR AFFILIATES
NWsource
KOMO
MSNBC
digitalcity
seattlepi.com Microsoft Blog

September 15, 2003

More on flaws and viruses

Our story on the question of liability for viruses and the software flaws they exploit drew a large response, via e-mail and phone, on all sides of the issue. (See also the comments to my original post on the subject.) I'm taking notes on the phone calls and saving the e-mail messages as they come in, and I'll try to tabulate and summarize them in another post to this blog sometime soon.

In the meantime, here are some additional pieces of information and links to various resources that I came across while putting the story together:

* Cem Kaner's recent weblog entry on the subject, including his proposed Software Customer Bill of Rights. I spoke with Kaner, co-author of books including "Bad Software," for the story, and found him extremely knowledgeable. Here also is his home page, with lots of additional information under the articles link in the upper left.

* "Cybersecurity Today and Tomorrow: Pay Now or Pay Later," the report by the National Research Council's Computer Science and Telecommunications Board recommending, among many other things, that policy makers consider increasing the exposure of software vendors and others to liability for security breaches.

* A Washington State Supreme Court decision from 2000 in which the court took up the question of whether a general contractor was bound to the terms of a software end-user license agreement that limited damages to no more than recovery of the software purchase price after an alleged defect in the software (not Microsoft software, for what it's worth) resulted in a construction bid $1.95 million less than it should have been. The short answer to that long question: yes.

* That suit is among the EULA-related court cases compiled on this page, maintained by the Consumer Project on Technology, which was founded by Ralph Nader.

* The full text of a Microsoft End User License Agreement (EULA), this one for Office XP. See especially sections 8, 9 and 10. One reader who e-mailed, a retired lawyer, said our graphical excerpt that ran with the Friday story made it seem as if Microsoft was claiming more protection from liability than it actually is. I'll let you judge for yourself. (I don't have a postable copy of the full Windows XP agreement we used for that graphic, but the language is very similar.)

A Microsoft representative tells me that you can pull up your own EULA on a Windows-based machine, but I haven't yet figured out how to do that myself. I'll try to remember to post about it if I do figure it out. [Addendum, 9/16/03: Thanks to Nicole Hamilton for explaining how to do this. See her comment at the bottom of this post for details.]

* Bill Gates' January 2002 memo to employees in which he declared trustworthy computing the company's top priority. Here also is the page for Scott Charney, Microsoft's chief security strategist. Note especially the links at the bottom of Charney's page, including this one to a transcript of his recent speech to a U.S. House subcommittee. And here is Microsoft's security and privacy home page.

* The home page of Bruce Schneier, the computer security expert whose Firestone tires comment in the Friday story didn't sit well with several readers, some of whom considered it such an egregious and -- ironically enough -- flawed analogy that they thought I shouldn't have included it. For more thoughts from Schneier, click on the essays-and-writings link in his left-hand navigation bar. Or you could buy his book! But in no event shall I or my suppliers be liable for any special, incidental, indirect, or consequential damages whatsoever resulting from any feelings you may or may not have about what he writes.

* A good radio program on WAMU-FM in Washington, D.C., that addressed the issue, with guests on various sides of the debate. Scroll down to Tuesday, April 9, at 1 p.m., "Tech Tuesday: Software Liability and Security," to listen in RealAudio.

* Various EULA- and virus-related news stories from other publications:
"South Korean group sues Microsoft over Slammer,"
"Microsoft urged to compensate virus victims,"
"A legal fix for software flaws?"
"Millions of home computers may be at risk," and
"Is Microsoft liable for Nimda?"

* In this blog's comments, reader Jim Hudspeth also pointed to the ZDNet article, the last one in the list above, in which the reporter details his search for answers to essentially the same question that our Friday story sought to answer. Jane Winn, the law professor quoted extensively in the ZDNet story, is now at the University of Washington, and she helped me understand a lot of the nuances of the issue for the P-I story, even though I didn't end up having space to quote her directly. Here's one key point she made during our conversation, on the question of whether software companies should be held liable, given that there is, as she put it, "no obvious engineering solution" to the security problems raised by viruses:

"You don't want to set the liability regime today for the world that we'll have in 20 years, when we may have effective computer-security solutions."

* I'd like to point you to the full version of a recent New York Times Q&A with Bill Gates that touched on the subject of viruses, but enough time has passed that it has now slipped into that paper's premium archive. If you really want to pay for it, you can search for it here. (The Q&A ran with an Aug. 31 story about Microsoft's maturation.)

Here, at least, is what Gates said during the Q&A when asked by the Times' John Markoff if he was concerned about the possibility of product liability suits, in light of the problem of computer viruses:

"Well, we're doing our best to improve Windows and make it so our customers don't run into these problems. I think this is a critical issue for our customers, and solving this will be fulfilling the commitment we made on trustworthy computing. We're doing our very best, and that's all we can do."

That is a lot of information to digest, but it's an important subject, and I hope this post contributes some additional facts to the debate that has been going on in the comments to my original post. If you find any additional legal cases, Web sites or news stories on the subject, I'd be interested in seeing them. Feel free to e-mail me or to post a link to the information in the comments section below, along with any further thoughts you might have.

Posted by Todd Bishop at September 15, 2003 08:23 AM
Comments

Re: finding a copy of the EULA on a Windows XP machine

There are two ways to find it:

1) Open up "Help & Support" on the Start Menu, select "What's new in Windows XP," then select "Activation, license, and registration," then select "Questions and answers about the End User License Agreement." The second question, "What does the End-User License Agreement (EULA) say?" tells you to go to %SystemRoot%\System32\eula.txt, SystemRoot being the environment variable that tells where Windows is installed (usually c:\WINDOWS.)

2) Go to %SystemRoot%\System32\eula.txt directly.

Regards,
Nicole Hamilton

Posted by: Nicole Hamilton at September 15, 2003 06:06 PM

Is there a way to find a copy of the EULA on a Windows95 machine?

Posted by: Will Trusts at July 19, 2004 01:06 AM

yes!Is there a way to find a copy of the EULA on a Windows95 machine?

Posted by: zing at December 26, 2004 03:29 AM

dds

Posted by: zing at December 28, 2004 07:45 AM

portable hot tub

Posted by: portable hot tub at April 20, 2005 09:37 AM
Post a comment









Remember personal info?
  ARCHIVES
November 2005
S M T W T F S
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30      

Monthly archive
· September 2005
· August 2005
· July 2005
· June 2005
· May 2005
· April 2005
· March 2005
· February 2005
· January 2005
· December 2004
· November 2004
· October 2004
· September 2004
· August 2004
· July 2004
· June 2004
· May 2004
· April 2004
· March 2004
· February 2004
· January 2004
· December 2003
· November 2003
· October 2003
· September 2003

Recent Entries
· Microsoft executive pay
· Windows in a Palm
· Audio Extra: Gates, Ballmer on Microsoft's future
· Gates, Ballmer Q&A
· Xbox exec on Revolution
· PDC behind the scenes
· Mac BU in Microsoft reorg
· Ballmer Q&A: Online Extra
· Allchin on 'hard lessons'
· Major Microsoft reorg

What is this?

  FROM THE P-I
· There's no stairway to heavens? Take the elevator
· Ex-Microsoft boss sentenced
· Microsoft bets more online
· Yahoo blasts Microsoft acquisition effort as 'stupefying'
· Lawmakers look into Yahoo-Google ad partnership
· Netflix to stream live on Xbox 360
· Icahn again takes aim at Yahoo board
  LINKS

News and information:
· WinInfo
· Microsoft Watch
· Directions on Microsoft
· WinInsider
· ActiveWin
· KOMO News: Microsoft
· NetworkWorld: Microsoft
· Google News: Microsoft
· Yahoo News: Microsoft
· Microsoft Research News
· Microsoft PressPass
· Channel 9
· Anti-Microsoft News
· NewsForge: Linux News
· Linux Today
· Mac News Network
· Mac Daily News
· Washington Post Filter
· G.M. Silicon Valley
· OS News
· Gillmor Gang

Blogs about Microsoft:
· Microsoft Monitor
· Unofficial MSFT Blog
· IW Windows Weblog
· Xbox 2 Blog
· Inside Microsoft
· CNet Microsoft Blog

Computer Security:
· Microsoft Security
· Wash. Post Security Fix
· Microsoft Security Response Center Blog
· Be Careful Out There
· Security Awareness Blog
· Bruce Schneier's Blog
· eWeek Security News
· Larry Seltzer
· Symantec Security Resp.
· McAfee Virus Information
· CNet Security Blog
· Security Focus
· Kaspersky Lab Analyst's Weblog
· Michael Howard (MSFT)
· Stephen Toulouse (MSFT)
· Network World Security
· Planet Security

Microsoft employees:
· Employee Blog Portal
· MS Watch List
· S. Somasegar
· Raymond Chen
· Dare Obasanjo
· Brad Abrams
· Heather Leigh
· Korby Parnell
· Matt Goyer
· Robert Scoble
· Don Box
· Chris Anderson
· Joshua Allen
· Chris Sells
· John Porcaro
· John Montgomery
· Kevin Schofield
· Rick Schaut
· Marc Miller
· Sean Alexander
· Larry Hryb
· Gretchen and Zoë
· Harry Pierson
· Mini-Microsoft

Search-related sites:
· John Battelle
· Greg Linden
· Unofficial Google Blog
· Yahoo! Search Blog
· MSN Sandbox
· MSN Search Weblog
· Google Blog
· Search Engine Lowdown
· Search Engine Watch
· Google Like a Hawk

Browser-related sites:
· Internet Explorer team
· mozillaZine
· Surfin' Safari
· Opera news
· Browser News

Technology Weblogs:
· Dwight Silverman
· Charlene Li
· Joel Spolsky
· Engadget
· Gizmodo
· Corante Apple Blog
· Amy Wohl
· Dan Gillmor
· Simon Phipps
· Buzz Andersen
· Chris Seper
· Hiawatha Bray
· Paul Andrews
· Doc Searls
· Chris Pirillo
· Campbell & Swigart
· Longhorn Blogs
· PDC Bloggers

Antitrust info:
· FindLaw: Microsoft
· DOJ Microsoft site
· Microsoft legal site
· Findings of Fact
· ComputerWorld Report
· Sun legal page
· Dan Kegel's antitrust site

Additional sites:
· Google Microsoft Search
· About Microsoft
· Microsoft User Network
· Tablet PC Buzz
· Living Without Microsoft
· Lockergnome
· WSA
· WashTech
· CyberLodge
· Microsoft Permatemps
· Apache Foundation
· Librenex
· Electronic Frontier Foundation

 
Home | Site Map | About the P-I | Contact Us | P-I Jobs | Home Delivery
 
Seattle Post-Intelligencer
101 Elliott Ave. W.
Seattle, WA 98119
(206) 448-8000

Home Delivery: (206) 464-2121 or (800) 542-0820

Send comments to newmedia@seattlepi.com
©1996-2005 Seattle Post-Intelligencer
Terms of Service/Privacy Policy