While reading the latest spam crisis report, a thought occurred to me.
This world is incredibly litigation-happy. If some yutz injures himself doing something foolish and dangerous, he's liable to hire a lawyer and go after someone, and sure enough, some bubble-headed judge will likely judge liability on some innocent bystander who didn't stop the fool from hurting himself.
Indeed, lawyer-spread liability is feared like the rat-spread plague was in Europe a few hundred years ago.
So why hasn't anyone sued Microsoft for the spam crisis?
The vast majority of spam is generated by bot nets. These networks of outside-controlled computers all have one thing in common: they take advantage of security holes in various Microsoft operating systems to profligate.
And these aren't operating systems that have been donated by the behemoth corporation out of the goodness of its heart. No, these are bundles of software which have, in many cases, been painstakingly proven to be genuine by WGA. And as many as is humanly possible have been paid for, with proceeds going to Redmond, Washington. The amount of money that Microsoft has received for its various incarnations of Windows is too staggering to comprehend.
And what does the consumer receive for his money?
A “lease” of an operating system that promises security, reliability, and availability.
This operating system is far from secure, of course. Its architectural layout guarantees that if a hacker can get in with user rights, he can make fundamental changes to the operating system and bring it under his control. Another member of the bot net is thus produced.
Microsoft offers patches to keep things secure. However, many millions of computers remain unpatched, fair game to worms that will infiltrate them and add them to the botnet.
Spam costs untold millions, or possibly billions of dollars. Who pays? Big business, governments, and individuals.
So why hasn't anyone sued Microsoft?
Their obsessive attention to verifying every single copy of Windows as genuinely licensed and paid for proves that they continue to have a stake in their product after it leaves their control. But despite that, there are those many millions of systems out there that remain vulnerable to attack, and which combine with other “possessed” systems to blast out billions of unsolicited email messages, as well as millions of bot-generated blog comments which have to be fought by site owners.
I smell a class-action suit.
Ladders have to be covered with warning labels largely because careless users have abused them, gotten injured, and hired a sleazy lawyer.
On the other hand, astronomically huge REAL financial losses have taken place because of infected computers that are running the Windows operating systems that Microsoft has profited from selling.
Has Microsoft taken sufficient proactive action to escape liability? Perhaps. But a judge needs to decide.
How much longer will it take for Microsoft to get sued?
