[Mimedefang] Viruses: Bounce or Discard?

[Matt Cramer]

On Mon, 29 Sep 2003, David F. Skoll wrote:

[...]

> Once again, if the ISP states up-front in its terms of service that
> owners of machines distributing viruses will be liable for 10 cents/virus,
> then owners of virus-sending machines have no excuse.

This is great in theory but I don't see it ever happening.  Why would an
ISP do this?  Users don't read ToS to begin with, so the first wave of
bills that went out would annoy or anger the users who would just change
ISPs and never pay.  This would only work if all ISPs did it at once, or
were required to do it by law.

Microsoft is the problem here, as the now infamous CyberInsecurity doc
states: complexity and monopoly.  M$ markets their product as easy to use,
but it is incredibly complex and full of security holes.  Patches come
out, but they often break essential functionality.  And lastly, patches
are only distributed online, so a machine can not be easily kept up to
date without exposing it to the risk you are trying to prevent!

The only thing I see changing the situation would be a massive set of
lawsuits against M$ for their crappy product.  Perhaps the "we aren't
liable for anything" click-through EULA could be challenged.  Better yet,
a class of non-M$ Internet users who suffer damages because of the M$ code
running on the Internet could sue.  That class never agreed to the EULA
because they aren't EUsers of M$'s product.  But they are certainly
suffering damages.  There are precedent torts where someone collected
damages from a company even though they never purchased the product but
suffered because someone else did.  IANAL but I think such a case might
have a great impact.  M$ would either have to pay up, or throw their
lusers to the wolves and point at them as liable - which can't be good for
business.

Of course M$ is sitting on more cash than many countries' GDPs so it would
be quite a fight.


Here's hoping,

Matt

-- 
Matthew S. Cramer <mscramer at armstrong.com>          Office: 717-396-5032
Infrastructure Security Analyst                     Fax:    717-396-5590
Armstrong World Industries, Inc.                    Cell:   717-917-7099