Nimda esponsibility - Laying appropriatel - implied warranty of sale

[Fred Cohen <fc () all net>]

> > In my view, the responsibility for NIMDA lies clearly in Microsoft's lap
> > and the lap of the author, but there is plenty of blame to go around.  I
> > say forget about telling the ISPs what to do - start a class action suit
> > against Microsoft for putting this crap into the market knowing full
> > well how it might be exploited and knowing full well that it was
> > choosing time to market over quality.  The class is all users of
> > Microsoft IIS servers and every person who has a system that has been
> > affected by the virus.  The dmages are the total cost of all actions
> > taken to defend against or monitor this infection, in cluding all time
> > taken by all parties involved.  Put them out of business unless and
> > until they can act responsibly.
>
> You should read the agreement you (and everyone else) just clicks "Agree" to
> whenever you install a piece of software (not just MS).  I am not a lawyer
> but as far as I can tell it means "You accept that you are paying for this
> product as is and we make no guarantee that it will be secure, reliable,
> compatible, works as advertised or will even work at all"
>
> This is standard throughout the software industry, and no other industry in
> the world is allowed to operate under these terms.  Anyone know whether
> clicking that Agree button removes all your rights to legal recourse?  I
> would've thought it would; that's why they put it in.
>
> S.   :)

What many people fail to understand is that there is something called an
implied warranty of sale that cannot be voided, even under contracts
such as these.  It is typically defined in terms of 'suitability for
purpose'.  Thelegal issues surrounding the non-warranty for software has
never been setteld - and it should - and this would be a great case to
do it with. 

FC
--This communication is confidential to the parties it is intended to serve--
Fred Cohen              Fred Cohen & Associates.........tel/fax:925-454-0171
fc () all net           The University of New Haven.....http://www.unhca.com/
http://all.net/         Sandia National Laboratories....tel:925-294-2087


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com