Anyone else seeing a huge spike in attempts to (ab)use loc-srv (135/tcp)?

Thu Aug 21 16:45:05 PDT 2003

On Thu, Aug 21, 2003 at 06:58:23PM -0400, Chuck Yerkes wrote:
> I'd imagine you'd have to prove that you MUST be on
> the Internet.  Better argument being the Windows users
> who have to hire staff to deal with this.  Better
> answer being to dump Windows and use something that
> works right and isn't a risk to your business or
> to your assets and shareholder value.

 I don't think I need to prove that I "must be o the Internet" to
 claim that this flaw has has a tortious effect on a service that
 I've subscribed to.  If someone scratches my car I don't have to
 prove that I needed to drive, nor that I needed a pristine
 paint job on it.  It was still a tort.

 To prevail I think you'd have to show that Microsoft had a
 reasonable duty to make their systems secure against these sorts
 of exploits.  You're essentially making a "defective products"
 case; claiming that defects in their products are injurying
 you.

 Their warranty disclaimers are in a licensing agreement between
 them and their customers.  We as third parties are not party to
 those liability and warranty disclaimers so that doesn't affect
 the merits of our case directly.

 However, indirectly we may not be able to sue them; they may
 successfully claim that their warranties leave their customers
 liable for any injurious use of their products.  Basically it's
 the old: "We told you not to use this in any life/health critical
 applications, so we can't be held liable because a BSoD killed
 your patient" dodge.

 IANAL, but I suspect this approach won't go far.  You'd end up
 having to sue the various parties who's systems have been directly
 involved in the injury to you.

 As for a class action defective products suit --- arguing that
 MS sold products with implied claims of a "fitness to purpose" for 
 connection directly to the Internet, and thus caused you harm
 by the defects in said products --- a well funded, highly motivated
 legal team might make hay with this.  It would take years and
 we, as consumers might each get 20 cent checks that cost twice 
 that in postage and five times that in paper and processing fees.

 Microsoft's counter argument would probably be that other operating
 systems have historically had similar defects (and they might cite
 the Morris worm as an example).  We could argue that the most
 popular competing products (MacOS X and Linux) have been shown to
 be at least an order of magnitude less vulnerable --- but they'd
 argue that we're two orders of magnitude less pervasive, etc.

 Well, that's enough of that little chess problem.  :)

--
Jim Dennis 