'

Taking the rap for bad software

By Scot Petersen, PC Week The next time you install a software program, take a moment to read the licensing agreement that comes with it. You've seen the agreements: They usually pop up in a dialog box most of us ignore while clicking the "next" button of an install routine.

By Scot Petersen, PC Week

The next time you install a software program, take a moment to read the licensing agreement that comes with it. You've seen the agreements: They usually pop up in a dialog box most of us ignore while clicking the "next" button of an install routine.

You may be surprised by what you find. Most agreements are pretty standard, with legalese defining the party of the first part, and so on. There's the usual harsh language involving how many computers or users are authorized to run the software, and threats against copying or pirating.

Then you'll get to the warranty section—a new addition over the past couple of years. It used to be that vendors assumed no product warranty whatsoever. Now, many developers, including Microsoft, will replace defective software or refund your money if the program fails within 90 days. (Microsoft further guarantees its hardware for a year.) Some free software products, such as Netscape Communicator, still have an old-style warranty, which states that the user accepts the product "as is."

Software warranties, if we consider them a right of the consumer, were attained only after several years of complaints and campaigns by advocacy groups. What's still lacking, however, is any acceptance of liability on the part of the vendor if an application fails and subsequently causes damage to the computer or other software programs or data on the system.

For example, here's the language in the license for Windows 98: "In no event shall Manufacturer or its suppliers be liable for any damages whatsoever ... arising out of the use of or inability to use this product, even if Manufacturer has been advised of the possibility of such damages."

Language like this could be interpreted as such: "We know there probably are security vulnerabilities in the product, but if a hacker finds them, breaks into your computer and deletes your files, we are not responsible."

No software vendor would be foolish enough to offer guarantees against such acts; if they did, they'd have to take out malpractice insurance, and software would be priced like hospital stays.

But vendors aren't making any strides toward being more responsible, either. Earlier this month, the state of Virginia's House of Delegates unanimously passed UCITA, the Uniform Computer Information Transactions Act. The act, authored by the National Conference of Commissioners on Uniform State Laws, has a somewhat useful purpose in this day of outsourced and hosted applications: It would require uniform language for all licensing agreements (more information can be found at www.nccusl.org and www.2bguide.com).

Within the act is additional language, however, that further protects software vendors from liability, even from known defects. In light of this month's denial-of-service attacks and reports of a slew of known "potential" defects in Windows 2000, UCITA is a major step backward for consumers.

Imagine if other industries acted this way. I'm reminded of the joke about Bill Gates chatting with an auto industry executive. Bill says, "If cars had dropped in price in the same way PCs have, they'd sell for only a few thousand dollars." And the auto exec replies, "Yes, Bill, but we can't afford to have our products crash twice a day."

Where's the accountability? Write in to TalkBack: