product liability (was 'we should all be uncomfortable with the extent to which luck..')

A number of legal minds apparently are of the opinion that the recent
Appeals court ruling helps open up that exact legal pinhole, a bit.

However, ISTR that Microsoft recently had a number of suits in
various state courts thrown out for lack of standing; IIRC Microsoft's
claim that the Windows installations on new machines were a sale from
Microsoft to the OEM, not Microsoft to the end-user, and therefore
end-users were not eligible to sue Microsoft directly. I haven't
bought an OEM machine in quite some time, but I think it's still the
policy for Windows-based machines to indicate that if you have "any"
problems (including software), that you have to go back to the
hardware manufacturer for help, _not_ Microsoft. Although having
no clue on the stats, I would assume that off-the-shelf purchases
of Windows are not the majority of Windows "sales".

Also, there's an element in the "Windows/IIS patches are freely available,
so if an admin didn't patch, it's mostly his fault, no matter how
crappy Windows/IIS might have been designed" thread, namely, that
for the longest time, installing patches in most Windows systems was
a dangerous undertaking; a significant portion of the time, installing
a patch would/could cause something else to break, or even render the
system unusable. This aspect has kept many Windows admins that I know
from doing _anything_ to their systems except for dire emergencies, or
well-tested (i.e. out in the field for several months, and tested on
_other_ people's machines) service packs. Many of these difficulties
were characterized either in being required to figure out to apply
service packs and interim patches in exactly the right order (with exactly
the right set of reboots), or in ending up reinstalling because
Microsoft technical support didn't have the depth to be able to help
with a complicated service pack / patch situation.

In Microsoft's case, I think they could take better measures to ensure
that their software and NOSen are less vulnerable, but they don't, and
that's why my network no longer has any NT servers on it.

Microsoft can't predict and prevent 100% of all attacks, but they can take
more steps to help prevent some of the attacks.