Consent And Legality

Malicious software is often sold bundled with other software that contains a EULA, or end-user license agreement, which the computer owner has to accept before they can install the software.

In general, unauthorized access to a computer is illegal, according to computer crime laws like the United States Fraud and Abuse Act. Most people also will tell you that they would never authorize the installation, access or operation of malware (malicious software) on their computers. On the surface it would seem that malware installation, access or operation on their computers should be a criminal act. In fact, there have been some high-profile cases where law enforcement has prosecuted authors of viruses, worms and other malware. But as you can imagine, there are always exceptions to the rule.

A form of malware known as surveillance software, is one of those exceptions. There have been very few prosecutions of authors of this form of malware. In fact, it may surprise you to know that many authors of malware programs actually operate as legitimate public businesses.

Authors of malware have claimed that their software is only installed on the computers of people that have given their consent. This can happen because often malware is sold bundled with other software that the computer owner may want to install. While that by itself doesn't imply consent, quite often the other software installation will contain a EULA, or end-user license agreement, which the computer owner has to accept before they can install the other software. And inside this EULA, is usually some kind of legal language that may not even be understandable to the average person that the user consents to the installation of all parts of the software. It may not even mention the malware part of the software by name to make it even more confusing. As you may know or have guessed, most people don't read these EULAs, which are usually very long even though the software authors say it is a fully enforceable contract with all the legal binding necessary to prove consent.

These EULAs, also referred to as Clickwrap Agreements, are seemingly everywhere, it seems everybody uses them. However, almost no case law has resulted from their use. While in some common law jurisdictions it has been established that Clickwrap Agreements can be a binding contract, this has been shown to be true only in certain circumstances. This means that not every Clickwrap Agreement is a contract, nor is every term in it enforceable. If the contract appears excessive in length, or if key provisions of the contract terms are made inconspicuous or intentionally ambigous then this can cause Clickwrap Agreements to be rejected as contracts of adhesion.

Of course, even if there is a EULA, but the software installs itself on your computer surreptitiously, say from a drive-by download from a web site where you never get an opportunity to approve or disapprove the contract terms, then there is no way an enforceable contract can exist.

Some states have already passed laws criminalizing some forms of malware. This includes software that alters web browser settings, monitors keystrokes, or disables security software on the computer without the consent of the owner or operator of the computer. This has resulted in some fines and out-of-court settlements with some major companies causing them to stop distributing their malware. Part of the reason the companies were taken to court were that their malware was installing itself in ways making it almost impossible to remove it. In addition, some malware variants were caught replacing legitimate ads on web pages with the malware author's own ads, diverting revenue from web site owners to the malware author.

Since a lot of this malware seemed to be centered around "forced advertising", it makes you wonder if the advertisers themselves might be held accountable in court for all this. Sadly, so far the courts have not really made any inroads in this area. Advertisers have acquired a sort of Teflon coating due to the fact that they usually don't do business directly with malware authors. Usually there is a subcontractor in the mix, acting as a middleman, who is getting paid by the advertiser for the number of impressions, or appearances of the advertisement. The malware author is the agent that provides those "impressions". The good news is that a few large companies upon finding their ads being shown via malware, have "fired" the advertising agencies responsible.

Strangely, some of the malware authors have actually sued some web site owners for calling a spade a spade. Due to the financial costs involved in such litigation however, most of these cases have been settled out of court. Fortunately, there are still some web sites where you can find descriptions of the harmful behavior of several different kinds of existing malware.

As you can see, the issue of legality of malware and of getting user consent is not the simple issue it would seem to be on the surface. It becomes more important for us to be vigilant about what software we allow or disallow to be installed on our computers. But since there is still the kind of malware that doesn't even ask for our consent, it becomes a necessity for us to use a malware detection program on our computers on a regular basis, or even better, one that can operate in real-time.

Malware detection programs cannot be used in isolation, however. A good firewall, anti-virus, adware and evidence removal software suite needs to be added in conjunction with it to be truly effective. With so many ways for our computers to become infected, it's important to close up as many holes in our computer security as possible. Remember, the chain of security is only as good as it's weakest link.

Top Software Info | Contact Us | Terms Of Service | Privacy Statement | Common Questions | Site Map

Copyright © 2008 Top Software Info. All Rights Reserved.