Who is responsible for installing anti virus software.

[Richard Budd]

Who is responsible for installing anti virus software.



I am a website designer and have a client how I have designed a site for who
has a virus named NETSKY. They inform me it is my fault and I should have
installed anti virus software on my clients PC.



I "see" my role to design a site, which I was commissioned for - not give
advice and recommendations to my client as to the anti virus software he
should have had installed. The client was already on the Internet before I
met him, with pages on websites with his email address on (within a mailto:
code) he had an existing email account and was surfing the net before we
met.



Who is to blame! Not wishing to blame him but clear my reputation once and
for all.



Any help would be great - also links to legal cases where this may have come
up in the past.



Richard-at-Lionheart-Graphics.co.uk (take out all the -'S) cheers

 

[David H. Lipman]

From: "Richard Budd" <[email protected]>

| Who is responsible for installing anti virus software.
|
| I am a website designer and have a client how I have designed a site for who
| has a virus named NETSKY. They inform me it is my fault and I should have
| installed anti virus software on my clients PC.
|
| I "see" my role to design a site, which I was commissioned for - not give
| advice and recommendations to my client as to the anti virus software he
| should have had installed. The client was already on the Internet before I
| met him, with pages on websites with his email address on (within a mailto:
| code) he had an existing email account and was surfing the net before we
| met.
|
| Who is to blame! Not wishing to blame him but clear my reputation once and
| for all.
|
| Any help would be great - also links to legal cases where this may have come
| up in the past.
|
| Richard-at-Lionheart-Graphics.co.uk (take out all the -'S) cheers
|

Did you physically setup the server platform, the Server OS and all Server Applications or
merely do some Java, HTML, etc. programming to provide a web site ?

 

[Clay]

Who is responsible for installing anti virus software.

IMO, it's the administrator of the system needing the protection
installed.

I am a website designer and have a client how I have designed a site for who
has a virus named NETSKY. They inform me it is my fault and I should have
installed anti virus software on my clients PC.

If they wanted you to perform that service for them, then they should
have requested it. Why would they expect you install software on their
computer without you being instructed to do so? What about a firewall?
What about OS patches? Browser updates? MS Office patches? What else
are you magically responsible for?

I "see" my role to design a site, which I was commissioned for - not give
advice and recommendations to my client as to the anti virus software he
should have had installed. The client was already on the Internet before I
met him, with pages on websites with his email address on (within a mailto:
code) he had an existing email account and was surfing the net before we
met.

The client asked you to design a web site, if you've done that
properly then you've fullfilled your contractual obligation. You could
of course offer to help or point them in the right direction for
cleanup/removal, prevention education, etc.

Who is to blame! Not wishing to blame him but clear my reputation once and
for all.

They are responsible for the protection of their own computer. What
next... are they going to try to blame you the next time they delete a
file by mistake?

Any help would be great - also links to legal cases where this may have come
up in the past.

I don't have any links to legal cases... I can't even imagine anyone
getting very far with such an outrageous claim.

Richard-at-Lionheart-Graphics.co.uk (take out all the -'S) cheers

If I were you, I'd smile quietly to myself. Not really your problem...
unless you didn't get paid for the web design work yet.

 

[Adam Piggott]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Who is responsible for installing anti virus software.



I am a website designer and have a client how I have designed a site for who
has a virus named NETSKY. They inform me it is my fault and I should have
installed anti virus software on my clients PC.

Just send them a copy of the work schedule/quote that you sent them
outlining the work you were doing and state that one could no way infer
that by designing a web site any other services were being offered.

Regards,


Adam Piggott.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)

iD8DBQFCaU1w7uRVdtPsXDkRAvoHAKCGdViqVsw0yR9eUagfTDG0a10AOgCfR29d
PC2X5JzH3AocZogM+2ZWfHU=
=J//D
-----END PGP SIGNATURE-----

 

[Conor]

Who is responsible for installing anti virus software.



I am a website designer and have a client how I have designed a site for who
has a virus named NETSKY. They inform me it is my fault and I should have
installed anti virus software on my clients PC.

You were employed as a web designer. System security is the
responsibility of the network/computer administrator. You are not that
person.

 

[Jonah]

Who is responsible for installing anti virus software.



I am a website designer and have a client how I have designed a site for who
has a virus named NETSKY. They inform me it is my fault and I should have
installed anti virus software on my clients PC.



I "see" my role to design a site, which I was commissioned for - not give
advice and recommendations to my client as to the anti virus software he
should have had installed. The client was already on the Internet before I
met him, with pages on websites with his email address on (within a mailto:
code) he had an existing email account and was surfing the net before we
met.



Who is to blame! Not wishing to blame him but clear my reputation once and
for all.



Any help would be great - also links to legal cases where this may have come
up in the past.



Richard-at-Lionheart-Graphics.co.uk (take out all the -'S) cheers

I am responsible for security on works computers, thats what I get paid
for IT Admin.

I commission people to do web work for me because I have no time to
learn and no desire for farting about with web design, I am not the
tiniest bit artistic + I would not know where to start but having said
that I would never ever blame a web designer for security problems
unless I had specifically requested security measures during the brief.

The only thing I can say is maybe you credited your client with more IT
experience than he had in fact got, and should probably have been more
specific about what you would do for the client; but then its still not
your responsibility to hold peoples hands IMO. You do however have a
public relations disaster, that could be tricky.

Don't suppose you got the brief in writing did you?

Jonah

 

[kurt wismer]

Who is responsible for installing anti virus software.

I am a website designer and have a client how I have designed a site for who
has a virus named NETSKY. They inform me it is my fault and I should have
installed anti virus software on my clients PC.

I "see" my role to design a site, which I was commissioned for - not give
advice and recommendations to my client as to the anti virus software he
should have had installed. The client was already on the Internet before I
met him, with pages on websites with his email address on (within a mailto:
code) he had an existing email account and was surfing the net before we
met.

Who is to blame! Not wishing to blame him but clear my reputation once and
for all.

you are working for him, right? is there an employment contract? that
should spell out your duties and responsibilities...

if there's no employment contract then there was probably a verbal
agreement about what it was you were to do... what exact terms were used
to describe what you would do?

so far it doesn't sound like it's your responsibility - a web site
designer is not a server administrator and shouldn't be expected to do a
server administrator's job... also an admin and a web designer aren't
likely to get similar amounts of money... if your client wanted an admin
he should have asked for an admin and paid for an admin...

 

[jonah]

snip

you are working for him, right? is there an employment contract? that
should spell out your duties and responsibilities...

if there's no employment contract then there was probably a verbal
agreement about what it was you were to do... what exact terms were used
to describe what you would do?

"A verbal contract is not worth the paper its written on"

Sam Goldwyn



Jonah

 

[Roger Wilco]

Who is responsible for installing anti virus software.

Nobody is, unless they were specifically tasked with that job. It is up
to the system administrator to decide what security measures to use
whether it be software or policy.

I am a website designer and have a client how I have designed a site for who
has a virus named NETSKY. They inform me it is my fault and I should have
installed anti virus software on my clients PC.

People don't like to take personal responsibility for anything
anymore...

McDonalds "supersized" me into a heart attack and burnt me with coffee
that was too hot - so I sued them.

The problem is, these idiots win their cases too often.

I "see" my role to design a site, which I was commissioned for - not give
advice and recommendations to my client as to the anti virus software he
should have had installed. The client was already on the Internet before I
met him, with pages on websites with his email address on (within a mailto:
code) he had an existing email account and was surfing the net before we
met.

Are you saying he is running a server hosting the website you helped
design?

It is his responsibility to administrate his own machines.

Who is to blame! Not wishing to blame him but clear my reputation once and
for all.

If you were specifically tasked with security for the machine, you would
be remiss not to at least recommend an AV imo.

Any help would be great - also links to legal cases where this may have come
up in the past.

You can cite any of the stupid "blame the other guy for my stupidity or
carelessness" lawsuits - there are plenty.

 

[optikl]

Who is responsible for installing anti virus software.



I am a website designer and have a client how I have designed a site for who
has a virus named NETSKY. They inform me it is my fault and I should have
installed anti virus software on my clients PC.



I "see" my role to design a site, which I was commissioned for - not give
advice and recommendations to my client as to the anti virus software he
should have had installed. The client was already on the Internet before I
met him, with pages on websites with his email address on (within a mailto:
code) he had an existing email account and was surfing the net before we
met.



Who is to blame! Not wishing to blame him but clear my reputation once and
for all.



Any help would be great - also links to legal cases where this may have come
up in the past.



Richard-at-Lionheart-Graphics.co.uk (take out all the -'S) cheers

I'm not qualified to offer legal advice here, but each one of us is
responsible for our own security. Period. Unless I specifically contract
with someone else to provide my security to me, I'm on the hook to
secure myself. Tell your customer you'll help him remove his NETSKY
problem, for a fee.

 

[Ian Kenefick]

Who is responsible for installing anti virus software.



I am a website designer and have a client how I have designed a site for who
has a virus named NETSKY. They inform me it is my fault and I should have
installed anti virus software on my clients PC.

[snip]

You = webdesigner.
? = Admin responsible for antivirus solution.

They are two completly different roles and unless the latter was
included in the job description in the first place you have nothing
whatsoever to do with it.

In a situation in a small business sometimes there is no admin so the
job for maintanance in outsource to the local computer guy. Never ever
is it assumed that the guy doing the website has anything to do with
the maintaining of the pc's.

Hope this helps!

Regards,
Ian Kenefick
http://antivirus.ik-cs.com

 

[Grant Robertson]

Who is responsible for installing anti virus software.
I am a website designer and have a client how I have designed a site for who
has a virus named NETSKY. They inform me it is my fault and I should have
installed anti virus software on my clients PC.

This guy is just trying to find a lame reason not to pay you. I've had a
few customers try stupid stuff like that. Finish up what you absolutely
have to to fulfill your obligation then do not deliver it till the guy
has the written check in his hand, ready to give to you. Then drive
straight to his bank and cash it. After that don't do any more business
with him. I hate to sound cynical but no reasonable person is ever going
to blame their web site designer for a virus any more than they would
blame their painter for plumbing problems.

 

[David W. Hodgins]

Who is responsible for installing anti virus software.

Depends<g>.
Owner of the computer, or
if renting a server at a data center, depends on the contract,
or person hired by owner/renter, specifically to perform that task.

I am a website designer and have a client how I have designed a site for who
has a virus named NETSKY. They inform me it is my fault and I should have
installed anti virus software on my clients PC.

I could see them holding you responsible if you installed an abusable
php script, or some such.

Netsky, in particular, is spread by a person executing an attachment to
an email, or using very outdated software. Who executed it?

I "see" my role to design a site, which I was commissioned for - not give
advice and recommendations to my client as to the anti virus software he
should have had installed. The client was already on the Internet before I
met him, with pages on websites with his email address on (within a mailto:
code) he had an existing email account and was surfing the net before we
met.

As a web designer, you should have a contract specifying what you will provide.
Even if it's verbal, unless the av installation was mentioned, I certainly
wouldn't consider it a standard part of a web site design/development/installation.

Who is to blame! Not wishing to blame him but clear my reputation once and
for all.

I'm not a lawyer, but in my opinion, unless securing the server was specifically
mentioned, I would not expect it to be included. How much is he willing to spend
for a commercial AV system? Was the price of an av system explicitly included in
your quote?

Any help would be great - also links to legal cases where this may have come
up in the past.

It's contract law. What's written overrides anything that's said. If it was only
verbal, and it's clear that there was no meeting of the minds, then there's no
contract period. If the customer is giving you a hard time, get a lawyer, fast!
Don't rely on advice from me, or anyone else on the net, except for the advice to
get a lawyer. Good Luck!

Regards, Dave Hodgins

 

[Zvi Netiv]

Who is responsible for installing anti virus software.

No one is "responsible" by law for installing AV software. The installation of
such is voluntary and is subject to the decision of who *owns* the platform that
the AV is supposed to protect.

I am a website designer and have a client how I have designed a site for who
has a virus named NETSKY. They inform me it is my fault and I should have
installed anti virus software on my clients PC.

There is no connection between them having "Netsky" on the web hosting machine
and the website you designed. Netsky is a mail-borne worm and the party to be
"blamed" for contracting it, (if they have it at all!) is the *user(s)*. Even
if they had AV software installed and active, the responsibility for becoming
infected is *always* the user's, not even the AV that "failed" stopping the
malware. Part of the rationale is: The robustness of any protection system is
as strong as its weakest part. Turns out that this weakest part is the user,
his skills, or lack of, or misuse, or things of a long list of deeds or
abstentions that no one can be responsible for, except the user (or owner)!

If the above wasn't true, then AV companies would all be bankrupt since long!
By the same logic, you cannot be held responsible for your customer becoming
infected even if you were paid for advising them on security. Not more than
their own IT manager, or security responsible - if they have one, can be held
responsible for the mishap.

I "see" my role to design a site, which I was commissioned for - not give
advice and recommendations to my client as to the anti virus software he
should have had installed. The client was already on the Internet before I
met him, with pages on websites with his email address on (within a mailto:
code) he had an existing email account and was surfing the net before we
met.

Irrelevant. Their "responsibility" (if there is such) for becoming infected, in
the broad sense, is absolute and inarguable.

Who is to blame! Not wishing to blame him but clear my reputation once and
for all.

There is no one to "blame", certainly not you. If your reputation was tarnished
by the client and you can prove in court that you incurred real damage or loss
due to, then you may have a case to sue them for damages. Consult a lawyer.

Any help would be great - also links to legal cases where this may have come
up in the past.

AFAIK, there is no precedent where an AV producer was found guilty for failing
to protect. The only precedent I am aware of, where an AV producer was blamed
for its product performance, can be found on
http://catless.ncl.ac.uk/Risks/14.20.html#subj2.1 which reads:

"Peter G. Neumann <[email protected]>
Thu, 31 Dec 92 11:31:38 PST
The Washington Post has an article by John Burgess (at least some of which
appears in today's San Francisco Chronicle) discussing a federal judge's order
to McAfee Associates of Santa Clara CA, to stop distributing their Pro-Scan
Version 2.31 and ViruCide Version 2.33 and derivative products. Imageline
Inc. of Richmond VA (maker of PicturePak and ValuePak) has sued McAfee
Associates for libel, fraud, and other misdeeds, because those antiviral
products mistakenly identify Imageline products as containing viruses."

I very much doubt that such claim would be submitted to court nowadays.

From any angle you look at it, the problem is theirs, not yours.

Regards, Zvi

 

[Beauregard T. Shagnasty]

There is no connection between them having "Netsky" on the web
hosting machine and the website you designed. ...

Richard didn't say exactly _which_ machine is infected with Netsky.
Seems unlikely that a web hosting computer would have this worm/virus,
as it is generally email-borne. And he didn't state that his client is
actually hosting the web site on premises.

Sounds to me as if the two are completely unrelated. Richard put a web
site on a web host for the client. Then, the client's office PC got
the worm, by opening an infected email and executing the attachment.

 

[Zvi Netiv]

From: "Richard Budd" <[email protected]>

| Who is responsible for installing anti virus software.
|
| I am a website designer and have a client how I have designed a site for who
| has a virus named NETSKY. They inform me it is my fault and I should have
| installed anti virus software on my clients PC.
[...]
| Who is to blame! Not wishing to blame him but clear my reputation once and
| for all.
|
| Any help would be great - also links to legal cases where this may have come
| up in the past.
|
| Richard-at-Lionheart-Graphics.co.uk (take out all the -'S) cheers

Did you physically setup the server platform, the Server OS and all Server Applications or
merely do some Java, HTML, etc. programming to provide a web site ?

What difference does it make who set up the server? Who set it up isn't
responsible either. The party that is "responsible" for becoming infected, if
there is any responsibility at all, is the user.

As a matter of fact, even the user that opened the Netsky affected e-mail isn't
responsible for the infection. At most, that user can be blamed for not
observing specific security regulations imposed by the employer. The only case
I know where this was implemented is in one of the banks among our clients.
Some years ago, an outburst of a VB worm was intercepted in real time and the
culprit machine was isolated. The user admitted holding an hotmail account on
his work PC, which was strictly against the bank's regulations. The guy was
fired the very same day.

Happy Passover, Zvi

 

[Zvi Netiv]

Richard didn't say exactly _which_ machine is infected with Netsky.
Seems unlikely that a web hosting computer would have this worm/virus,
as it is generally email-borne. And he didn't state that his client is
actually hosting the web site on premises.

Doesn't matter a bit to the principles I explained.

Sounds to me as if the two are completely unrelated. Richard put a web
site on a web host for the client. Then, the client's office PC got
the worm, by opening an infected email and executing the attachment.

Which doesn't change anything in what I wrote.

The key issue of this thread, as I understand it, is whose responsibility is it
for a machine to become infected. The question as formulated by the OP is just
one of the many variations this question may be asked.

If you understood my post, then the answer is "nobody is directly responsible",
and the most of that "irresponsibility" lies in the hands of the user at the
moment of infection, whoever this may be.

Regards, Zvi

 

[David H. Lipman]

From: "Zvi Netiv" <support@replace_with_domain.com>

|
|>> Who is responsible for installing anti virus software.
|>>
|>> I am a website designer and have a client how I have designed a site for who
|>> has a virus named NETSKY. They inform me it is my fault and I should have
|>> installed anti virus software on my clients PC.
|
| [...]
|>> Who is to blame! Not wishing to blame him but clear my reputation once and
|>> for all.
|>>
|>> Any help would be great - also links to legal cases where this may have come
|>> up in the past.
|>>
|>> Richard-at-Lionheart-Graphics.co.uk (take out all the -'S) cheers|
| What difference does it make who set up the server? Who set it up isn't
| responsible either. The party that is "responsible" for becoming infected, if
| there is any responsibility at all, is the user.
|
| As a matter of fact, even the user that opened the Netsky affected e-mail isn't
| responsible for the infection. At most, that user can be blamed for not
| observing specific security regulations imposed by the employer. The only case
| I know where this was implemented is in one of the banks among our clients.
| Some years ago, an outburst of a VB worm was intercepted in real time and the
| culprit machine was isolated. The user admitted holding an hotmail account on
| his work PC, which was strictly against the bank's regulations. The guy was
| fired the very same day.
|
| Happy Passover, Zvi
| --
| NetZ Computing Ltd. ISRAEL www.invircible.com www.ivi.co.il (Hebrew)
| InVircible Virus Defense Solutions, ResQ and Data Recovery Utilities

Good Yom Tov to you as well Zvi !

I just think that if he was to setup the server, OS and applications, then AV software would
also be required. To not do so would border on malptractice. If he is just a webmaster
then it is not his realm at all.

 

[null]

The key issue of this thread, as I understand it, is whose responsibility is it
for a machine to become infected. The question as formulated by the OP is just
one of the many variations this question may be asked.

If you understood my post, then the answer is "nobody is directly responsible",
and the most of that "irresponsibility" lies in the hands of the user at the
moment of infection, whoever this may be.

Unless the user is a government agency, in which case perpetrators
including malware authors are held responsible.

And if you're MicroSoft, you do the same. The rules of the game are
different when big money or political power are involved.

Art

http://home.epix.net/~artnpeg

 

[Beauregard T. Shagnasty]

If you understood my post,

If *I* understood your post? Of course I did.

I was pointing out that this discussion may be solved a bit easier if
Richard the OP would tell us (if he ever comes back) exactly what
computers are involved here, and where the virus was actually found.

Don't you think?