- Jan 8, 2011
- 22,361
If you pay for an Antivirus / Anti-malware product, who's at fault when your PC or Mac becomes infected with malware, adware or ransomware?
If you pay for malware protection, who's at fault if you get infected?
- Thread starter Ink
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
- Sep 8, 2019
- 461
You, because you were mislead by AV companies to buy an product you dont need to pay for and thinking because it was advertised it was so great, you didnt need to use common snse.
- May 13, 2017
- 2,509
If you buy a mosquito spray and get bitten, who is at fault? Obviously, you did not pay enough for protection. AV, no matter how complex, provides a basic service and that is it.
If you want a complete protection, you have to pay a security company, which guarantees your safety by providing the protection, backup and recovery, in case of an infection.
If you want a complete protection, you have to pay a security company, which guarantees your safety by providing the protection, backup and recovery, in case of an infection.
User assumes all risks unless specified in writing in the EULA. All you need for understanding is to read the MalwareTips user rules to get an idea.
Only answer is to read the firm's terms.
Only answer is to read the firm's terms.
- Aug 5, 2012
- 572
The right answer is: always depends. 
Depends on the circumstance.
If a user is engaging in behaviour that evidently puts them at greater risk of infection then they are responsible if their system becomes infected as a result.
If, however, they are practicing good habits and get infected through a vector they had no control over, or were tricked into the initiating the infection, then I'd say the user bears little to no responsibility.
In neither case is the antivirus vendor responsible for failing to protect the system, just as seatbelt (airbag may be a better analogy) manufacturers aren't responsible for failing to prevent injury in the event of a car crash.
If a user is engaging in behaviour that evidently puts them at greater risk of infection then they are responsible if their system becomes infected as a result.
If, however, they are practicing good habits and get infected through a vector they had no control over, or were tricked into the initiating the infection, then I'd say the user bears little to no responsibility.
In neither case is the antivirus vendor responsible for failing to protect the system, just as seatbelt (airbag may be a better analogy) manufacturers aren't responsible for failing to prevent injury in the event of a car crash.
- May 31, 2017
- 1,672
It depends… mainly on if the user was prompted or not during the infection.
In other words, if the attack slipped through all of the antivirus mechanisms / filters and allowed unknown arbitrary code to automatically execute, then it is mostly the fault of the cybersecurity company, especially if their marketing makes the user believe their product will block all attacks.
A few years ago when Cylance was released, their whole thing was creating a cybersecurity product that is silent as possible (hence the name). Since then, there has been a big push in the industry to make security products as silent and seamless as possible. The industry is finally figuring out that silent security is deadly because it makes the user less vigilant, cautious and knowledgeable about cybersecurity.
On the other hand, if the user is a happy clicker, downloads unknown files, is not careful and ignores user prompts… then the user is mostly at fault.
Here is a great example… Someone asked me recently if they could test VS against tons of malware, and for the test they would count any file where VS’s recommended action / instructions were to Allow the file, as a bypass. I did not respond to this person, but what I would have said was, “Sure, go ahead, and when the mini prompt says “Click this balloon if you intended to allow…(item)”, then simply close the mini prompt to block the file, because you did not intend to allow the file.” Novice and intermediate users understand this, but advanced users do not because they forget to read the mini prompt.
In other words, if the attack slipped through all of the antivirus mechanisms / filters and allowed unknown arbitrary code to automatically execute, then it is mostly the fault of the cybersecurity company, especially if their marketing makes the user believe their product will block all attacks.
A few years ago when Cylance was released, their whole thing was creating a cybersecurity product that is silent as possible (hence the name). Since then, there has been a big push in the industry to make security products as silent and seamless as possible. The industry is finally figuring out that silent security is deadly because it makes the user less vigilant, cautious and knowledgeable about cybersecurity.
On the other hand, if the user is a happy clicker, downloads unknown files, is not careful and ignores user prompts… then the user is mostly at fault.
Here is a great example… Someone asked me recently if they could test VS against tons of malware, and for the test they would count any file where VS’s recommended action / instructions were to Allow the file, as a bypass. I did not respond to this person, but what I would have said was, “Sure, go ahead, and when the mini prompt says “Click this balloon if you intended to allow…(item)”, then simply close the mini prompt to block the file, because you did not intend to allow the file.” Novice and intermediate users understand this, but advanced users do not because they forget to read the mini prompt.
HA! Love this @TairikuOkami ! Best way to put it to anyone. As others have said and now from me as well..
Bottom line: If you get infected its mostly if not entirely on you. Yes, it does depend on the situation. However, as others have pointed out it also depends on your habits. @danb is spot on with what he mentioned too. Same with @Arequire who had a good note to everyone as well.
~Brian
- May 31, 2017
- 1,672
I totally agree... from a legal standpoint this is absolutely correct, and probably the best answer. But if you simply want to figure out why the infection actually occurred, then you have to look beyond the legal standpoint.
- May 10, 2019
- 1,854
Some companies such as McAfee and Norton offer sth like %100 guarantee (e.g. McAfee Pledge). Every user will get infected at some point, and support might be handy in such situations.
Anyway, If I ever get infected, I do not need to disinfect my device, and I will restore a clean system backup instead.
Regarding who should be blamed, I believe it is not the user. The user bought the product to be protected and it is not their fault if they get infected. Most of the users know nothing about malware, especially here Gaza. I say it, literally nothing
Anyway, If I ever get infected, I do not need to disinfect my device, and I will restore a clean system backup instead.
Regarding who should be blamed, I believe it is not the user. The user bought the product to be protected and it is not their fault if they get infected. Most of the users know nothing about malware, especially here Gaza. I say it, literally nothing
- Apr 9, 2020
- 656
You are not buying an insurance. You are buying a product that, by definition, cannot protect you 100%. That's always a given, because a perfect antivirus program cannot exist and no AV vendor will claim that they do. I even made a whole video about this (Why there is no perfect antivirus scanner) because it's often not clear to people why detection of malware can never be solved perfectly.
To answer your question: At fault are the people who developed and distributed the malware.
To answer your question: At fault are the people who developed and distributed the malware.
Last edited:
Unfortunately, perfect malware detection even if possible, won't SELL, emphasis on sell as businesses are not Red Cross. Such a detection will come at the price of disrupting user operation, false positives (more than what's acceptible), performance reduction and others.
All these factors would cause a product uninstall sooner, rather than later, which renders a balanced approach ticking all boxes necessary. Again, no AV vendor is charity, market share and profit are crucial and that comes from overall product satisfaction, not from AV-Comparatives and MRG Effitas badges.
This seeking of an all-in-one universal approach combined with the nature of cyber-crime means that from time to time evasion may happen.
It is critical that all users stay informed, adjust the product to their needs and make use of all additional tools that come with the product, even if they may look like bloatware.
For example if the product comes with a file vault important data should be kept locked there. If password manager is included, this can reduce credentials exfiltration. If something in these tools is not to your liking you should always let the company know and explain why the tool is not great, how it can be improved and what the improvement will mean to all users, not only to you. In my experience this works wonders (specially with Trend Micro). We can all contribute towards a better product.
So ultimately, whose fault it is that User X's family photos got hit by STOP ransomware? Hard to tell without an investigation, but if STOP didn't exist, this wouldn't happen (echoing the previous post). Sometimes the "innocent user that just didn't know" is at fault for risky behaviour as well as not reading up on what's going on around them, in terms of cyber-security.
All these factors would cause a product uninstall sooner, rather than later, which renders a balanced approach ticking all boxes necessary. Again, no AV vendor is charity, market share and profit are crucial and that comes from overall product satisfaction, not from AV-Comparatives and MRG Effitas badges.
This seeking of an all-in-one universal approach combined with the nature of cyber-crime means that from time to time evasion may happen.
It is critical that all users stay informed, adjust the product to their needs and make use of all additional tools that come with the product, even if they may look like bloatware.
For example if the product comes with a file vault important data should be kept locked there. If password manager is included, this can reduce credentials exfiltration. If something in these tools is not to your liking you should always let the company know and explain why the tool is not great, how it can be improved and what the improvement will mean to all users, not only to you. In my experience this works wonders (specially with Trend Micro). We can all contribute towards a better product.
So ultimately, whose fault it is that User X's family photos got hit by STOP ransomware? Hard to tell without an investigation, but if STOP didn't exist, this wouldn't happen (echoing the previous post). Sometimes the "innocent user that just didn't know" is at fault for risky behaviour as well as not reading up on what's going on around them, in terms of cyber-security.
Last edited by a moderator:
- May 3, 2015
- 1,540
In legal terms you are responsible unless you can prove the company sold the solution to you as 100% protection.
Under very rare and special cases you might be able to prove that the company has been selling products unfit for their purpose - for example a very old vulnerability has been neglected and has been used to infect you, or they didn't maintain the needed hygienic design. An example of "unfit for purpose" is Norton's engine which has been rumored to emulate threats in Kernel Mode prior to the SDS switch and also to use old, vulnerable un-archiving plug-in. There are articles on that if one is interested. Other than that, there are no legal processes one can instantiate and this one by itself is almost doomed.
So to summarise: AV is at fault only in the case when the overall product, a threat or situation has been neglected, this led to infection and can also be proven. In that case users are protected by local authorities and trade standards, just like with any other goods.
Last edited by a moderator:
- May 3, 2015
- 1,540
The nightmare of proving it in court, considering most judges are absolutely ignorant of how technology works...
You'll have to be severely compromised and will have to present a proof not only of the AV company's neglect, but also of the facts how this affected you (financial loss, depression, distress and others)...
I believe we all have better things to do in life than that
This just reminded me of how Escobar (the infamous Escobar phone scammer and dealer) allegedly was looking to sue Apple because FaceTime bug revealed his location and this costed him 2 BN in reallocating to another house...
- May 3, 2015
- 1,540
You'll have to be severely compromised and will have to present a proof not only of the AV company's neglect, but also of the facts how this affected you (financial loss, depression, distress and others)...
I believe we all have better things to do in life than that
This just reminded me of how Escobar (the infamous Escobar phone scammer and dealer) allegedly was looking to sue Apple because FaceTime bug revealed his location and this costed him 2 BN in reallocating to another house...
I'm a lawyer... I had difficulty explaining to a judge 50 cell phones belonging to the same company far away from the shore had no way of oxidizing all at the same time.... It was clearly a defective batch despite what the manufacturer said...
- May 31, 2017
- 1,672
A few people mentioned that we cannot expect security software to be perfect, and that basically allow-by-default is designed to fail. This is absolutely true, and everyone working in cybersecurity and on security forums understand this. I like mosquito analogy by @TairikuOkami, I usually would would say "well, you get a flu shot but that does not mean you are not going to catch the flu".
But ask anyone who has worked directly with a massive arrary of end users (especially for 21 years
) how many times they have heard the question (verbatim) "I have antivirus software, how did I get a virus?". I wonder how average and novice users would respond to this question.
But ask anyone who has worked directly with a massive arrary of end users (especially for 21 years
) how many times they have heard the question (verbatim) "I have antivirus software, how did I get a virus?". I wonder how average and novice users would respond to this question.
- Apr 1, 2019
- 2,808
The blame is on the malware creator, is it not? That’s why they are prosecuted when they’re caught.
- May 3, 2015
- 1,540
A few people mentioned that we cannot expect security software to be perfect, and that basically allow-by-default is designed to fail. This is absolutely true, and everyone working in cybersecurity and on security forums understand this. I like mosquito analogy by @TairikuOkami, I usually would would say "well, you get a flu shot but that does not mean you are not going to catch the flu".
But ask anyone who has worked directly with a massive arrary of end users (especially for 21 years
Even people in security forums have the illusion they will be better protected by product x, y or z. The statistical difference between the top players is so small you may basically ignore it and just use whatever you feel more comfortable with.
Similar threads
-
- Poll
