Malicious software and system damages: Is there a case for liability of software vendors?

This discussion paper addresses the potential responsibility of the software vendors in the light of the changing nature of the threats originating from malicious software. The authors argue that our understanding of the conventional breed of rogue programs (viruses, worms and Trojan horses) highlighted the liabilities residing with those programs' creators or the end-users' negligence, overlooking the potential responsibility of the software vendor. However, because of the way contemporary forms of malicious software ('adware', spyware, botnets etc.) infect systems, primarily due to the faulty nature of the software end-product or its ineffective support, a question is raised about the emerging potential liability of the product provider, who advertises the safe and secure operation of the software - and receives revenues from its sales.