There are all sorts of laws designed to protect computer networks from unwanted intrusion. As far as I know the penalties for impairing a computer’s ability to function can be quite severe. The reason these laws exist is obvious—they serve to prevent economic losses to individuals and corporations from downtime. So why doesn’t this apply to malware? Almost everybody I know has had their online activities severely crippled at one time or another by adware, spyware, browser hijackers, etc. I would venture to guess that this must cause a considerable amount of economic loss to global computer users. So why don’t the laws which protect computers from unwanted tampering also apply to malware? Malware writes code to a computer’s hard drive without the user’s knowledge or consent and disrupts its ability to function. How is this fundamentally different from someone hacking into Best Buy’s servers and engineering a denial-of-service attack?
Because, IIRC, the malware portion of the software is agreed to by the user in the EULA.
You know that 4 page thing that you skip through and just click “I Agree”? That says that the software will install this other stuff on your hard drive and that you are fine with it…
There’s a fine line between malware, code specifically written to infiltrate or damage a computer, and adware, which can damage systems, but isn’t designed to do so purposefully. I’m not aware of any law that specifically outlaws the mere creation or possession of malware, but there are loads of new laws criminalizing their use. Just about every major city’s DA’s office now has a cybercrime department or something like one.
Define “malware.”
Viruses can get you into legal trouble. The creator of the Melissa virus was sent to jail for it, but you have to find the person who created them. Nowadays, there are too many ways to hide yourself on the Internet (uploading the virus from a car outside a Starbucks or some place with an open wireless network, for instance, then driving away).
Adware often announces what it will do in its EULA. The problem is that no one reads the fine print, so they install them without realizing the problem.
As for spyware and other problems, it has been hard to create laws to stop it being installed that wouldn’t cause problems for legitimate software companies.
Why aren’t hammers illegal?
Trying to classify code as “good” or “evil” is a dangerous and futile exercise.
At least in the US, malware, for most reasonable definitions of the term is illegal. Just like ordinary IRL vandalism is illegal.
The practical problem is this: How do you prosecute somebody you can’t catch?