(This article was previously posted on our old blog and has been moved here.)

We had a question recently about who is responsible for viruses on web sites:

The question: ‘I went to a website and my anti-virus software warned me that it had detected a number of viruses including a trojan. Who is responsible for that happening? Is it the fault of the host, designer?’

Of course, the obvious answer for those of you who enjoy technicalities is that the person who wrote the virus and/or put it on the web site is responsible.  But that’s not really the question here.

There are a number of ways this can happen but fundamentally it means that the site had a vulnerability of some kind that allowed someone to gain access and infect it.

Generally this would not be the host.  However, some hosts that are not good with their server configuration and maintenance could find themselves with unauthorized access.

(This article was previously posted on our old blog.  It has been moved here.)

More often it’s due to a vulnerability in the web site files.

If the site is using some kind of CMS (Content Management System) there might be a vulnerability in the system.  These systems need to be kept up to date with their security patches.  That’s a maintenance issue which could go with either the designer or the site owner…depending on whose responsible to keep it up and running.

If there was programming involved it could be a problem with the code.  That would go with the designer/programmer.

If the site owner tried to modify the site on their own they could have also introduced a vulnerability.

So it’s difficult to tell who is responsible without knowing the details of the site and it’s management.