Insurance against accidental virus/malware transmission

Does anyone in the UK have Cyber Insurance, or Professional Indemnity insurance? Suggestions for suitable companies to use. Sole trader.

I’not sure what the concern is? Are you worried about accidentally re-distributing a virus or malware?

Hi Sam. My concern is possibly being blamed for the accidental transmission of a virus. I have a school that is willing to test software, and need to insure that I will not be held liable. How do you prove you are 100% virus-free? I do not believe that I have any malware etc on my system, as I use an iMac with Intego anti-virus, malware defns always up to date, and use separate user setups for development. I do also have a EULA basically excluding any responsibilty, etc.

I have been in touch with the primary school’s Local Education Authority to get their views and requirements.

I am not aware of any insurance company covering virus infection risks.

Perhaps you could use VirusTotal, VirScan or other similar online service to scan your files, and make the scan result available to your prospect. This is not insurance, but proof that you are taking all reasonable measures to safeguard their network from contamination. These online services use many different scan engines concurrently. Several major antivirus software editors also offer online services to scan specific files. If you scan your software files with a suitable selection of these tools, you can demonstrate that your products are reasonably safe to use. That should do the job with a majority of risk averse prospects.

Andy, if i were you i would let Intega scan your program and then print the scanreport to a pdf. Add that pdf to the distributionpackage. I think that’s proof enough. The report should include a version number and the filesize etc. to prove that file is scanned and not something else.

As Louis already said that should show that you did the upmost to avoid possible damage through viral infection by your software.

Besides that, the school has to prove that not their own computers are infected and falsely blame you. From what i heard the protection against virussen on schools is often not to good.

Louis and Andre

Thank you for the excellent advice.

You can never guaranty that. When I was at a Security conference last time, some known Virus checker company (can’t say the name of the Company) told me that, only 65 % of the viruses are caught, they can’t keep up any-more.

Check this link out:

Starting with a Mac is a good start, in my limited experience of viruses (about 14 years ago), they tend to target apps they’re aware of and apps in memory.

Now in theory code signing can work as way of detecting wether your application is virus free or not, providing of course it is code signed before the virus or malware gets into the gubbins. Sandboxing is another great security mechanism (although a pain for developers) as it will limit the damage a virus or malware can do.

If the school uses Windows, then I would suggest getting an independent PC and investing in several different AV apps & AM apps, then use this for scanning the media you supply to the school. Only supply the school with locked media, so if they’re already infected, it can’t come back to bite you.

Andre’s response is certainly a great way to legally protect yourself.

Thanks Sam

I do develop on a Mac. I use Intego antivirus, on this. Using OSX 10.8. I run Windows 7 under VMFusion on this machine. Use AVG and malwarebytes on this. Seldom have Windows 7 connected to Internet when using it. Never detected any viruses or malware on my IMac.

I also have a separate PC with Windows 8.1 on it.

My next stage would have been code signing. Though this does seem a bit daunting. Though I believe you have an application AppWrapper that can help with this.

Many moons ago, when I worked for a software company, we had the same issue arise. It was a small outfit that wanted indemnity and damages in such an event. It wasn’t a big sale (we had supplied major broadcasters with 6 figure contracts with none of this stuff) so we simply replied that we could not agree to this term and left it at that. Month later a P.O. arrived :slight_smile:

Can you not just burn the installation to a CD. You know what files should be present in your installer and therefore if anything (malware/viruses) are present on the CD prior to installing on your clients machine. Use a non-rewriteable CD, date the CD and ask your client to sign to say they witnessed the installation from the CD. Should they have any issues in the future the CD can be checked to confirm you did not install the virus and put you in the clear.

You can never be 100 % sure if you are free for computer virus. Even if 3 different Virus checkers don’t find anything, does not mean you are 100 % free for computer viruses.

If someone makes a new virus today, virus checker will first know a few days later, depend how fast it spread, or if it’s a specific Virus only focused on few victims, then it might takes weeks.

So my advice, never guaranty you are 100 % Virus free but only tells you are virus approved by one or two known virus checker.

Thanks Mike

Good idea.

Thanks everyone for your contributions.

Isn’t insurance there to cover your back when you made a mistake, instead of cover you when some hacker puts a virus in your software?