A warning to over-zealous security admins the world over – somebody has successfully (and justifiably) defended themselves against porn surfing accusations by shifting the blame to malware infection.

One Michael Fiola had been sacked from his job at the US Department of Industrial Accidents after child porn was found on his work laptop.

The defence was a basic one. Forensic analysis of his computer found that it had no anti-virus defence, was riddled with malware capable (in an unspecified way) of downloading porn without his knowledge, and had not been properly cleaned before being given to him after use by a previous owner.

To my knowledge, this defence has been tried once before two years ago in a little-publicised South African case, but the test case was always likely to be in the US. There was also the unfortunate “porn popup” case in the US last year – that has since become a cause celebre - where a female school teacher, Julie Amero, was accused of causing porn to appear on her classroom computer, despite their being no evidence that she had done any such thing. That case heads for a re-trial.

The PC has been designated as “yours” so you must have done the downloading seemed to be the argument in the Fiola case, absurd given the capabilities of today’s malware.

The security industry has been waiting for this defence to work for some time and now it has, so be warned. If you suspect a user of downloading porn, or any file type for that matter, make sure you build a forensic case first. If the PC is not protected to a reasonable degree, assume you might have trouble passing the blame to the worker, and that this worker might also be totally innocent of blame. Exactly what ‘reasonable’ means will vary from case to case, company to company, device to device.

Employ at least basic URL filtering, so that anyone bypassing it would have to have a good reason to be doing so. One defence is the old “I wouldn’t know how to do that”, which can be ruled out when obfuscating online behaviour by, say, connecting through a proxy. Remember, it is the company’s responsibility to put in place reasonable defence for a PC, not the employee’s.

No doubt, porn surfers will try this defence more often from now on, but so will the totally innocent, including Michael Fiola. A computer’s hard drive is a witness like any other and that means it can sometimes be unreliable.

For the record none of the above comments should be taken to imply that Micahel Fiola is anything other than innocent of the charges levelled against him.