You want your retail customers to commit to using an antivirus package before the buy from you?

Not sure if I understand your requirement, but that would be equivalent of Walmart saying that people need to prove they do not have a criminal record before they can shop at their store.

If you're a ecommerce ASP, i'd look closely at Amazon and eBay. If its not in their ToS... don't bother, you'll loose business if you make things too difficult.

Also, why bother putting anything on your ToS / ToC if you cannot detect and enforce (yes, a very i-am-not-american response... not sure what lawyers are suing for these days).

Not retail, but yes I'd like customers to commit to using antivirus before I let them access the server.

I dont think it will lose business at all, most people dont read the TOS details anyway. Iv been readiong some TOS of online apps todays and theres are all sorts of stuff in them such as :

You agree not to leave the computer unatended while logged on.

You agree to allow us to install profile tracking software and transmit web usage to our serever.

I agree AV/Firewall might be a bit much but in principle whats wrong with taking steps to reduce liability for page jacking and malware/virus infections? If you run a shop you wouldnt just let violent/drunks wander in off the street and trash the place would you?

why bother putting anything on your ToS / ToC if you cannot detect and enforce

No need to enforce it, as long as you can sue businesses in the event that they compromise your database through non-compliance.Also its now possible to detect it with SSL quarantine type products.

How is a virus going to hack your server through a web browser? :\

I dont think its good idea to discuss those kind of details here, If you are concerned about the risks running web servers I suggest you take some security training.

In a word "no". You would just be wasting space. It's your job to run a secure server and to do as much as you can to protect it. If someone has deliberately attacked your server then consider legal action, TOS or not.

>> If you run a shop you wouldnt just let violent/drunks
>> wander in off the street and trash the place would you?

Well, thats why you have good security. People who want to trash your place will do so, regardless of the terms and conditions of entering your store.

Also, if you post an armed guard with an Uzi at the front door, you might scare away potential customers.

Again, like I said, I'm not too clued into what you're trying to do (put me down in the "I don't get it category"), so I may be off topic here. I am also a bit of a fan-boy when it comes to what Amazon does. So, I'd tend to look at store policies and tactics, once they implement something.

Fair comments. Maybe im trying too hard :)

It will be intersting though to see in the next 2/3 years how retailers combat these threats, there is technology making it possible now to have minimum security standards for users.

I dont think its good idea to discuss those kind of details here, If you are concerned about the risks running web servers I suggest you take some security training.

LOL :)

You should make them sign an agreement that they don't have cooties... you don't want your server getting cooties!