Does this product contravene UK consumer protection legislation?

Your first response to a free software product is to accuse who is offering it of something illegal?

So, if you spot something being offered illegally, you download it first and then worry about whether it breaks the law? That sort of ethical stance might get you a criminal record, dude... ask the RIAA!  (I ought to point out that I dislike that organisation with a passion, as it protects no-one and nothing except the corporate self-interests of a handful of mega-corporations)

what is this Netproject prize you are referring to?

Eddie Bleasdale from Netproject Ltd offered a substantial sum of money many years ago (mid 1990s, I think) as a prize for anyone who could infect a properly-configured Linux machine with a virus... the point (obviously) was to re-inforce the fact that a Linux kernel, having been designed as a multi-user operating system, doesn't suffer from the inherent security weaknesses of Windows, which (due to its origins as a single-user consumer product with no formal security model and questionable reliability, e.g. due to memory leakage) will never be fit for purpose unless re-written from scratch.  That's why we have a whole generation of computer users who think that having to re-boot their computer a few times per week is a natural feature of computer operation.  No, it isn't!

Needless to say, no-one ever claimed the prize because, although Linux has vulnerabilities as does any software product, there can never be a Linux virus.

anti-virus running on a Mac or Linux machine can also be useful for detecting Windows virus

Agreed enthusiastically - I run Clam on my mail server for exactly that reason.  But Clam isn't anti-virus for Linux, it's anti-virus for Windows that just happens to run on Linux.  That's not the same thing at all, which is what I'm trying to point out here.

there may be one or many TOMORROW

No.  Vulnerabilities, yes... a self-replicating infectious item of computer malware, no.  If someone is silly enough to run untrusted software as root, and it turns out to be a malware trojan, then sure, that machine is compromised.  But where is the mechanism that provides, in userspace, a self-initiating infection vector on a properly-configured Linux machine that will compromise the machine?  That's what Netproject was prepared to pay for, and that's what no-one has ever demonstrated in over a decade!

If by that time you already have a running, self-updating anti-virus, you are automatically protected

No.  That's the language of scareware, and even Sophos will tell you that a heuristic approach to malware detection can never be 100% successful.  A zero-day exploit can nail a "virus-protected" Windows machine as surely as a completely-unprotected Windows machine, and you just can't invert that logically to prove that "anti-virus for Macs" will offer "automatic protection".

I'm at the front of the queue of supporters for the installation of anti-virus for Windows (although I don't use Windows at all myself!), indeed I'm amazed at the hypocrisy of Microsoft at selling anti-virus solutions when their own marketing people continually overrode the protests of their (few) security analysts, e.g. when things like the "preview" feature in Outlook and Outlook Express were implemented, thus making the product in a virus magnet - and of course ActiveX probably made virus writers burst into spontaneous applause!  But, at the end of the day, "anti-virus for Macs" is like selling "elephant repellant for cherry trees"... spraying it on and showing you have no elephants in your cherry tree doesn't prove that it really works!! :)

Your first response to a free software product is to accuse who is offering it of something illegal?

So, if you spot something being offered illegally, you download it first and then worry about whether it breaks the law? That sort of ethical stance might get you a criminal record, dude... ask the RIAA!  (I ought to point out that I dislike that organisation with a passion, as it protects no-one and nothing except the corporate self-interests of a handful of mega-corporations)

what is this Netproject prize you are referring to?

Eddie Bleasdale from Netproject Ltd offered a substantial sum of money many years ago (mid 1990s, I think) as a prize for anyone who could infect a properly-configured Linux machine with a virus... the point (obviously) was to re-inforce the fact that a Linux kernel, having been designed as a multi-user operating system, doesn't suffer from the inherent security weaknesses of Windows, which (due to its origins as a single-user consumer product with no formal security model and questionable reliability, e.g. due to memory leakage) will never be fit for purpose unless re-written from scratch.  That's why we have a whole generation of computer users who think that having to re-boot their computer a few times per week is a natural feature of computer operation.  No, it isn't!

Needless to say, no-one ever claimed the prize because, although Linux has vulnerabilities as does any software product, there can never be a Linux virus.

anti-virus running on a Mac or Linux machine can also be useful for detecting Windows virus

Agreed enthusiastically - I run Clam on my mail server for exactly that reason.  But Clam isn't anti-virus for Linux, it's anti-virus for Windows that just happens to run on Linux.  That's not the same thing at all, which is what I'm trying to point out here.

there may be one or many TOMORROW

No.  Vulnerabilities, yes... a self-replicating infectious item of computer malware, no.  If someone is silly enough to run untrusted software as root, and it turns out to be a malware trojan, then sure, that machine is compromised.  But where is the mechanism that provides, in userspace, a self-initiating infection vector on a properly-configured Linux machine that will compromise the machine?  That's what Netproject was prepared to pay for, and that's what no-one has ever demonstrated in over a decade!

If by that time you already have a running, self-updating anti-virus, you are automatically protected

No.  That's the language of scareware, and even Sophos will tell you that a heuristic approach to malware detection can never be 100% successful.  A zero-day exploit can nail a "virus-protected" Windows machine as surely as a completely-unprotected Windows machine, and you just can't invert that logically to prove that "anti-virus for Macs" will offer "automatic protection".

I'm at the front of the queue of supporters for the installation of anti-virus for Windows (although I don't use Windows at all myself!), indeed I'm amazed at the hypocrisy of Microsoft at selling anti-virus solutions when their own marketing people continually overrode the protests of their (few) security analysts, e.g. when things like the "preview" feature in Outlook and Outlook Express were implemented, thus making the product in a virus magnet - and of course ActiveX probably made virus writers burst into spontaneous applause!  But, at the end of the day, "anti-virus for Macs" is like selling "elephant repellant for cherry trees"... spraying it on and showing you have no elephants in your cherry tree doesn't prove that it really works!! :)