Sophos' Graham Cluley has told TechRadar that the BBC's botnet experiment put innocent people's PCs at risk, and that the corporation should not try to justify the exercise as being in the public interest.
With Prevx's Jacques Erasmus saying that the message that the BBC's decision to hire a botnet for a news item was justified, the controversy over the decision has yet to die down.
However, Cluley, who commented on TechRadar's original news piece, is adamant that Erasmus – who aided the BBC in the venture – is not right to suggest that the message was the key thing.
"I think you can just as easily demonstrate this without using people's computers without their permission," Cluley told TechRadar.
"They could have used BBC computers. There was no need to break the law and risk people's computers by doing it.
"It sets a really bad example for others; how would the BBC feel if Chinese state television conducted this kind of thing? I'd imagine the BBC would be pretty annoyed.
"There are innocent people involved here, and the laws are there for a reason. I think the first thing to ask is if the BBC accepts that they broke the law."
No ulterior motive
Cluley also responded to suggestions that security companies have an ulterior motive in criticising the decision.
"I don't believe that we had a hidden agenda of "having a go" at PrevX," added Cluley, whose popular blog has more information.
"In fact, most of our focus has been on the BBC, who appear to have been the ones who broke the law rather than the software company that appeared alongside them."