It enables a user to control a computer running the Microsoft Windows operating system from a remote location.

[1][2][3][4][5] This classification is justified by the fact that BO2k can be installed by a Trojan horse, in cases where it is used by an unauthorized user, unbeknownst to the system administrator.

There are several reasons for this, including: the association with cDc; the tone of the initial product launch at DEF CON[6] (including that the first distribution of BO2k by cDc was infected by the CIH virus[7]); the existence of tools (such as "Silk Rope"[8]) designed to add BO2k dropper capability to self-propagating malware; and the fact that it has actually widely been used for malicious purposes.

[9][10][11] The most common criticism is that BO2k installs and operates silently, without warning a logged-on user that remote administration or surveillance is taking place.

[13] BO2k developers counter these concerns in their Note on Product Legitimacy and Security, pointing out—among other things—that some remote administration tools widely recognized as legitimate also have options for silent installation and operation.