What is Riskware or Grayware?
As with other things in life, there are no absolutes. There's always something in the
middle that can either be good or bad depending on the circumstances surrounding it.
The same is true in software. As there are benign and malicious programs, there are also
programs that are walking the thin line between the two. They are called riskware.
Riskware are computer programs that possess features that have the potential to be
dangerous. What makes this software dangerous lies in the motivation of the person
behind it and/or its possible effect on the user.
Think of a gun. If a person's motivation is to use that gun to kill someone then that
gun becomes a dangerous weapon, but in the hands of the police, it becomes an effective
tool to maintain peace and order. We all know that when a gun is used, its effect on the
one being shot might be deadly. Also, just brandishing or pointing the gun will already
have an effect. A person at the end of the barrel might react in a way that will prove
to be detrimental.
Classification of Riskware
Riskware is usually classified based on its function or behavior. The following are the
common types of riskware:
• Hacker tools
Spyware is software that collects information without the victim's knowledge. It can easily
be classified as an information stealer because of its functionality. But the main difference
it has with malicious information stealers is that spyware is packaged as commercial software.
It is purchased and used by someone who has physical access to or owns the computer system
where it is installed. For example, it can be used by a parent who wants to monitor a child's
activity while on the computer or by someone who wants to spy on a spouse's online activities.
The use of spyware clearly violates the victim's privacy, and in some states is illegal. But
in some cases, the use of spyware is acceptable as long as the monitored user is aware of this.
An example of this is an office setting wherein the employees are made aware that their online
activities are being recorded by the company every time they use company systems.
Adware is riskware that displays ads in the form of pop-ups. Some adware comes preloaded with
ads to be displayed, while some track users' online browsing behavior and displays ads based
on their tracked behavior.
Aside from it being a nuisance because of the number of pop-up ads that appear, causing disruption
to the user, it invades the privacy of the users by monitoring online activities to produce targeted ads.
Hacker tools are system admin tools in the wrong hands. For example, network security tools
used to map and secure the network can be used by hackers to map a target network. Again, going
back to the gun analogy, it is the motive behind the use of the tools.
A joke program is a program that is not really malicious but its effect on the user is what
makes it dangerous. It might cause the user to do something to the system. For example, a joke
program that displays a message saying that the computer has been destroyed and needs formatting
might convince the user enough to actually format the drive. It sounds funny but the effect can
be significant, especially if the syatem being formatted contains important data or is a critical
system within the company.
Another classic example is Microsoft Sysinternal's Blue Screen of death (BSOD) screensaver on a
server. If someone had no idea that it is just a screen saver and saw it in a server, that sys
admin might be alarmed and reboot the server in an attempt to fix it.
This is an excerpt from:
Malware, Rootkits & Botnets A Beginner's Guide