{"id":15379,"date":"2019-05-23T12:10:03","date_gmt":"2019-05-23T20:10:03","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2019\/05\/23\/news-9128\/"},"modified":"2019-05-23T12:10:03","modified_gmt":"2019-05-23T20:10:03","slug":"news-9128","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/05\/23\/news-9128\/","title":{"rendered":"Knowing when it\u2019s worth the risk: riskware explained"},"content":{"rendered":"

Credit to Author: Jovi Umawing| Date: Thu, 23 May 2019 19:22:47 +0000<\/strong><\/p>\n

If there\u2019s one thing I like more than trivia quizzes, it\u2019s quotes. Positive, inspirational, and motivational quotes. Quotes that impart a degree of ancient wisdom, or those that make you stop and consider. Reading them melts our fears, sorrows, and feelings of inadequacy away.<\/p>\n

Some of the most inspiring quotes urge us to take risks in order to find meaning. If you don\u2019t take risks, they say, you won\u2019t be able to achieve remarkable things. The biggest risk, they say, is not taking a risk at all.<\/p>\n

But when it comes to computer security, all that goes out the window. Taking risks on software you download onto your devices is not a recipe for success. Even if the programs are inherently benign, some may have features that can be used against you by those with malicious intent. No good can come of that. <\/p>\n

What are these risky programs you\u2019re talking about?<\/h3>\n

Did I lose you at “quotes?” That’s alright. These software programs that contain features that can easily be abused are known as riskware<\/a>. They may come pre-installed on your computing device or they are downloaded and installed by malware. <\/p>\n

How can something legit be a risk?<\/h3>\n

Such software was designed to have powerful features so it can do what it was programmed to do. Unfortunately, those same features can be used and\/or abused by threat actors as part of a wider attack or campaign against a target. Riskware contains loopholes or vulnerabilities that can be exploited by cybercriminals and the threats they develop.<\/p>\n

For example, there are monitoring apps available in the market that private individuals, schools, and businesses use to look after their loved ones, watch what their students are doing, or check employee activities. Those with ill intent could take over these apps to stalk certain individuals or capture sensitive information via logging keystrokes.<\/p>\n

\n

Read: When spyware goes mainstream<\/a><\/em><\/p>\n

\n

Riskware can be on mobile devices, too. On Android, there are apps created with an auto-install feature that have system-level rights and come pre-installed on devices; therefore, they cannot be removed (but can be disabled). The auto-installer we detect as Android\/PUP.Riskware.Autoins.Fota<\/a>, however, cannot be manually deactivated. Once exploited, it can be used to secretly auto-install malware onto susceptible devices.<\/p>\n

Note that if you install software that your anti-malware program<\/a> detects as riskware, then you need only make sure your security program is updated to stay safe.<\/p>\n

How can you tell which software is riskware?<\/h3>\n

There are varying levels of malicious intent and capabilities for all software. In fact, any program should be assumed to have potential flaws and vulnerabilities that can be exploited. However, there are criteria for determining what is considered malware vs. riskware, and which software is deemed “safe.”<\/p>\n

Pieter Arntz<\/a>, malware intelligence researcher and riskware expert, makes this clear when he said that riskware can be classified based on the risks to data and devices involved. <\/p>\n

\u201cIn my opinion, there are a few major categories of riskware, and you can split them up by type of risk they introduce,\u201d Arntz said. \u201cSome bring risk to the system because they introduce extra vulnerabilities, such as unlicensed Windows with updates disabled. Some bring risk to the user because having them is forbidden by law in some countries, such as hacking tools.\u201d<\/p>\n

Arntz continues: \u201cSome monitor user behavior. When this is by design, a software may be labelled as riskware rather than spyware. Some bring risk to the system because they are usually accompanied by real malware, and their presence can be indicative of an infection. [And] some bring risk to the user because their use is against the Terms of Service of other software on the system, such as cracks.\u201d<\/p>\n

What’s the difference between riskware and PUPs?<\/h3>\n

Riskware and potentially unwanted programs (PUPs) are similar in that their mere presence could open systems up to exploitation. So, it\u2019s no surprise that users might liken one to the other. However, there are different criteria for classifying riskware<\/a> and PUPs<\/a>.<\/p>\n

Programs might be termed riskware because they put the user at risk in some way by:<\/p>\n