Grayware

From Wikipedia, the free encyclopedia

Grayware^[1] is a general classification for applications that behave in a manner that is annoying or undesirable.^[2] Grayware encompasses spyware, adware, dialers, joke programs, remote access tools, and any other unwelcome files and programs apart from viruses that can harm the performance of computers on your network. The term has been in use since at least as early as September 2004. Antony Savvas. The network clampdown. Computer Weekly. Retrieved on 2007-01-20.

Grayware refers to applications or files that are not classified as viruses or trojan horse programs, but can still negatively affect the performance of the computers on your network and introduce significant security risks to your organization.[http://www.boll.ch/fortinet/assets/Grayware.pdf Fortinet WhitePaper PROTECTING NETWORKS AGAINST SPYWARE ADWARE AND OTHER FORMS OF GRAYWARE] (PDF). Retrieved on 2007-01-20. Often grayware performs a variety of undesired and threatening actions such as irritating users with pop-up windows, logging user key strokes, and exposing computer vulnerabilities to attack.

Contents 1 Types of Grayware 2 Gaining access to networks 3 Potential risks and threats 4 Footnotes

[edit] Types of Grayware

• Spyware is software that installs components on a computer for the purpose of recording Web surfing habits (primarily for marketing purposes). Spyware sends this information to its author or to other interested parties when the computer is online. Spyware often downloads with items identified as 'free downloads' and does not notify the user of its existence or ask for permission to install the components. The information spyware components gather can include user keystrokes, which means that private information such as login names, passwords, and credit card numbers are vulnerable to theft. Spyware gathers data, such as account user names, passwords, credit card numbers, and other confidential information, and transmits it to third parties.

• Adware is software that displays advertising banners on Web browsers such as Internet Explorer and Mozilla. While not categorized as malware, many users consider adware invasive. Adware programs often create unwanted effects on a system, such as annoying popup ads and the general degradation in either network connection or system performance. Adware programs are typically installed as separate programs that are bundled with certain free software. Many users inadvertently agree to installing adware by accepting the End User License Agreement (EULA) on the free software. Adware are also often installed in tandem with spyware programs. Both programs feed off of each other's functionalities - spyware programs profile users' Internet behavior, while adware programs display targeted ads that correspond to the gathered user profile. Adware displays advertisements and gathers data, such as Web surfing preferences that could be used for targeting future advertising at the user.

• Dialers are software programs that change client Internet settings and can force the client to dial preconfigured phone numbers through a modem. These are often pay-per-call or international numbers that can result it a significant cost to your organization.

• Joke programs are programs that cause a computer to behave abnormally, such as making the screen shake or modifying the appearance of the cursor.

• Remote access tools are software tools that help malicious hackers remotely access and control a computer.

[edit] Gaining access to networks

Spyware and other grayware often get into a corporate network when users download legitimate software that includes grayware applications in the installation package. Grayware applications often use ActiveX controls.

Most software programs include an End User License Agreement (EULA), which the user has to accept before downloading. Often the EULA does include information about the additional grayware application and its intended use to collect personal data; however, users often overlook this information or do not understand the legal terminology describing the application.

[edit] Potential risks and threats

Spyware and other types of grayware on your network have the potential to introduce the following:

• Reduced computer performance: To perform their tasks, grayware applications often use significant CPU and system memory resources.

• Increased Web browser-related crashes: Certain types of grayware, such as adware, are often designed to create pop-up windows or display information in a browser frame or bar. Depending on how the code in these applications interacts with system processes, grayware can sometimes cause browsers to crash or freeze and may even require a system reboot.

• Reduced user efficiency: Grayware can unnecessarily distract users from their main tasks by forcing them to close frequently occurring pop-up advertisements and deal with the negative effects of joke programs.

• Degradation of network bandwidth: Grayware often regularly transmits the data it collects to other applications running on your network or to locations outside of your network, using up your network bandwidth.

• Loss of personal and corporate information: Not all data that grayware applications collect is as simple as a list of Web sites users visited. Some grayware can also collect user names and passwords that allow access to both personal user accounts, such as a bank account, and corporate accounts on your network.

• Higher risk of legal liability: If computer resources on your network are hijacked, hackers may be able to utilize your computers to launch attacks or install grayware on computers outside your network. The participation of your network resources in these types of activities could leave your organization legally liable for damages incurred by third parties.

[edit] Footnotes