content/en-global/images/repository/isc/2017-images/malware-img-51.jpg

Riskware Definition

Riskware defines any legitimate programs that pose potential risks due to security vulnerability, software incompatibility, or legal violations. Typically, risks pertain to malicious cyber criminals exploiting programs that handle sensitive data or admin-level processes. Misuse of riskware is done to steal data, hijack computer systems, or cause disruptions.

These programs are not designed to be malicious — but they do have functions that can be used for malicious purposes. When used with bad intentions, the riskware program can be viewed as malware. This grey area of safety makes riskware an especially challenging threat to manage.

Unfortunately, cyber security protections cannot simply manage these threats for you. Antivirus solutions leave the decision-making in your hands to avoid damaging your system and taking away tools you’d like to keep. As a result, it’s up to you to be aware of the risks from software on your system.

In this article, we’ll help you understand the dangers of riskware.

Along the way, we will answer some common questions around this cyber threat:

  • What does riskware do?
  • How can malicious parties manipulate riskware?
  • What are some typical types of riskware?
  • How does riskware compromise your devices or safety?
  • Are there ways you can spot riskware threats?
  • How can you prevent riskware attacks and other problems?

To begin, let’s start with why riskware exists and explain how it works.

How Riskware Works

Riskware is best understood as programs offering access to special functions at the cost of security or legality.

Generally, a computer program will have some level of system access to function properly. Other software has to have more extensive access to data or functions of a computer device.

Software with deeper functionality can provide many valuable tools and features to endpoint users and technical support staff. Namely, some benefits might include user monitoring, personalization, and modifying applications to bypass tedious aspects of use.

However, risks come with the use of particularly sensitive data or unethical practices.

This risky software usually leaves systems or users vulnerable in one of two major ways.

  1. Data and program exploits — due to vulnerability of program misuse or data breaches.
  2. Legal risks — due to blatant abuse of privacy or illegal attempts to modify programs.

Riskware will typically use some of the following functions:

  • Access to system kernel — data at the system’s core
  • Access to vital system operation areas — registry, internet functionality protocols, etc.
  • Access to data-gathering hardware — GPS, microphone, camera, etc.
  • Modifying programs — changing code, disabling features, etc.

In many cases, riskware can only be explicitly defined as “compromised” or “misused” if it is truly being used in an illegal, unethical, or unintended way.

For example, weather apps use GPS location data for real-time weather updates at your current location. If exploited via a security vulnerability, malicious criminals could hijack your app and spy on your location. Since weather apps are not illegal or malicious but the abuse of them is — they could be considered by some as riskware.

Due to the wide variation in the types of riskware, levels of risk vary. Learning more about riskware types will help you gauge the scope of threats posed by your software.

Common Types of Riskware

An exhaustive list of riskware types is impractical since many programs can pose risks. That said, riskware malware has been known to often include the following types of programs:

  1. Remote support utilities
  2. Internet relay chat (IRC) clients
  3. Dialer programs
  4. File downloaders
  5. Computer activity monitoring software
  6. Password management utilities
  7. Internet server services – such as FTP, web, proxy, and telnet
  8. Auto-installers (on mobile platforms)

Rather than focus on specific types of riskware, it’s more effective to label them by the types of risks they introduce. Riskware can generally be grouped based on several types of risks they introduce to your computer and mobile devices.

Software that Creates Unneeded Vulnerabilities

Modifying software or using external programs to circumvent the original design may disable built-in safety features.

For example, fraudulently licensed copies of paid operating systems like Windows will not receive security patches. To keep the illegitimate license from being voided, this type of software disables all interaction with the software vendor’s servers. This prevents all updates, including fixes for security issues that the vendor has discovered.

Poorly designed software or outdated software can also create gaps in your device’s security. If it has not been coded and tested with security in mind, the program may make an easy target for hackers. Outdated software may no longer be supported with security fixes, also making an ideal target for malicious criminals.

Software that Violates Laws

Software that breaks the governing laws of your region can also be placed in the riskware category. However, many types of software tread a fine line of legality depending on their use.

As an example, surveillance software may be completely legal or illegal depending on its use. Employee monitoring software in the United States is widely regarded as legal, provided the employer can give legitimate business-related reasoning.

While tools like legitimate keyloggers can watch an employee’s every action on workplace property, this could be a legal risk if non-business private data is stored. In cases of law-breaking use, this software would be considered spyware rather than riskware.

Other software is explicitly illegal and can be seen more as malware than riskware. However, even these can have valid reasons for use. For example, hacking tools are malicious when used by black-hat hackers to compromise systems they do not own. The same tools could be used by white-hat hackers to internally test a company’s software and discover security vulnerabilities.

Software that Monitors User Behavior

Monitoring user behavior generally is a riskware identifier because of the dangers around data collection. While this type of software already has legal risks, data gathered can also be exposed to hackers.

Surveillance software leaves users open to several device security risks. Some parents have been known to use monitoring software on their children’s mobile phones. If the software vendor has not prepared against hackers, their servers could be infiltrated. As a result, unwanted eyes could now be eavesdropping on the location of children.

User feedback for product development can be equally risky for monitored users and the company itself. As an example, large companies that gather a lot of user data can make fruitful targets for cybercriminals.

Enterprise data breaches have been known to expose user’s passwords and more. If keylogger data was exposed, this could have identity theft implications and damage a company’s reputation permanently.

Software that Provides Access for Malware

Riskware can easily be a gateway for malware if bundled with it or modified for misuse.

Co-installations with malware have been known to occur — especially in cases of shareware. When installing new programs, bundled software may attempt to install unless you opt-out. Bundled software can be safe, but some secondary programs may be from third parties that have not been properly vetted for safety. The initial application would be considered riskware because of the danger it introduces.

Adware is an equally risky program type to download and use. Just as secondary bundled software may not be checked, ads displayed in free sponsor-supported applications may pose their lack of quality control. Since malicious ads could display and lead to unsafe websites or downloads, adware can be considered a form of riskware.

Software that Violates TOS of Other Software

When software breaches the use terms for another program, it is also inherently riskware.

To explain, cracking software can be an explicit violation of another software’s terms of service. This type of software is used to remove or disable copy protections and falsely authorize the use of illegally obtained software. However, its use can be used for reputable purposes that make it riskware rather than definitive spyware.

Software such as cracking programs can be used for internal product research-and-development or educational purposes, where it is completely legal to use. White-hat hackers may reverse engineer software to discover ways to patch against malicious use of TOS-violating riskware.

How Riskware Can Affect You

Endpoint users are the biggest points of impact resulting from riskware misuse and exploitation. Most of the issues you may face can be simplified to the following core problems:

  1. System hijacks and unauthorized system access
  2. Legal complications
  3. Computer system or network disruptions

In many cases, legitimate riskware can be modified to function as malware. Then, the attacker would distribute it either as a direct attack or a backdoor for loading other malware onto your system.

With so many legitimate programs that malicious users can employ for illicit purposes; it can be difficult for users to decide which programs represent a risk. For example, remote administration programs are often used by systems administrators and helpdesks for diagnosing and resolving problems that arise on a user’s computer.

However, if such a program has been installed on your computer by a malicious user, that user will have remote access to your computer. With full control unauthorized over your machine, the malicious user will be able to use your computer in virtually any way they wish.

Kaspersky has recorded incidents in which legitimate, remote administration programs have been secretly installed to obtain full remote access to a computer. Notable programs include those such as WinVNC (VNC being short for “virtual network computing”).

In another example, the mIRC utility — a legitimate internet relay chat (IRC) network client — can be misused by malicious users. Trojan programs that use mIRC functions to deliver a malicious payload are regularly identified by Kaspersky. Just like with remote admin programs, these are used without the user’s permission.

Often, malicious programs will install the mIRC client for later malicious use. In such cases, mIRC is usually saved to the Windows folder and its subfolders. So, if mIRC is detected in these folders, it almost always means that the computer has been infected with a malicious program.

How to Spot Potential Riskware Threats

You probably understand by now that riskware is only as dangerous as the actions it can take. Unfortunately, this makes more serious riskware threats harder to spot.

To make your search easier, ask yourself the following questions:

  1. Do I know how this software ended up on my system? Sometimes, some riskware is native to your operating system. Regardless, the permissions of all software should ideally be directly authorized by you. If not, you should consider that a red flag.
  2. What permissions does this application have? Registry access, camera, microphone, contacts, and other expansive permissions can be an inherent hazard for your safety.
  3. Does this software still receive updates from its developer? Unsupported software is often probed by hackers for vulnerabilities in hopes that users are continuing to use it and expose themselves. Be mindful of this risk if using an outdated OS or apps.
  4. Does this software allow me to do something illegal? Despite some software walking a grey area of legality, most pirated programs or copy protection disablers are not legal. Avoid using programs designed for fraud activity to stay safer.
  5. Does this software breach the terms of service for another app? Be sure to read terms of service for programs that interact with each other. Software that augments or disables intentional features of another program may be a blatant violation.

Of course, simply spotting this software is not enough — you’ll have to manage your riskware and protect against misuse as well.

How to Prevent Riskware Attacks

Riskware can be difficult to protect against since you’ll have to take caution with any software you use. However, having a helping hand to spot possible risks can make the task easier. To prevent riskware attacks, start your protection off with antivirus software, and support it with safe computer use habits.

Since there may be legitimate reasons why riskware is present on your computer, antivirus solutions may not be able to determine whether a specific item of riskware represents a threat to you. Kaspersky’s products let you decide whether you wish to detect and remove riskware.

Detecting and removing Riskware

There can be many reasons why you suspect that a riskware program has been detected by Kaspersky’s antivirus engine.

For example, if you didn’t consent to the installation of the program and you don’t know where the program came from, or if you’ve read a description of the program on Kaspersky’s website and you now have concerns over its safety. In such cases, Kaspersky’s antivirus software will help you to get rid of the riskware program.

Choosing not to detect Riskware

For cases where riskware programs are detected, but you’re confident that these are programs that you have consented to, you may decide that the riskware programs are not harming your devices or data.

Kaspersky products let you disable the option to detect these programs — or let you add specific programs to a list of exceptions — so that the antivirus engine doesn’t flag this riskware as malicious.

Tips to Prevent Riskware Attacks

Beyond basic antivirus setup and usage tips, guarding against riskware depends on smart computer use behaviors.

Generally, you should use a few basic principles when installing or using programs:

  1. Limit the programs that run with admin-level permissions.
  2. Read ALL terms of service for programs for legal reasons.
  3. Eliminate any software that is inhibiting other important software from functioning properly.
  4. Avoid illegal or explicit downloads on your devices.

Beyond the basics, try out the following tips that could help you get closer to total security:

  • Only download programs and mobile apps through official vendors.
  • Always read prompts and terms before progressing through any program installer.
  • Only keep programs you have authorized for use on your system.
  • Limit administrator privileges and other deep system access. On traditional computers, you should avoid running programs as an administrator pro.
  • Create and use a secondary non-admin level account for daily use. Only use your primary admin-level account for software installations and other specific uses. Day-to-day use on a non-admin account restricts some exploitable riskware from running, reducing the dangers.
  • Avoid software that asks for a lot of permissions — for no valid reason. For example, a weather app might have good reason to request access to your location. However, it probably has no reason to ask you for access to your contacts.

Protect yourself against riskware today — try Kaspersky Total Security.

Related articles:

What is Riskware?

Kaspersky Logo