Riskware defines any legitimate programs that pose potential risks due to security vulnerability, software incompatibility, or legal violations. Typically, risks pertain to malicious cyber criminals exploiting programs that handle sensitive data or admin-level processes. Misuse of riskware is done to steal data, hijack computer systems, or cause disruptions.
These programs are not designed to be malicious — but they do have functions that can be used for malicious purposes. When used with bad intentions, the riskware program can be viewed as malware. This grey area of safety makes riskware an especially challenging threat to manage.
Unfortunately, cyber security protections cannot simply manage these threats for you. Antivirus solutions leave the decision-making in your hands to avoid damaging your system and taking away tools you’d like to keep. As a result, it’s up to you to be aware of the risks from software on your system.
In this article, we’ll help you understand the dangers of riskware.
Along the way, we will answer some common questions around this cyber threat:
To begin, let’s start with why riskware exists and explain how it works.
Riskware is best understood as programs offering access to special functions at the cost of security or legality.
Generally, a computer program will have some level of system access to function properly. Other software has to have more extensive access to data or functions of a computer device.
Software with deeper functionality can provide many valuable tools and features to endpoint users and technical support staff. Namely, some benefits might include user monitoring, personalization, and modifying applications to bypass tedious aspects of use.
However, risks come with the use of particularly sensitive data or unethical practices.
This risky software usually leaves systems or users vulnerable in one of two major ways.
Riskware will typically use some of the following functions:
In many cases, riskware can only be explicitly defined as “compromised” or “misused” if it is truly being used in an illegal, unethical, or unintended way.
For example, weather apps use GPS location data for real-time weather updates at your current location. If exploited via a security vulnerability, malicious criminals could hijack your app and spy on your location. Since weather apps are not illegal or malicious but the abuse of them is — they could be considered by some as riskware.
Due to the wide variation in the types of riskware, levels of risk vary. Learning more about riskware types will help you gauge the scope of threats posed by your software.
An exhaustive list of riskware types is impractical since many programs can pose risks. That said, riskware malware has been known to often include the following types of programs:
Rather than focus on specific types of riskware, it’s more effective to label them by the types of risks they introduce. Riskware can generally be grouped based on several types of risks they introduce to your computer and mobile devices.
Modifying software or using external programs to circumvent the original design may disable built-in safety features.
For example, fraudulently licensed copies of paid operating systems like Windows will not receive security patches. To keep the illegitimate license from being voided, this type of software disables all interaction with the software vendor’s servers. This prevents all updates, including fixes for security issues that the vendor has discovered.
Poorly designed software or outdated software can also create gaps in your device’s security. If it has not been coded and tested with security in mind, the program may make an easy target for hackers. Outdated software may no longer be supported with security fixes, also making an ideal target for malicious criminals.
Software that breaks the governing laws of your region can also be placed in the riskware category. However, many types of software tread a fine line of legality depending on their use.
As an example, surveillance software may be completely legal or illegal depending on its use. Employee monitoring software in the United States is widely regarded as legal, provided the employer can give legitimate business-related reasoning.
While tools like legitimate keyloggers can watch an employee’s every action on workplace property, this could be a legal risk if non-business private data is stored. In cases of law-breaking use, this software would be considered spyware rather than riskware.
Other software is explicitly illegal and can be seen more as malware than riskware. However, even these can have valid reasons for use. For example, hacking tools are malicious when used by black-hat hackers to compromise systems they do not own. The same tools could be used by white-hat hackers to internally test a company’s software and discover security vulnerabilities.
Monitoring user behavior generally is a riskware identifier because of the dangers around data collection. While this type of software already has legal risks, data gathered can also be exposed to hackers.
Surveillance software leaves users open to several device security risks. Some parents have been known to use monitoring software on their children’s mobile phones. If the software vendor has not prepared against hackers, their servers could be infiltrated. As a result, unwanted eyes could now be eavesdropping on the location of children.
User feedback for product development can be equally risky for monitored users and the company itself. As an example, large companies that gather a lot of user data can make fruitful targets for cybercriminals.
Enterprise data breaches have been known to expose user’s passwords and more. If keylogger data was exposed, this could have identity theft implications and damage a company’s reputation permanently.
Riskware can easily be a gateway for malware if bundled with it or modified for misuse.
Co-installations with malware have been known to occur — especially in cases of shareware. When installing new programs, bundled software may attempt to install unless you opt-out. Bundled software can be safe, but some secondary programs may be from third parties that have not been properly vetted for safety. The initial application would be considered riskware because of the danger it introduces.
Adware is an equally risky program type to download and use. Just as secondary bundled software may not be checked, ads displayed in free sponsor-supported applications may pose their lack of quality control. Since malicious ads could display and lead to unsafe websites or downloads, adware can be considered a form of riskware.
When software breaches the use terms for another program, it is also inherently riskware.
To explain, cracking software can be an explicit violation of another software’s terms of service. This type of software is used to remove or disable copy protections and falsely authorize the use of illegally obtained software. However, its use can be used for reputable purposes that make it riskware rather than definitive spyware.
Software such as cracking programs can be used for internal product research-and-development or educational purposes, where it is completely legal to use. White-hat hackers may reverse engineer software to discover ways to patch against malicious use of TOS-violating riskware.
Endpoint users are the biggest points of impact resulting from riskware misuse and exploitation. Most of the issues you may face can be simplified to the following core problems:
In many cases, legitimate riskware can be modified to function as malware. Then, the attacker would distribute it either as a direct attack or a backdoor for loading other malware onto your system.
With so many legitimate programs that malicious users can employ for illicit purposes; it can be difficult for users to decide which programs represent a risk. For example, remote administration programs are often used by systems administrators and helpdesks for diagnosing and resolving problems that arise on a user’s computer.
However, if such a program has been installed on your computer by a malicious user, that user will have remote access to your computer. With full control unauthorized over your machine, the malicious user will be able to use your computer in virtually any way they wish.
Kaspersky has recorded incidents in which legitimate, remote administration programs have been secretly installed to obtain full remote access to a computer. Notable programs include those such as WinVNC (VNC being short for “virtual network computing”).
In another example, the mIRC utility — a legitimate internet relay chat (IRC) network client — can be misused by malicious users. Trojan programs that use mIRC functions to deliver a malicious payload are regularly identified by Kaspersky. Just like with remote admin programs, these are used without the user’s permission.
Often, malicious programs will install the mIRC client for later malicious use. In such cases, mIRC is usually saved to the Windows folder and its subfolders. So, if mIRC is detected in these folders, it almost always means that the computer has been infected with a malicious program.
You probably understand by now that riskware is only as dangerous as the actions it can take. Unfortunately, this makes more serious riskware threats harder to spot.
To make your search easier, ask yourself the following questions:
Of course, simply spotting this software is not enough — you’ll have to manage your riskware and protect against misuse as well.
Riskware can be difficult to protect against since you’ll have to take caution with any software you use. However, having a helping hand to spot possible risks can make the task easier. To prevent riskware attacks, start your protection off with antivirus software, and support it with safe computer use habits.
Since there may be legitimate reasons why riskware is present on your computer, antivirus solutions may not be able to determine whether a specific item of riskware represents a threat to you. Kaspersky’s products let you decide whether you wish to detect and remove riskware.
There can be many reasons why you suspect that a riskware program has been detected by Kaspersky’s antivirus engine.
For example, if you didn’t consent to the installation of the program and you don’t know where the program came from, or if you’ve read a description of the program on Kaspersky’s website and you now have concerns over its safety. In such cases, Kaspersky’s antivirus software will help you to get rid of the riskware program.
For cases where riskware programs are detected, but you’re confident that these are programs that you have consented to, you may decide that the riskware programs are not harming your devices or data.
Kaspersky products let you disable the option to detect these programs — or let you add specific programs to a list of exceptions — so that the antivirus engine doesn’t flag this riskware as malicious.
Beyond basic antivirus setup and usage tips, guarding against riskware depends on smart computer use behaviors.
Generally, you should use a few basic principles when installing or using programs:
Beyond the basics, try out the following tips that could help you get closer to total security:
Protect yourself against riskware today — try Kaspersky Total Security.