Virus Bulletin 2011: Fake but free…

ESET had quite a strong representation at Virus Bulletin this year in Barcelona, as David Harley mentioned in his post prior to the conference.

On the first day, Pierre-Marc Bureau presented his findings about the Kelihos botnet, David Harley and AVG’s Larry Bridwell discussed the usefulness and present state of AV testing, and to finish the day, Juraj Malcho gave an exciting presentation on the current situation in the AV industry.

On the second day, our Russian colleagues Eugene Rodionov and Aleksander Matrosov explained modern bootkits’ capabilities for bypassing security features of 64-bit versions of Windows (mainly kernel-mode code signing policy), using the examples of Win64/Olmarik (TDL4) and Win64/Rovnix.

And before the closing of the conference on the last day, when Pierre-Marc took part in a panel discussion on the strategies of tackling botnets, I presented the current situation regarding grayware – the problematic category of software that includes ad-supported software, PUAs (potentially unwanted applications), and so forth.

This kind of malware is quite distinct from the typical trojans, worms and viruses, and poses its own difficulties for our Malware Research Lab. The challenges are not of a technical matter, such as we face with advanced rootkits, or viruses that require cleaning, but each of these “gray” or dubious applications requires us to carefully consider whether it should be detected or not. And another big difference is that, unlike the authors of regular trojans, the companies behind grayware are known and often legitimate-looking. These issues, obviously, lead to a conflict of interests, and rarely do grayware authors not complain about the detection of their software.

Juraj Malcho already addressed this topic in his presentation Is there a lawyer in the lab? from Virus Bulletin 2009. This year, we looked at how the grayware situation has evolved in two years, how we are handling the difficult struggle against scareware and potentially unwanted applications, and asked whether there is hope for a “junk-free” Internet.

The whitepaper can be downloaded here, courtesy of Virus Bulletin, which holds the copyright: Fake but free and worth every cent and further details on how ESET interprets the PUA category can be found in the whitepaper by Aryeh Goretsky: Problematic, Unloved and Argumentative: What is a potentially unwanted application (PUA)?

Author Robert Lipovsky, ESET

  • R. Dale Barrow

    If I might make a suggestion … by all means detect "grayware" but let me decide how strict I want the filter to be.  Light grey if I want to see all this crap or dark grey for "don't dazzle me with this B.S.  I'm sure ESET can't do the impossible right away but how about the miraculous?  Thanks!

    • Aryeh Goretsky

      Hello,

      ESET does actually allow the computer’s operator determine whether or not to allow the download and installation Potentially Unwanted Applications. This is one of the settings ESET’s software prompts for during installation, and can changed at any time after installation. For more information, see ESET Knowledgebase Article # 2198, How do I configure my ESET security product to detect or ignore unwanted or unsafe applications?.

      Regards,

      Aryeh Goretsky

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.