The (correct) detection of light grey software

Roel Schouwenberg Kaspersky Lab

As brought up in my article in Virus Bulletin (see VB, October 2005, p.6), a new type of 'malicious' software is on the rise which can be considered as 'light grey'.

Since then some of these programs have made the news, with the introduction of the WMF exploit by people wanting to promote their light grey software being the main headliner. Several security vendors have dubbed these programs as adware or spyware, but is this classification actually correct? There is more than meets the eye.

As ICT is evolving we are seeing an increase in requests to detect 'regular' programs, such as Skype for instance, which is known to be almost impossible to block on the network level. What kind of implications does this have? Which way should the AV industry move in order to protect not only its customers but also itself from a legal point of view?

This paper presents a view on these questions, along with some proposed answers.

VB Conferences

VB2011 (Barcelona)

VB2010 (Vancouver)

VB2009 (Geneva)

VB2008 (Ottawa)

VB2007 (Vienna)

VB2006 (Montréal)

VB2005 (Dublin)

VB2004 (Chicago)

VB2003 (Toronto)

VB2002 (New Orleans)

VB2001 (Prague)

VB2000 (Orlando)

VB99 (Vancouver)

VB98 (Munich)

VB97 (San Francisco)

VB96 (Brighton)

VB95 (Boston)

VB94 (Jersey)

VB93 (Amsterdam)

VB92 (Edinburgh)

VB91 (Jersey)

‘An excellent conference. The schedule ran very precisely and the flow of the conference was very good.’

Poll

Do you use the same password(s) across multiple websites?

Leave a comment
View 4 comments

Virus Bulletin

In this month's magazine:

Social networking meets social engineering
Flying solo
Geneva convention
7th German Anti Spam Summit 2009
Anti-phishing landing page: turning a 404 into a teachable moment
An update on spamming botnets: are we losing the war?
Windows Server 2008 Standard Edition SP2 x86

Subscribe now!

Virus Bulletin currently has 190,364 registered users.

Fighting malware and spam