The State Of Grayware On the PC

Checkers and Pogo writes "Grayware inhabits a murky area between pure malware and useful apps, and it's a growing problem. 38.1% of all malicious PC software falls into the grayware category, and so-called 'grayware 2.0' is targeting social-networking sites. Ars Technica's Jeremy Reimer notes, 'The "threat" of rogue applications like SuperWall wasn't immediately obvious: they seemed more like annoyances than real security risks. But as users entered more and more personal information into their Facebook accounts, it became clear that the possibilities for abuse were rampant. For example, because Facebook allows users to "tag" photos with the names of friends, it is possible for third-party apps to distribute photos that a user might only want to be seen by their inner circle of friends.'"

Goddamn BonziBUDDY

Yeah, WinAmp was bad. But I'll never forget the day in college when my roommate downloaded and installed BonziBUDDY [wikipedia.org] on my computer!

That goddamn ad injecting mal-ware sporting purple gorilla that was based on the dead soul of Clippy can rot in hell for eternity!

There's "free" as in gratis and libre and then there's a third kind of "free" as in wake-up-in-a-bathtub-packed-with-ice-minus-one-kidney free.

Re:Goddamn BonziBUDDY

NOOOO stop bringing up BONZI BUDDY! What we thought would be an amusing evening of getting a purple gorilla to say things like "punch me in the testicles" and various "yo momma" jokes turned into a nightmare that can only be compared to when all the people in the beginning of Ghost Ship get cut in half by a cable and it looks really fake and lame but still gross. Only intead of a ship it was my computer, and instead of a cable, it was Bonzi. After much kung fu, I banished him from our dorm room, but he still haunts me in my dreams.

Re:Goddamn BonziBUDDY

My daughter, then 13, was a big fan of the purple gorilla, and had so many damn toolbars there was hardly any room for content in the browser. And let's not forget Gator!! "Dad, just click 'Allow' - that's what I do, it's quicker."

Re:Goddamn BonziBUDDY

Like this [ytmnd.com]?

Re:

Gator [wikipedia.org] was a piece of shit too. I can recall stumbling upon that wondering how it got there and why and then taking the time to find out how to remove it completely. Awful.
In terms of facebook, which I'm contemplating removing all my pictures/info from and

Re:Goddamn BonziBUDDY

Arrgh, Gator... Don't get me started. One place I worked (not gonna name it, could get in trouble), all the secretaries had that damned thing on their systems cause of the cute kitten cursors they offered. We'd have to take the machine and most the times just restage it to clean it and hand it back. A few days later, gator was back. They wanted their cute kitten cursors. Eventually the net admin for that facility just blocked the gator site outright. He was forced to unblock it when a score of unhappy secretaries descended upon administration wanting their 'harmless kitty icons'. "But they're kittens! Who doesn't love kittens?!" *sigh*

Re:Goddamn BonziBUDDY

Yeah, WinAmp was bad

Ok buddy thanks a lot. Winamp is my second favorite media player (XMMS is my favorite). You made me RTFA.

In the heady days of the dot com boom, many software companies were happy enough to give out free software and trust that the money would somehow arrive later, magically (some, like the authors of WinAmp, would live to see this happen when their company was bought by America Online). Other companies released trial or demo copies of their software which could be unlocked for a fee.

That was the only place in TFA the word "winamp" appeared.

So what was/is so bad about winamp? Yeah XMMS is better but afaik it won't run in Windows.

For the uninformed

These are the most popular examples of Grayware - avoid whenever possible:
-Norton anything
-Mcaffee anything
-Microsoft anything
-Myspace anything
-Facebook anything
-Sony anything
-iTunes
-"Quick"time
-Realplayer

Also:
-Never click on the duck
-Never click on the monkey
-Never click on the blinkenlights
-Never click on "yes" or "I agree" -If you still manage to get a popup, consult your country's extrortion laws

You've been warned.

Re:Mod parent up

That's simple, he was modded down because he spoke ill of Apple (iTunes). He may as well have called Ron Paul malware, said an "in soviet russia", or said that Microsoft had a good idea, because the same thing would have happened. I like to get those all out of the way in the same post when I know I have to violate a Slashdot bi-law.

Re:

I think the issue is that the list is a bit too long and some names should be explained.

I can vouch for McAffee and Norton. They both claim to be "included" for free in all kinds of packages (computers, ISP subscriptions) but in reality, they just ship y

There is no Dana, only Zuul.

The article defines this "greyware" "vectors of attack." PROTIP: If the software has any sort of vector to launch any sort of attack on any machine, it is malware, pure and simple. Calling it "greyware" is a whitewash of some dark stuff.

MOD PARENT UP

Even coining the term 'greyware' is just a form of social engineering. "Oh it can't be THAT bad. I mean, it's grey, not black."

Malware is malware. If it looks like a duck and quacks like a duck, I call it a duck. There is no such thing as 'greyware'.

Re:MOD PARENT UP

Well, I was originally gonna post something about DRM being grayware, since there's an arguably useful thing (media) with something else harmful (DRM) piggybacking on it. But if grayware is a sham term, then I guess that just means that DRM really is malware.

Suck it, Sony!

5 pages

Ok, /.ers don't RTFA anyway but I'll sum up the 5 pages. History of malware...gator....trojans et al....there will always be malware that avoids detection...in the future mobile devices are going to be targeted more than they are now. Constantly updating browsers are good...yadda yadda...don't be stupid and be skeptical.
Tada!

Re:

don't be stupid and be skeptical

Or, to be more precise, don't be a dick.

Re:

A virus isn't really in the same class as this malware. They're calling it "greyware" because it doesn't try to fuck up your PC, it adds "services" which are dodgy and expose you to all kinds of interesting privacy and security exploitation. The first vi

OH MY GOD !!

For example, because Facebook allows users to "tag" photos with the names of friends, it is possible for third-party apps to distribute photos that a user might only want to be seen by their inner circle of friends.

I can't even conceive of a threat to national security larger than this!

Re:OH MY GOD !!

I know! I mean, it's not like Nazi/Adult Baby BDSM parties are actually illegal. What do I care if my personal pictures of myself dressed as Hitler in diaper getting spanked by a fat cross dressing Eva Braun get distributed over the web? Sheesh, some people are SO whiney!

Re:OH MY GOD !!

Stop posting on slashdot, and go back to running your campaign for election please!

Re:OH MY GOD !!

>It's about damn time we made a law about people mentioning Godwin's Law.

And it shall be named... Hitler's Law.
Infinite recursion for great justice!

Shades of Gray

If we're going to start using the term "grayware" to describe software that falls somewhere between a useful application and a piece of malware, then we need to start using the term "blackware" to refer to malware, and "whiteware" to refer to useful software. By the same token, some software could be "light gray ware," other could be "dark gray ware," et cetera. Whiteware that contains exploitable bugs should be termed "off-white ware" and security software which would otherwise be termed whiteware but could be used by a malcontent for evil purposes should be termed "whiteware with black polka dots." We could further extend this concept to include whiteware that could be dangerous if misused, such as software that controls a nuclear rocket; such software would be termed "redware." Software that helps the environment would be called "greenware." Now all we need is something for "blueware" and we can use the entire color space to describe a computer program.

Re:Shades of Gray

If we're going to start using the term "grayware" to describe software that falls somewhere between a useful application and a piece of malware, then we need to start using the term "blackware" to refer to malware, and "whiteware" to refer to useful software [...] We could further extend this concept to include whiteware that could be dangerous if misused, such as software that controls a nuclear rocket; such software would be termed "redware." Software that helps the environment would be called "greenware." Now all we need is something for "blueware" and we can use the entire color space to describe a computer program.

Don't be silly. This is a highly technical forum.

You have to include hex codes.

blackware = 0x000000
grayware = 0x808080
light gray ware = 0xC0C0C0
off-white ware = 0xE0E0E0
whiteware w/black polka dots = 0xFFFFFF + (0x000000 * $chance_of_exploit)
whiteware = 0xFFFFFF

redware = 0xFF0000
greenware = 0x00FF00
blueware = 0x0000FF

And of course:

tupperware = Varies by kitchen [tupperwareindia.com]
underware = 0xyoudontwannaknow

"Greyware"? So let me get this straight . . .

If I rob a bank, I'm a felon.

If I'm hired to analyze security for a bank and use the knowledge I acquired during my analysis to rob the bank, I'm only guilty of a misdemeanor?

Re:"Greyware"? So let me get this straight . . .

Guilty? you weren't very good, were you?

What were they thinking?

For example, because Facebook allows users to "tag" photos with the names of friends, it is possible for third-party apps to distribute photos that a user might only want to be seen by their inner circle of friends.'"

Yeah, malware is bad, but if somebody thinks those photos are going stay "within their core circle of friends" when they post them on Facebook, they need their head checked. You know, people in your "circle of friends" have other friends too, that are in other circles of friends. They will surely get passed between the two groups. Even if that doesn't happen, somebody in your "circle" will have an insecure computer.

The bottom line is that if you think you can keep your photos private when posting them online, you are deluding yourself. An idea might be to not take them in the first place if you don't want them seen by others.