The State Of Grayware On the PC

Checkers and Pogo writes "Grayware inhabits a murky area between pure malware and useful apps, and it's a growing problem. 38.1% of all malicious PC software falls into the grayware category, and so-called 'grayware 2.0' is targeting social-networking sites. Ars Technica's Jeremy Reimer notes, 'The "threat" of rogue applications like SuperWall wasn't immediately obvious: they seemed more like annoyances than real security risks. But as users entered more and more personal information into their Facebook accounts, it became clear that the possibilities for abuse were rampant. For example, because Facebook allows users to "tag" photos with the names of friends, it is possible for third-party apps to distribute photos that a user might only want to be seen by their inner circle of friends.'"

Goddamn BonziBUDDY

[eldavojohn]

Yeah, WinAmp was bad. But I'll never forget the day in college when my roommate downloaded and installed BonziBUDDY on my computer!

That goddamn ad injecting mal-ware sporting purple gorilla that was based on the dead soul of Clippy can rot in hell for eternity!

There's "free" as in gratis and libre and then there's a third kind of "free" as in wake-up-in-a-bathtub-packed-with-ice-minus-one-kidney free.

Re:Goddamn BonziBUDDY

Yes, but that was ADWARE, not true SPYWARE in the sense that it didn't ACTIVELY collect data
other than what you clicked on when it popped up ads 10 times per second.

Super annoying to be sure, but not (quite) the threat some made it out to be.
Although in this day and age some of the ads it would serve up could be trojans.

Rule of thumb - college buddies don't get admin access... not to my box, bed, bathroom, or toothbrush.

Re:Goddamn BonziBUDDY

[Sciros]

NOOOO stop bringing up BONZI BUDDY! What we thought would be an amusing evening of getting a purple gorilla to say things like "punch me in the testicles" and various "yo momma" jokes turned into a nightmare that can only be compared to when all the people in the beginning of Ghost Ship get cut in half by a cable and it looks really fake and lame but still gross. Only intead of a ship it was my computer, and instead of a cable, it was Bonzi. After much kung fu, I banished him from our dorm room, but he still haunts me in my dreams.

Re:Goddamn BonziBUDDY

Truer words have never been spoken, same thing happened to me.

But what do we do about this problem?

Re:Goddamn BonziBUDDY

[esocid]

Gator was a piece of shit too. I can recall stumbling upon that wondering how it got there and why and then taking the time to find out how to remove it completely. Awful.
In terms of facebook, which I'm contemplating removing all my pictures/info from and "deleting" my account, I remember going to kongregate, a flash game site, and discovering that it had some sneaky little trick of noticing I had a cookie from facebook and it sent some shit to my account. I quickly rectified that by changing all my privacy settings, since I rarely ever use it I hadn't noticed the updates to it.

Re:Goddamn BonziBUDDY

[AioKits]

Arrgh, Gator... Don't get me started. One place I worked (not gonna name it, could get in trouble), all the secretaries had that damned thing on their systems cause of the cute kitten cursors they offered. We'd have to take the machine and most the times just restage it to clean it and hand it back. A few days later, gator was back. They wanted their cute kitten cursors. Eventually the net admin for that facility just blocked the gator site outright. He was forced to unblock it when a score of unhappy secretaries descended upon administration wanting their 'harmless kitty icons'. "But they're kittens! Who doesn't love kittens?!" *sigh*

Re:Goddamn BonziBUDDY

[Kabuthunk]

Hey... at least you got that free bath out of it :P.

Re:Goddamn BonziBUDDY

So why didn't the idiots in IT (or was that you?) just get a set of kitten cursors and add them to the machines?

Re:Goddamn BonziBUDDY

[mcsqueak]

Your Admin should have just found kitten cursors then, problem solved. Not that hard...

Re:Goddamn BonziBUDDY

[morgan_greywolf]

Yes, but that was ADWARE, not true SPYWARE in the sense that it didn't ACTIVELY collect data
other than what you clicked on when it popped up ads 10 times per second.

Right, but some of what it popped up contained drive-by downloads of real malware/spyware, so calling it ADWARE isn't quite accurate -- I think the GP is right to call it 'grayware'.

Re:Goddamn BonziBUDDY

[sm62704]

Yeah, WinAmp was bad

Ok buddy thanks a lot. Winamp is my second favorite media player (XMMS is my favorite). You made me RTFA.

In the heady days of the dot com boom, many software companies were happy enough to give out free software and trust that the money would somehow arrive later, magically (some, like the authors of WinAmp, would live to see this happen when their company was bought by America Online). Other companies released trial or demo copies of their software which could be unlocked for a fee.

That was the only place in TFA the word "winamp" appeared.

So what was/is so bad about winamp? Yeah XMMS is better but afaik it won't run in Windows.

Re:Goddamn BonziBUDDY

Don't forget my favorite kind of free, which I must attribute to the unknown Slashdot poster:

Free as in (lowlife British accent) Free Hundred Quid.

Re:Goddamn BonziBUDDY

[AioKits]

Your Admin should have just found kitten cursors then, problem solved. Not that hard... My thoughts too. I had just started college around that time, was working there because I was promised some opportunities. He seemed to feel it was beneath him to look for kitten icons. Since my position there was right below spittoon, I was had no say in anything.

Re:Goddamn BonziBUDDY

[PitaBred]

That's what Wine is for. Installing a program that would screw up Windows ;)

Re:Goddamn BonziBUDDY

[crispin_bollocks]

My daughter, then 13, was a big fan of the purple gorilla, and had so many damn toolbars there was hardly any room for content in the browser. And let's not forget Gator!! "Dad, just click 'Allow' - that's what I do, it's quicker."

Re:Goddamn BonziBUDDY

[NibbleG]

Same thing happened where I was, except is was the purple gorilla, and I was a student at BOCES at the time (no joke, I was in for IT). For some reason half the secretarial staff took a week off and some of the IT students were asked to answer the phones and what not. When I saw Bonzibuddy was on all of the machines I just about walked away. But we got that cleaned up in an afternoon. Never trust underpaid, under informed secretarial staff...

Re:Goddamn BonziBUDDY

[eepok]

I had the same reaction. I don't know of anything wrong with WinAmp except that it doesn't have *as* small a footprint as some very few other media players. But considering its features, plethora of skins, and ease of us, I don't see anything wrong with it.

Re:Goddamn BonziBUDDY

[nexex]

Like this?

Re:Goddamn BonziBUDDY

[vimh42]

Wow, you just coined a great new term. 'Free as in kidney.' I must go use this wonderful gem.

Re:Goddamn BonziBUDDY

[Nemo's+Night+Sky]

I am pretty sure they weren't talking about the Winamp core. There were several spyware plugins released for the Winamp platform. These posed as visualizers, editing, input and other such things posted to the Winamp homepage for download. Someone wrote a comment on another thread a few days ago about that dancer thing being spyware. I can't remember what it was called.

Re:Goddamn BonziBUDDY

[Fulcrum+of+Evil]

I would've made a policy of reimaging any computer with Gator installed. If they want kittens, go get some plush ones and put them in your cube.

Re:Goddamn BonziBUDDY

[dbIII]

That purple gorilla helped cost me a job. The user would complain about their computer being slow. I would remove the crapware and return the thing in a functional state. The user would see the gorilla was gone, get angry, load it on again and then complain that the computer was slow. This cycle repeated several times with the user getting more angry each time and when others backed me up became convinced that IT people have some sort of conspiracy to pick on users that dared to have something "fun" in the workplace. Unfortunately the user and immediate manager were also respectively slow and functionally illiterate (dyslexia was the excuse for the manager but the reality was more than that) and there was no budget for a machine capable of running the crapware in addition to the work software.

Re:Goddamn BonziBUDDY

Ugh I migrated from XMMS a few years ago and will not look back. In terms of available plugins, skins, and such, it was bad-ass, but the actual app was so hideously painful to use without a good collection manager like Madman.

When Gentoo dropped XMMS, I found Amarok, which does almost everything that the combination of the XMMS and Madman did, and MUCH more (Last.fm scrobbling has now become an essential feature to me).

I do miss the plugins, though (esp for NES and similar chiptunes)

Re:Goddamn BonziBUDDY

[David+Gerard]

I'll have you know Wine runs many Windows trojans perfectly!

Re:Goddamn BonziBUDDY

[sm62704]

Thanks, I'll have to try Amarok.

Re:Goddamn BonziBUDDY

[lostfayth]

XMMS does not, as far as I am aware, but xmms2 does:
http://wiki.xmms2.xmms.se/index.php/Windows

Re:Goddamn BonziBUDDY

[Doggabone]

With enough wine in her, the wife draws the curtains over the windows and reaches for the trojans.

Re:Goddamn BonziBUDDY

[FrozenFOXX]

Of course it'll run in Windows! You just need to apply the patch first. It's available for free at here.

Re:Goddamn BonziBUDDY

And, just like Windows, she doesn't run nearly as well once she's had the purple gorilla run amok inside her.

Re:Goddamn BonziBUDDY

Why didn't you just rip the kitten icons/cursors from the app and distribute those internally?

For the uninformed

[Ethanol-fueled]

These are the most popular examples of Grayware - avoid whenever possible:
-Norton anything
-Mcaffee anything
-Microsoft anything
-Myspace anything
-Facebook anything
-Sony anything
-iTunes
-"Quick"time
-Realplayer

Also:
-Never click on the duck
-Never click on the monkey
-Never click on the blinkenlights
-Never click on "yes" or "I agree" -If you still manage to get a popup, consult your country's extrortion laws

You've been warned.

Re:For the uninformed

[Stormwatch]

I did try to find an alternative to iTunes, open source or just freeware, but I couldn't find anything as easy to use and feature-complete.

Re:For the uninformed

[KGIII]

It is a bit off topic but I figured I'd respond. I'm not sure if you tried it but it is free and I personally like it a great deal. Give JetAudio a shot. The pay version is nicer but, as a player, it's fantastic though I prefer the older versions.

Re:For the uninformed

[Ethanol-fueled]

Including iTunes was a bit heavy-handed, I admit. A better idea would have been to cite WinAmp. If one dosen't like Windows, they can use mac or linux but with personal media players you're pretty much stuck with whatever software their manufacturer wants you to use.

Re:For the uninformed

[ciggieposeur]

What about Amarok?

Re:For the uninformed

[domatic]

Xanga is really nasty too. A friend of mine's kids used it and his machines all acted like they went to the orgy with Paris Hilton, Lindsay Lohan, and Britney Spears where Tila Tequila showed up later and sat on their faces.

Re:For the uninformed

Hardly so. You were on the dot. I'd pick XMMS or Winamp over iTunes anyday, with the older Winamp 2.x series being the best of the lot. And iTunes follows the same bundling thing with Quicktime, and installing its auto-updater. Personally, I'd much rather prefer to manage my collection myself and treat a music player as if it were a USB hard disk.

Re:For the uninformed

[Alex+Belits]

Those are Windows people.

Re:For the uninformed

[OldeClegg]

grayware?

Huh. Grayware.. I figured this must be domestically branded software purchased overseas, reimported, and installed domestically.

Re:For the uninformed

And don't forget the 'Greyware' that companies like Phorm and NebuAd are planning to install inside your ISP. Greyware that scans all your web traffic and uses it to target you with advertising, while purporting to give you benefits like 'less irrelevant advertising'.

Phorm market their intra-isp spyware as 'Webwise' a supposed anti-phishing filter, which in itself is of dubious value when most browsers have such protection built it.

You can't even truly opt-out of the 'service' either. Even if you opt-out your data still gets scanned and profiled, you just don't get the target ads.

If your ISP has implemented this 'Greyware' The only way to truly opt-out is to leave your ISP.

Re:For the uninformed

[Silvrmane]

How in the name of FSM did this get modded insightful? There is nothing wrong with iTunes or Quicktime. Quicktime is not greyware -- it does exactly what it is supposed to do, and costs nothing unless you need the pro features. It does not pop up ads on your machine. It does not report anything back to Apple. It "just works." iTunes is, while a bit bloated, a very capable, and free, media manager/viewer. Most Windows programs should wish to be as well programmed, and kept up to date, as these two fine pieces of software.

Re:For the uninformed

Have some more Kool-aid. That is, if you can keep the cock out of your mouth long enough.

There is no Dana, only Zuul.

[snarfies]

The article defines this "greyware" "vectors of attack." PROTIP: If the software has any sort of vector to launch any sort of attack on any machine, it is malware, pure and simple. Calling it "greyware" is a whitewash of some dark stuff.

Re:There is no Dana, only Zuul.

[hilather]

Agreed. Malicious software is only what it is, malicious. Even if it does perform some decent functionality you are better off finding an alternative piece of software that can perform the same task. Odds are, you can find an OS equivalent.

Re:There is no Dana, only Zuul.

You really just lumped a lot of software (quicktime, for ex) into the malware catagory.

I would distinguish between the INTENT of delivering a vector to be abused and the later discovery of a vulnerability in an otherwise usefull utility.

Every block of code has a vulnerability. Paint the world malware and you'll miss the INTENT, which I would argue is at LEAST as important as the exploit itself.

Re:There is no Dana, only Zuul.

Grey areas of law become a great annoyance too but a full discussion on that would quickly go offtopic. Therefore atm will restrict my comments to the following:

Anyone deliberately creating, distributing, collecting output from and/or selling the information from spyware should be arrested tried and convicted of one or more existing laws regarding spying, peeping toms, espionage, stalking, etc. This nonsense of getting away with something just because its applied "on a computer" and calling it marketing is pure bullshit. We should be just lining them up on a wall and offering them blindfolds, much nicer then they deserve, but what they deserve would be in violation of the cruel and unusual punishment clause.

Cue the peeping through Windows jokes.

Re:There is no Dana, only Zuul.

[Junior+J.+Junior+III]

So then, by that definition, SMTP/POP is malware.

Really, I don't know how TFA is defining "greyware" but just from the commonsense interpretation of the words, I'd think it meant something that possibly might be desirable, but could be prone to abuse.

If I give you my email address, I trust that you'll use it to send me email that I want to receive.  If you turn around and send me spam, you've violated my trust.

If I provide software sensitive personal data, such as financial information or medical information, that data could be used for good purposes or bad purposes.

So, I say, there is grey.

5 pages

[esocid]

Ok, /.ers don't RTFA anyway but I'll sum up the 5 pages. History of malware...gator....trojans et al....there will always be malware that avoids detection...in the future mobile devices are going to be targeted more than they are now. Constantly updating browsers are good...yadda yadda...don't be stupid and be skeptical.
Tada!

Re:5 pages

[mikkl666]

don't be stupid and be skeptical Or, to be more precise, don't be a dick.

Re:5 pages

[sm62704]

History of malware...

I had to RTFA because somebody said "winamp was bad". I didn't read far; its history was wrong. It claimed that malware started when the internet becaie popular during the dotcom boom.

Malware has been around longer than PCs. "Boot sector viruses" were the norm during the eighties when freeware was passed around and sold on floppys and BBSes. A book on computer viruses I read some time in the eighties had the first virus sometime in the seventies iirc.

-mcgrew

Re:5 pages

[PitaBred]

A virus isn't really in the same class as this malware. They're calling it "greyware" because it doesn't try to fuck up your PC, it adds "services" which are dodgy and expose you to all kinds of interesting privacy and security exploitation. The first viruses were almost purely destructive or annoying, there were no "ulterior motives" like there is with this malware that DID start with the Internet getting popular.

or "gator"

the software which would remember your passwords for you.

what could be more stupider than this software? I guess the people using it.

it was later found out it could easily phone home with your information. *BANGS HEAD ON DESK*

captcha: threats

OH MY GOD !!

[OrangeTide]

For example, because Facebook allows users to "tag" photos with the names of friends, it is possible for third-party apps to distribute photos that a user might only want to be seen by their inner circle of friends.

I can't even conceive of a threat to national security larger than this!

Re:OH MY GOD !!

[spun]

I know! I mean, it's not like Nazi/Adult Baby BDSM parties are actually illegal. What do I care if my personal pictures of myself dressed as Hitler in diaper getting spanked by a fat cross dressing Eva Braun get distributed over the web? Sheesh, some people are SO whiney!

Re:OH MY GOD !!

[QuantumRiff]

Stop posting on slashdot, and go back to running your campaign for election please!

Re:OH MY GOD !!

[zebadee]

"I know! I mean, it's not like Nazi/Adult Baby BDSM parties are actually illegal. What do I care if my personal pictures of myself dressed as Hitler in diaper getting spanked by a fat cross dressing Eva Braun get distributed over the web? Sheesh, some people are SO whiney!"

Well it didn't work out too well for Max Mosley did it?

Re:OH MY GOD !!

[mikkl666]

I think Godwin's Law applies here...

Re:OH MY GOD !!

[OrangeTide]

It's about damn time we made a law about people mentioning Godwin's Law.

Re:OH MY GOD !!

[Haralampi]

Haha, I completely agree! While that might be a problem in a couple of occasions I fail to see real danger here. It is so trivial that it is not even worth mentioning.

Re:OH MY GOD !!

[Technician]

I can't even conceive of a threat to national security larger than this!

It's a good thing you can't see the R & D planss on my private Facebook page. They are secure there and only my close circle of engineers can view it to help develop the virus and it's vaccine.

Re:OH MY GOD !!

[owlnation]

I know! I mean, it's not like Nazi/Adult Baby BDSM parties are actually illegal.

Well, Nazi things actually are illegal in a number of countries - Germany for example. I'd think there was a good possibility if you were a visitor to Germany, and the authorities knew you liked wearing nazi things, you'd at lest be detained for interrogation. Also, BDSM stuff is technically illegal in the UK (but then almost everything is illegal in the UK -- unless its the Brown (shirt) Government breaking the law, then it's perfectly ok)

Re:OH MY GOD !!

[RichardX]

>It's about damn time we made a law about people mentioning Godwin's Law.

And it shall be named... Hitler's Law.
Infinite recursion for great justice!

Re:OH MY GOD !!

[OrangeTide]

The Nazis made new laws!

Re:OH MY GOD !!

[dredwerker]

I think that would have to be OrangeTide's Law now coz you mentioned it. Where is my wikipedia log in :) Be interesting to see if you could get it coined.

Re:OH MY GOD !!

[AncientPC]

This already exists via this Grease Monkey script: http://userscripts.org/scripts/show/11218

You can now see all photos of your friends (even if they were taken by someone else and marked for friends only).

MOD PARENT UP

[dreamchaser]

Even coining the term 'greyware' is just a form of social engineering. "Oh it can't be THAT bad. I mean, it's grey, not black."

Malware is malware. If it looks like a duck and quacks like a duck, I call it a duck. There is no such thing as 'greyware'.

Re:MOD PARENT UP

Well, I was originally gonna post something about DRM being grayware, since there's an arguably useful thing (media) with something else harmful (DRM) piggybacking on it. But if grayware is a sham term, then I guess that just means that DRM really is malware.

Suck it, Sony!

Re:MOD PARENT UP

[dreamchaser]

Your ideas are relevant to my interests. I would like to subscribe to your newsletter.

Seriously, I consider all DRM to be a form of malware in a sense.

Re:Mod parent up

[Klaus_1250]

I think the issue is that the list is a bit too long and some names should be explained.

I can vouch for McAffee and Norton. They both claim to be "included" for free in all kinds of packages (computers, ISP subscriptions) but in reality, they just ship you a 30-day trial version. What's worse is, that they are both overpriced, slow down your PC to such an extent it's like having a molasses filled harddrive, they're full of bugs (don't get me started), they just don't work (they're better in attracting malware than a honeypot) and deinstalling them ... (ah well, they time you had to do a clean Windows reinstall is at least over)

Re:MOD PARENT UP

The thing is, it doesn't look like a duck, it looks like a swan.

Re:MOD PARENT UP

[kent_eh]

Well, I was originally gonna post something about DRM being grayware, since there's an arguably useful thing (media) with something else harmful (DRM) piggybacking on it. I believe the proper term for something good with something harmful piggybacking on it is Trojan.

Re:Mod parent up

[freemywrld]

Attempted to give the post a boost, only to realize it was a waste of a point. They are now at +5. Thus this post - I want my damn point back!

Re:Mod parent up

[OMNIpotusCOM]

That's simple, he was modded down because he spoke ill of Apple (iTunes). He may as well have called Ron Paul malware, said an "in soviet russia", or said that Microsoft had a good idea, because the same thing would have happened. I like to get those all out of the way in the same post when I know I have to violate a Slashdot bi-law.

Re:MOD PARENT UP

[jimmux]

To my knowledge, there isn't even such a thing as "blackware" or "whiteware". The latter sounds like a brand of undergarments.

Anyway, I would stay away from grayware, if only because the American spelling makes me cringe. Greyware on the other hand...

Re:MOD PARENT UP

[FrankieBaby1986]

what harmful thing piggybacks on condoms? ooooh.... I thought something smelled...

Re:MOD PARENT UP

Actually, whiteware does exist - it's the name for household appliances such as your washing machine and refrigerator.

Which makes the connection with dodgy software even more confusing.

Shades of Gray

[suck_burners_rice]

If we're going to start using the term "grayware" to describe software that falls somewhere between a useful application and a piece of malware, then we need to start using the term "blackware" to refer to malware, and "whiteware" to refer to useful software. By the same token, some software could be "light gray ware," other could be "dark gray ware," et cetera. Whiteware that contains exploitable bugs should be termed "off-white ware" and security software which would otherwise be termed whiteware but could be used by a malcontent for evil purposes should be termed "whiteware with black polka dots." We could further extend this concept to include whiteware that could be dangerous if misused, such as software that controls a nuclear rocket; such software would be termed "redware." Software that helps the environment would be called "greenware." Now all we need is something for "blueware" and we can use the entire color space to describe a computer program.

Re:Shades of Gray

You forgot BROWNWARE, software that is pure shit.

Re:Shades of Gray

[RobertB-DC]

If we're going to start using the term "grayware" to describe software that falls somewhere between a useful application and a piece of malware, then we need to start using the term "blackware" to refer to malware, and "whiteware" to refer to useful software [...] We could further extend this concept to include whiteware that could be dangerous if misused, such as software that controls a nuclear rocket; such software would be termed "redware." Software that helps the environment would be called "greenware." Now all we need is something for "blueware" and we can use the entire color space to describe a computer program.

Don't be silly. This is a highly technical forum.

You have to include hex codes.

blackware = 0x000000
grayware = 0x808080
light gray ware = 0xC0C0C0
off-white ware = 0xE0E0E0
whiteware w/black polka dots = 0xFFFFFF + (0x000000 * $chance_of_exploit)
whiteware = 0xFFFFFF

redware = 0xFF0000
greenware = 0x00FF00
blueware = 0x0000FF

And of course:

tupperware = Varies by kitchen
underware = 0xyoudontwannaknow

Re:Shades of Gray

[Peet42]

From that link, here's a line that would immediately appear in any Micro$oft EULA:

Note: Colors are indicative may not match with actual product color.

Re:Shades of Gray

[asylumx]

Unfortunately for some, underware = 0xDEADBEEF ... or for those lucky few (seldom found on /.) underware = 0xCAFEBABE

Re:Shades of Gray

[oahazmatt]

If we're going to start using the term "grayware" to describe software that falls somewhere between a useful application and a piece of malware, then we need to start using the term "blackware" to refer to malware, and "whiteware" to refer to useful software. By the same token, some software could be "light gray ware," other could be "dark gray ware," et cetera. Whiteware that contains exploitable bugs should be termed "off-white ware" and security software which would otherwise be termed whiteware but could be used by a malcontent for evil purposes should be termed "whiteware with black polka dots." We could further extend this concept to include whiteware that could be dangerous if misused, such as software that controls a nuclear rocket; such software would be termed "redware." Software that helps the environment would be called "greenware." Now all we need is something for "blueware" and we can use the entire color space to describe a computer program. This is exactly the kind of forward thinking I'm looking for in a lead designer for my new "tealware" project!

Re:Shades of Gray

[The+Moof]

Now all we need is something for "blueware" and we can use the entire color space to describe a computer program. Software that cause a BSOD?

Re:Shades of Gray

[rts008]

I can only display 256 colors, you insensitive clod!

I won't get to experience all of the nuances of your 'shades of grayware', but now I'm dithering....

Re:Shades of Gray

[ill+stew+dottied+ewe]

Isn't it obvious what would constitute blueware?

Re:Shades of Gray

Blue's porn.

Re:Shades of Gray

[repapetilto]

pornware?

Re:Shades of Gray

Vista isn't that bad, is it?

Re:Shades of Gray

Micro$oft Is your keyboard broken? I've noticed that everybody on Slashdot seems to have a broken keyboard, specifically just the 'S' key. I wonder why.

I mean, SERIOUSLY. If your keyboard is broken, just buy another one. It's not like you spend your disposable income on music or movies or anything like that, anyway, right?

Re:Shades of Gray

Is your keyboard broken? I've noticed that everybody on Slashdot seems to have a broken keyboard, specifically just the 'S' key. I wonder why. But there's no "S" in Micro$oft ... look again

Re:Shades of Gray

[dave562]

I think that Microsoft has a lock on blueware. It's that special state your computer boots into at only the most opportune moments. A state of complete uselessness.

Re:Shades of Gray

[Barumpus]

We do have something for "blueware".... are you forgetting Windows?

Re:Shades of Gray

[iainl]

I was about to accuse you of cheating, since they're 4-byte codes. But if 0xCAFEBABE's underwear has an opacity of CA that makes a bizarre amount of sense.

Re:Shades of Gray

[VanessaE]

Now all we need is something for "blueware" [...]

We already have such software. It's called "Windows". Older versions of course being particularly 'blue' in nature.

Re:Shades of Gray

[pipingguy]

underware = 0xyoudontwannaknow

OT: I went through a department store today where I saw a sign directing me to "Men's Underfashions".

WTF? Are they insinuating that my Homer Simpson boxers are not trendy enough?

"Greyware"? So let me get this straight . . .

[mmell]

If I rob a bank, I'm a felon.

If I'm hired to analyze security for a bank and use the knowledge I acquired during my analysis to rob the bank, I'm only guilty of a misdemeanor?

Re:"Greyware"? So let me get this straight . . .

[morgan_greywolf]

If I'm hired to analyze security for a bank and use the knowledge I acquired during my analysis to rob the bank, I'm only guilty of a misdemeanor?

That depends. Was she over or under 18?

Re:"Greyware"? So let me get this straight . . .

[geekoid]

Guilty? you weren't very good, were you?

Mod parent up

Why is this modded troll?

Facebook apps = bad

[smithtuna33]

Not only are some of these apps extremely annoying, including advertisements next to games and etc, its now very common for them to use incentives (eg extra levels or whatever) to get people to invite all their friends to the application. facebook's devs addressed it in a blog post but it remains a problem. the whole system looked bad from the start, so i personally reject all applications that aren't facebook related. even so, its to the point now where i'm thinking of shutting down my account.

Re:Facebook apps = bad

[goofyspouse]

I'm feeling better every day for never having bothered with Facebook or MySpace. I just never saw the "point", I guess.

gizmo5? (the windows ver?)

http://www.gizmo5.com/
Gizmo's linux client looked OK. But, their Windows client looked like Grayware to me.
Then again, thats their client for Windoze - serves right..!

Re:Slashdot is horrible

[sm62704]

this joint has really gone downhill over the last 2 years

Sorry dude, my bad. We're getting some killer hydro next week, here have a toke.

seriously, look at the front page. I don't see another ars story and haven't for quite a while. Are you trying to troll? If so you really do suck at it.

And yet again...

[kvezach]

... computer malware copy the lifecycle of their organic counterparts; some viruses and parasites, in order to remain in the host, evolved to grant some advantage to the host in question. The analogy in the computer realm is this "greyware" - the advantage being some valid function (legitimate program), and the parasitic or viral aspect being the malicious part of the greyware in question.

Not all viruses evolve in this manner, however. Some just entangle themselves so deeply it's impossible to remove, or to remove it would cause great harm. Fortunately, there's not many computer examples of the latter, but see cryptovirology for ideas how they might in the future.

Re:OH MY GOD !! Other... Shoe... to.. Drop?

[davidsyes]

I'm waiting for the other shoe to drop. When we hear that the NSA and CIA had ordered Facebook to enable backdoor plugins to every profile, every app, and every browser type used to reach FB.

Aggregating the information of a few million users will be NICE input to Visual Analytics...

But, why IS IT that Facebook apps need to KNOW almost everything about the user's profile?

Why cannot FB use some sort of restrictions database (I imagine they do to a POINT, but not as well as could our OUGHT to be...) to control access at not just the friend/profile/info-area level, but specific pieces of information?

Just because someone TAGS a photo shouldn't give them rights to KNOW too much. It would nice if one had an ability to annotate why the tagged or bookmarked a file, but then it could be dangerous if that stuff got scooped up by the various intel agencies. Imagine annotating revulsion or grudge info to someone, then some ill visited upon them and then the agencies demand records of any and all bookmarks attachments to said deceased/harmed person. Might help solve SOME cases, but would open up even more about some people than their profiles might suggest.

Just my thandom roughts...

Not Happy with the Write-Up

OK, so it's a nice history of malicious code. But calling it greyware is, as other have stated, simply ridiculous. Everything mentioned in the story qualifies as malware.

Greyware, to me, indicates software that is usefull, but may be frequently used by the proverbial bad guys to do harm. A fine example of this would be PSExec. I have this, and all the other PSTools, on my PC for work. I use them regularly to help me get my job done. Suddenly, Trend (our anti-virus appliance) decided PSExec was bad, labeled it as greyware and took it away (I have many copies). Getting the Powers That Be to leave my tools alone was seriously a pain in the ass! When Trend was updated to see PSExec as greyware, our appliance went nuts because I have it on, quite literally, all of our almost 300 PCs.

The point is, this legitimate tool can be used for evil, so it gets labeled as greyware.

Of course, this definition really is no better than the others. Following this logic, a gun would be greyware: useful for hunting, self defense, etc, but could be used for causing great harm.

As such, it's either malware, or it's OK; there is no in-between.

mod redundant

4 post's up from you talked about gator first

why you stealing anonymous cowards ideas for mod points?

douche

omgwtfbbq!!!1

[jhantin]

*ding*ding*ding* You win the thread! I needed a good laugh today. Too bad I don't have mod points. :-)

Ars Technica

do you have to link every ars technica article?

Re:Ars Technica

[couchslug]

Hello (probable) APK! :)

Re:Ars Technica

[philbophilbin]

Sounds more like an AGING problem! LOL.

Wow

Wow, none on Linux! No wonder people are switching...

Grayware

[Kamineko]

Is grayware written using Gray Code?

Conduit toolbars deserve a mention here

Grayware at it's finest. Stay well clear off.

Russian Business Network.

What were they thinking?

[dangitman]

For example, because Facebook allows users to "tag" photos with the names of friends, it is possible for third-party apps to distribute photos that a user might only want to be seen by their inner circle of friends.'"

Yeah, malware is bad, but if somebody thinks those photos are going stay "within their core circle of friends" when they post them on Facebook, they need their head checked. You know, people in your "circle of friends" have other friends too, that are in other circles of friends. They will surely get passed between the two groups. Even if that doesn't happen, somebody in your "circle" will have an insecure computer.

The bottom line is that if you think you can keep your photos private when posting them online, you are deluding yourself. An idea might be to not take them in the first place if you don't want them seen by others.

Re:What were they thinking?

[Don_dumb]

I am not sure that is entirely fair. Facebook specifically gives the option for each photo album as to whether you friends, your friends friends, or the whole world has access to your pictures on Facebook.

Your friends could of course download your pictures and then post to other people them themselves but that makes Facebook no less secure than emailing your photos out. The difference is on Facebook people don't go around recieving and forwarding the photos on, they just look at the albums, so I think that photos get passed between groups of friends less often than if they are distributed, of course it can happen quite easily and probably does. If your friends can see them in softcopy you have given up sole control over them. Nobody would transmit sensitive photos to their friends (they wouldn't want them to see them anymore than anyone else) and I don't think anyone I know would be stupid enough to upload those photos to Facebook either. I don't use Facebook's applications (like Superwall) but it is a great way to share photos that involve them (such as parties etc), I don't think it is unreasonable to ask that the applications my friends use respect my privacy choices on Facebook if Facebook itself respects them (I am not convinced that it does however).

The bottom line is that if you don't want others to see your photos, you probably don't want your friends to see them either.

The real bottom line is i keep getting distracted and I'm not sure what I am trying to say really.

Re:What were they thinking?

[Harin_Teb]

The real problem is not me posting pictures of myself, so much as someone else posting pictures of ME and then tagging me. Granted I think if your doing something stupid and let someone take your picture its your own damn fault, but when you are doing something innocuous (such as drinking water from the ubiquitous red cup) and someone posts a picture of it with the tag line "OMG underage drinking is teh funne$t!!1!" and my name attached to it, THAT can have serious repercussions... which are 100% undeserved.

and that is why I hate social networking sites.

Re:What were they thinking?

[dangitman]

What you need to do is stop being underage. But seriously, your point is very valid. But what do we do about it? This is why I don't participate in Facebook and other sites like it.

Re:OH MY GOD !! Other... Shoe... to.. Drop?

[OrangeTide]

The FBI will finally be able to round up the millions of teenage terrorists here in the US. Thank god I took my pictures of my homemade plutonium detonator off Facebook else I would have been in serious trouble.

Re:Shades of Gray: Blueware for pr0n

[Ox0065]

Blueware for porn. The circle is complete.
cyanware: hippy porn!!
yelloware: the colour of an Exon shareholder's trowsers on the day the hippies get a superpower
Now I'm wondering what magentaware is. (>_) I'm going to stop now.

Re:There is no Dana, only Zuul. REIMER IS A FAKE

Reimer's an idiot that's never even written a program himself. Reading anything from him about programs of any kind, from someone who's never written one (show me a program written by Jeremy Reimer online) is like reading about riding a bike from someone who has never done so, or reading about sex from a virgin. Quality reviews from arstechnica: The home of the "never done it myself but I will write about it and act as if I were some authority". What a truckload of crap.

Use a personal approach!

The number of people with the abilities to write the core functionality in malware, especially rootkits and polymorphic vira, must be rather limited, so a way to combat these pests would be to go after these people personally and directly. Offer massive rewards to whoever reveals their identity and even more to whoever brings them into the hands of law enforcement. Criminals are always greedy enough to sell each other out so use that and take out the brains behind the malware. Sure, new brains will emerge and take over but they can be hit the same way, and when the job gets that risky a lot of talent will think twice and most likely move on to something else.

You forgot:

[crhylove]

There's a few you forgot.

-All versions of Winamp after 2.81
-Adobe Acrobat
-AOL
-java
-99% of all "security" software (not just limited to Norton and Mcaffee, but those are the worst/most common!
-I'm sure I'm forgetting some more huge ones!

Also:
If you really want a very clean system, I suggest using Portable Apps (google it). Tons of great FOSS programs that will not touch the registry or do anything but run and only run when they are opened:

Pidgin
GIMP
Firefox 3 (Beta 5)
Open Office
Audacity
Sudoku
Texas Hold'em (Online and Free!)
UltraVNC
Infrarecorder (nearly as good as Nero now!)
Clamwin
Filezilla
Bonkenc
Virtualdub

Other than those programs, there are a few proprietary softwares that I must have, and there is sadly no open source alternative:

Winamp 2.81
uTorrent 1.5 (later versions are spyware)
Virtualbox
Urban Terror (though it is ioquake3, so I ALMOST trust it all the way (wish it was portable!)!
Joost
Cool Edit Pro 2.1
Sibelius
Dream Aquarium
Skype

And then there are a couple FOSS apps that I can't get portable versions of:
Mupen++
Zsnes

Using that list of software I can pretty much do ANYTHING on this machine, and I haven't had any spyware, malware, virii, or slowdowns at all.

Feel free to add whatever I forgot!!!

Re:You forgot:

[anilg]

uTorrent 1.5 (later versions are spyware)

Anything to back that claim? I'm using 1.7

I can't!

[crhylove]

Bush is so unpopular it is almost impossible for us Republicans to win. Why even try!?!

Re:5 pages of crap from Jeremy Reimer the fake

That stooge from arstechnica, in Jeremy "fake it till you make it" Reimer? Reimer's just a fake that's never even written a program himself and yet writes about them??

TO THE SLASHDOT EDITORIAL STAFF:

That's a funny joke on your parts, but April fools day is long past, /. editors. Funniest part is, it's not even funny. Jeremy Reimer's no authority on computing by any means. (After all, Jeremy Reimer has no certifications or degrees in computers whatsover, nor does he have years to decades of programming them, much less even network administration or tech tasks even).

Does Jeremy Reimer have years to decades of actual programming experience???

(No. He's not even a network administrator or tech)

Does Jeremy Reimer have a degree or even a certification in this field????

(Again, no. Not even an A+, much less an MCSE)

SARCASM: Yea, that Jeremy Reimer is an expert on programs alright (not).

Reading anything from Jeremy Reimer about programs of any kind, from some damn fake it till you make it like Jeremy Reimer (he's never written a program (show me a program written by Jeremy Reimer online))????? It's like reading about riding a bike from someone who has never done so, or reading about sex from a virgin. Any moron can spit back the statistics of others as well, which is about all the fake Jeremy Reimer does. Big deal.

Quality reviews from arstechnica: The home of the "never done it myself but I will write about it and act as if I were some authority".

No thank you. Everyone knows arstechnica's falling apart, and using this site to boost their sagging views counts only hurts this site. After all: Arstechnica does have an outright fake like Reimer as one of their "authors", what a joke. Don't take slashdot along for the ride by citing a fake here guys. It only hurts this website's credibility.

Malware Survey - similiar topic

[mrhandstand]

http://bt.ins.com/ just released a survey about how companies view and respond to the malware threat

WARNING PDF go http://bt.ins.com/WorkArea/linkit.aspx?LinkIdentifier=id&ItemID=2665 to view

I also did an interview @ DarkReading.com http://www.darkreading.com/document.asp?doc_id=151382&WT.svl=news1_1 about the survey.

DISCLAIMER: I work for BT, but the survey is pretty unbiased IMHO.