An exhaustive list of riskware types is impractical since many programs can pose risks. That said, riskware malware has been known to often include the following types of programs:
- Remote support utilities
- Internet relay chat (IRC) clients
- Dialer programs
- File downloaders
- Computer activity monitoring software
- Password management utilities
- Internet server services – such as FTP, web, proxy, and telnet
- Auto-installers (on mobile platforms)
Rather than focus on specific types of riskware, it’s more effective to label them by the types of risks they introduce. Riskware can generally be grouped based on several types of risks they introduce to your computer and mobile devices.
Software that Creates Unneeded Vulnerabilities
Modifying software or using external programs to circumvent the original design may disable built-in safety features.
For example, fraudulently licensed copies of paid operating systems like Windows will not receive security patches. To keep the illegitimate license from being voided, this type of software disables all interaction with the software vendor’s servers. This prevents all updates, including fixes for security issues that the vendor has discovered.
Poorly designed software or outdated software can also create gaps in your device’s security. If it has not been coded and tested with security in mind, the program may make an easy target for hackers. Outdated software may no longer be supported with security fixes, also making an ideal target for malicious criminals.
Software that Violates Laws
Software that breaks the governing laws of your region can also be placed in the riskware category. However, many types of software tread a fine line of legality depending on their use.
As an example, surveillance software may be completely legal or illegal depending on its use. Employee monitoring software in the United States is widely regarded as legal, provided the employer can give legitimate business-related reasoning.
While tools like legitimate keyloggers can watch an employee’s every action on workplace property, this could be a legal risk if non-business private data is stored. In cases of law-breaking use, this software would be considered spyware rather than riskware.
Other software is explicitly illegal and can be seen more as malware than riskware. However, even these can have valid reasons for use. For example, hacking tools are malicious when used by black-hat hackers to compromise systems they do not own. The same tools could be used by white-hat hackers to internally test a company’s software and discover security vulnerabilities.
Software that Monitors User Behavior
Monitoring user behavior generally is a riskware identifier because of the dangers around data collection. While this type of software already has legal risks, data gathered can also be exposed to hackers.
Surveillance software leaves users open to several device security risks. Some parents have been known to use monitoring software on their children’s mobile phones. If the software vendor has not prepared against hackers, their servers could be infiltrated. As a result, unwanted eyes could now be eavesdropping on the location of children.
User feedback for product development can be equally risky for monitored users and the company itself. As an example, large companies that gather a lot of user data can make fruitful targets for cybercriminals.
Enterprise data breaches have been known to expose user’s passwords and more. If keylogger data was exposed, this could have identity theft implications and damage a company’s reputation permanently.
Software that Provides Access for Malware
Riskware can easily be a gateway for malware if bundled with it or modified for misuse.
Co-installations with malware have been known to occur — especially in cases of shareware. When installing new programs, bundled software may attempt to install unless you opt-out. Bundled software can be safe, but some secondary programs may be from third parties that have not been properly vetted for safety. The initial application would be considered riskware because of the danger it introduces.
Adware is an equally risky program type to download and use. Just as secondary bundled software may not be checked, ads displayed in free sponsor-supported applications may pose their lack of quality control. Since malicious ads could display and lead to unsafe websites or downloads, adware can be considered a form of riskware.
Software that Violates TOS of Other Software
When software breaches the use terms for another program, it is also inherently riskware.
To explain, cracking software can be an explicit violation of another software’s terms of service. This type of software is used to remove or disable copy protections and falsely authorize the use of illegally obtained software. However, its use can be used for reputable purposes that make it riskware rather than definitive spyware.
Software such as cracking programs can be used for internal product research-and-development or educational purposes, where it is completely legal to use. White-hat hackers may reverse engineer software to discover ways to patch against malicious use of TOS-violating riskware.