Riskware is best understood as programs offering access to special functions at the cost of security or legality.
Generally, a computer program will have some level of system access to function properly. Other software has to have more extensive access to data or functions of a computer device.
Software with deeper functionality can provide many valuable tools and features to endpoint users and technical support staff. Namely, some benefits might include user monitoring, personalization, and modifying applications to bypass tedious aspects of use.
However, risks come with the use of particularly sensitive data or unethical practices.
This risky software usually leaves systems or users vulnerable in one of two major ways.
- Data and program exploits — due to vulnerability of program misuse or data breaches.
- Legal risks — due to blatant abuse of privacy or illegal attempts to modify programs.
Riskware will typically use some of the following functions:
- Access to system kernel — data at the system’s core
- Access to vital system operation areas — registry, internet functionality protocols, etc.
- Access to data-gathering hardware — GPS, microphone, camera, etc.
- Modifying programs — changing code, disabling features, etc.
In many cases, riskware can only be explicitly defined as “compromised” or “misused” if it is truly being used in an illegal, unethical, or unintended way.
For example, weather apps use GPS location data for real-time weather updates at your current location. If exploited via a security vulnerability, malicious criminals could hijack your app and spy on your location. Since weather apps are not illegal or malicious but the abuse of them is — they could be considered by some as riskware.
Due to the wide variation in the types of riskware, levels of risk vary. Learning more about riskware types will help you gauge the scope of threats posed by your software.