FYI...
Greyware fog ...
- https://www.securityweek.com/fog-greyware
Feb 13, 2012 - "... it was more than a little bit surprising when we observed downloads from Download.com behaving like spyware... Download.com had begun delivering freeware downloads in a wrapper that enticed users to click during the install in order to receive special offers and deals... When a user clicked on this option, the application took several steps that lowered the security of the user’s system, such as making changes to the security settings in the browser, changing proxy settings and also installed a service that leaked user information over HTTP POSTs. As it turns out, Download.com was under new management and had then intentionally developed this wrapper with those functions as a method to collect shopping data from their users. This led to a miniature scandal as antivirus vendors began rightly classifying the code as spyware, and Download.com then quickly reversed course. However, this is an example of a very broad problem... there are tons of applications and code out there that are not overtly malicious, yet do very spyware-like things without the user’s knowledge. Changes to security settings, browser settings, listening on backdoor ports, changing personal firewall settings. This is dangerous because it is -unlikely- that this type of behavior is going to be flagged as malicious, and yet it is materially reducing the security posture of the client machine. These things don’t compromise the host directly, but it certainly softens up the target for more malicious code or attackers... we will need to the ability to quickly determine which sorts of downloads and applets are safe for users to download in just the same way we are safely enabling applications today, applications such as webmail, SharePoint and other collaborative apps. Anything that affects the security posture of the client or the network needs to be seen by IT, and IT needs the policies in place that clearly define what sorts of behavior are allowed and which are not. The lesson here is that until we gain a credible level of control here in the grey end of the spectrum, we are simply trusting the Internet to provide reasonably safe code that doesn’t endanger users..."