What can Malware do?
Malware can be very nefarious – some steal credit card details, email addresses, personal information, lists of sites you’ve visited and passwords; some steal every keystroke you type into a system (called Key Loggers). Others can change your browser’s hope page, search engine, randomly open up sites you don’t want, change ads to ones that they want you to see, stop you reaching some sites and even turning your PC into a “drone” which makes it participate in sending spam, relaying porn or participating in attacks on remote sites.
Remember - be cautious about what you install. There are actually quite a few risks to consider:
- Changing T&C - While some programs may have amenable terms and conditions when you install them these can change over time. This can be more common for firms who start out with venture capital and funding however their cash flow proves poorer than expected; and ethical standards can give way to immediate financial considerations.
- Malware included with updates - In addition there has been software which included malware at a later date (even with normal maintenance updates). You will see some updates in programs which now ask you, often somewhat forcefully, to install some 3rd party toolbar or application in the process. Be very careful of these.
- Malware that starts out more innocently and becomes more nefarious over time – small developers often build applications (and even whole firms) with the intention of being sold to a larger firm in a takeover; the original design and intention of the program, e.g. a toolbar which directs the user to a particular site, can now be ‘expanded’ to include pop-up advertising, search highjacking and even more malicious activities.
- Authors who neglect to check bundled packages or “farm out” this responsibility to 3rd party firms. This is a common problem – some authors simply take a fee from an advertising broker who takes the responsibility for the content of 3rd party inclusions, often doing so in a very poor manner. It is not uncommon for such a broker to shutter their firm if they are caught including overly dangerous or malicious programs; they shut up shop and disappear leaving the original author in more of a legal mess than they considered originally
Antivirus companies have traditionally had a hard time combatting malware themselves – some refuse to address this problem all together and stick to viruses and trojans. One complication is that they are often sued by the malware companies themselves; they argue that the user agreed to install the application and that someone else has no right treating it as a virus. They say that users click “accept” at the huge legal disclaimer in many software packages without reading it in detail, this sometimes sneakily includes an agreement to install the malware and let it do bad things in return for installing the program they wanted to install originally (be it a game, free program, etc.). This can even be the case on programs you’ve paid for – the authors are double-dipping as it were.
Governments have been reticent to protect their citizens from this type of intrusion – they say it’s too hard, too ambiguous, that it transcends their borders or that it’s not their business to police the internet for every citizen; unless of course it affects their own interests or political party funding.