Fake but free and worth every cent presented at Virus Bulletin 2011

by Robert Lipovsky (Eset),

URL : http://www.virusbtn.com/conference/vb2011/abstracts/Lipovsky-etal.xml

Summary : "In his 2009 paper 'Is there a lawyer in the lab?', Juraj Malcho discussed
the thin boundary between legitimate and malicious applications, and presented the difficulties AV companies have encountered
dealing with greyware or potentially unwanted applications (PUAs). The severity (and sensitivity) of the situation has
been borne out by numerous legal cases.
Two years later, the state of affairs is an even greater pain in the butt. The swindlers have noticeably improved their
scam plots and social engineering and the challenge for the anti-malware industry is as great as ever. And the technical
aspects of the adware or other potentially unwanted applications is not what we have in mind. We're talking about the
effort that the authors invest into trying to convince people that their software is legitimate. They're trying to
persuade not only the potential victim - which is basically what every trojan does - but also those of us who are
responsible for malware detection! In effect, deciding whether or not to detect a PUA is often peculiarly difficult for
anti-malware researchers.
In this paper we discuss a range of issues from various blatant online scams to applications which are much less useful
than they may seem at first glance. The common factor here is selling a pig in a poke to the everyday, trusting computer
user. The shift from rogue security software towards various PC tuning applications is just one example of an obvious
trend.
Indeed, the surface characteristics of such software differentiate it from typical trojans and other malware. But aren't
the goals of the perpetrators in both cases fundamentally the same? And what is the role of an AV today? Just preventing
infections of PCs from viruses, worms and trojans? Don't we also have a responsibility to keep the Internet clean and
free of junk? This is about boxing the ears of those software vendors who only care about raking in the profits, but offer
no value in return.
"