JohnthePilot

The Rise and Rise of Rogue Security Software

Look up the definition of the word “rogue” in a dictionary and you will find something similar to this: “An unprincipled, deceitful, and unreliable person; a scoundrel or rascal.” 1

When applied to security software, the meaning is much the same. Rogue security software is an application that appears to be beneficial from a security perspective but provides little or no security, generates erroneous alerts, or attempts to lure users into participating in fraudulent transactions. Some products defined as "rogue" simply fail to provide the reliable protection that a consumer paid for. Others are far more sinister, masquerading as legitimate security software, and using deceptive tactics to con users into buying the product.

Unfortunately for computer users, the number of rogue security and anti-malware software, also commonly referred to as “scareware,” found online is rising at ever-increasing rates, blurring the lines between legitimate software and applications that put consumers in harm’s way.

Industry experts have reported a five-fold year-on-year increase in the number of rogue applications invading the Internet.

“Levels have increased dramatically. Of all the rogue security applications we have in detection, approximately 21 percent of the total in detection have appeared since June 2008. There are clearly vast amounts of money to be made from these rogue programs,” says Lavasoft malware analyst and Research Team Leader, Andrew Browne.

In recent weeks, researchers in the Lavasoft Security Center have seen a variety of new rogue security applications appear, all of which are rogue anti-malware products. Examples of these products include the following: eAntivirusPro, Antimalware 2009, PersonalAntiSpy, Windows AntiVirus 2008, MicroAntivirus 2009, AntiVirus Security, and AntiSpyware Pro XP.

“All of these applications have extremely professional looking user interfaces, making users all the more likely to be tricked into purchasing them,” Browne says.

What is being done to stop these rogues from spreading online? Detection through legitimate security software is not the only way progress is being made to fight the increasing levels of rogue software. Some are trying to take rogues to task, attempting to make the purveyors accountable by working through the justice system. In the end of September 2008, the state of Washington, USA, along with the Microsoft Corporation, filed lawsuits against alleged scareware purveyors, the marketers of the Registry Cleaner XP program.

If the past is anything to go by, this suit may prove to be another important example of what can be done to quell rogue software purveyors and stop consumer fraud in this area. In the United States, Washington has been a leader in the battle against spyware. It was one of the first states to adopt a law prohibiting spyware activities and to impose serious penalties on violators; and since 2005, the attorney general’s office has filed seven suits under this statute – the Computer Spyware Act.

"We won't tolerate the use of alarmist warnings or deceptive 'free scans' to trick consumers into buying software to fix a problem that doesn't even exist," Washington Attorney General Rob McKenna said in a statement.

"We've repeatedly proven that Internet companies that prey on consumers' anxieties are within our reach."


copied from Lavasoft News