Juraj Malcho ESET
download slides (PDF)
With the broadening possibilities and the ever-growing number of computer users, many applications are being developed that have hidden or fraudulent intentions, or which are at best of doubtful usefulness. The motivation behind these applications is financial profit and they typically target the technically low-skilled members of the population. Many such applications are not the typical malware used in cybercrime nowadays (like bots or spyware trojans), but rather potentially unsafe or unwanted applications. However, this dubious software is often associated with groups responsible for malware dissemination, and is often distributed using unfair practices such as spam campaigns or push-installations performed by malware.
When AV labs note these practices and add detection of such applications to their products, this causes a conflict of interests between AV software vendors and the suppliers of such potentially unwanted software. These conflicts sometimes result in legal battles, dragging many people into the decision-making process, including the legal department, and consuming a significant amount of a company's human and financial resources. The decision to detect such software is in many cases made even more difficult by the users themselves: different individuals, social groups and even nations have very different desires and opinions.
This paper explores the topics mentioned above and considers the boundary between legitimate and illegitimate applications. The problems are explained with reference to several case studies documenting our experiences with such software. Based on our records of such incidents we will outline the rising trend of complaints and legal cases over time.