With the proliferation of viruses, worms, Trojans, backdoors, and mixed threats, attacks against new vulnerabilities are generated much faster than before, while social engineering) traps have also become a major focus of new attacks. Attacks with social engineering traps include spyware, network fraud, email-based attacks, and malicious Web sites. These attacks are often disguised as legitimate applications and email information. They are designed to trick users into exposing sensitive information, downloading and installing malicious programs. Traditional security devices are hard to block, advanced detection and security technologies are often required. This article focuses on the features and protection methods of gray software.
1. What is gray software?
Gray software is a general term. It is a type of software installed on a computer to track or report specific information to a specific target. These software is usually installed and executed without being permitted. Many gray software can quietly complete their work when they need to download and run applications, such as tracking computer usage and stealing privacy. When a large number of mail viruses become headlines every month, users may be aware of the risks of opening uncertain emails. However, for gray software, users do not need to open attachments or execute infected programs. Simply accessing websites using this technology will become victims of the gray software. Many gray software only generate junk information, such as pop-up windows. It is true that there is a clear distinction between "harmless" gray software and attacks that steal valuable information such as credit card accounts, passwords, and ID card numbers.
Gray software often comes from the following behaviors: (1) Download shared software, free software, or other forms of file sharing; (2) open an infected email; (3) Click the pop-up advertisement; (4) access to an irresponsible or fraudulent website; (5) install trojans.
Gray software is not necessarily malware. The ultimate goal of many gray software programs is to track website visitors to obtain search results for a specific business purpose. Typical symptoms of gray software are slow systems, pop-up advertisements, and homepages directed to other websites, resulting in harassment. However, Hackers often use the gray software technology for other purposes, such as using browsers to load and run certain programs. These programs can publicly access the system, collect information, track keyboard input, modify settings, or create some damages.
Gray software can be divided into the following categories:
(1) advertising software
Advertising software is usually embedded into software that users download and install for free. After installation, the browser window will pop up from time to spread advertisements, interfering with the normal use of users.
(2) spyware
Spyware is usually embedded in free software. It can track and analyze user behaviors, such as users' habits of Browsing webpages. The tracking information will be returned to the author's website for record and analysis. It will change the computer performance.
(3) dialing software
Dial-Up software is a gray software that controls the Modem of a computer. These programs usually call long-distance calls or call expensive phone numbers to generate revenue for hackers.
(4) joke software
The joke software modifies the system settings, but does not destroy the system. For example, you can modify the system mouse or Windows background image, and some game software is usually a joke or prank.
(5) Point-to-Point Software
Point-to-Point Software (P2P) can complete file exchange. It may be legal to use it to accomplish business goals. It is often illegal to use it to exchange illegal music, movies, and other files.
(6) keyboard record software
Keyboard records may be one of the most dangerous gray software. These programs can capture keyboard input and obtain the user name, password, and credit card number for Email, chat, and instant messaging.
(7) hijacking software
It can modify some browser settings to change users' interests, such as homepage, favorites, or menu. You can even modify the DNS settings to redirect the DNS to a malicious DNS server.
(8) plug-ins
The plug-in Adds code or new features to existing programs to control, record, and send browsing preferences or other information to external addresses.
(9) network management software
It is a gray software designed for malicious purposes. It can change network settings, destroy network security, or cause other network damages. Remote Management tools allow external users to remotely control, change and monitor computers on the network.
(10) BHO
BHO is installed as a DLL file of common software and can control the behavior of Internet Explorer. Not all BHO objects are malicious, but they have the ability to track browsing preferences and collect other information.
(11) toolbar
It can modify the toolbar features of a computer, monitor the habits of browsing the Web page, send information to developers, or change the host function.
(12) download the gray Software
It secretly downloads and installs other software without your knowledge. These programs are usually run during startup and can install AD software, dial-up software, and other malicious code.
Ii. Symptoms of gray Software
The symptoms of gray software are as follows:
(1) performance degradation. Generally, the gray software process is unknown to users. It occupies a lot of CPU and memory resources, leading to a reduction in speed. Open the task manager to view the processes that consume resources. Generally, you can identify the gray software.
(2) even if no online program is executed, the light for sending and receiving data of Cable or DSL Modem, or the NIC or Modem icon in the taskbar is still flashing, it indicates that the data is being transmitted.
(3) Without connecting to the Internet or running a browser, the Information Window and advertisement will pop up on the computer.
(4) the browser's home page changes from default to other pages without notice, and the modification does not work.
(5) The search engine of Internet Explorer is modified, and the search result always points to an unspecified search URL.
(6) The favorites folder of the Web browser cannot be changed back or deleted.
(7) The toolbar of the search or Web browser is modified. New options are installed and cannot be deleted.
(8) anti-virus and anti-gray software programs are forced to stop working, and popular security software is disabled. When the application is running, the system warns of file loss, which does not work even if the file is overwritten. You can disable popular security software before installation.
Iii. protection methods of gray Software
1. User Education
The most basic method of user education is to enable users to understand the characteristics and dangers of gray software, and prohibit downloading and installing software with unknown sources. Alternatively, read the "End User License" carefully before allowing you to download and install unknown programs ". Malicious gray software and trojan programs usually try to hide to prevent being cleared or isolated. Another way to reduce the chance of infection is to improve the security level of the Web browser. configure a mail sending and receiving program like Outlook to disable automatic preview of images or other content in HTML mail, install the latest patches for all operating systems and applications.
2. Install the anti-spyware program
The features of the new anti-gray software are similar to those of computer anti-virus software, which can detect, delete, and freeze the gray software based on the number of feature values and feature libraries of the gray software. Anti-gray software programs are classified into host-based client software and network-based anti-gray software. The cost of host-based client software lies in installation and maintenance, including installation on each computer, regular upgrade of software and virus library. The entire enterprise deployment cost is high due to the use of licenses.
In addition, many Trojans and gray software will take the initiative to detect whether such protection software is available before installation, if so, it will be disabled, so as to avoid being detected. Therefore, there are some risks.
Network-based anti-gray software is deployed on the border platform connecting the enterprise network to the Internet. Identify and clear gray software before it enters the network, reducing installation, maintenance, and maintenance costs. The gateway is upgraded, and all computers after the firewall are automatically protected.
4. Fortinet's gray Software Solution
Fortinet's solution is to deploy networks and hosts simultaneously to cope with gray software. The FortiGate gateway platform integrates several key security elements to minimize the resources required to install and maintain gray software security products on a large number of nodes. Before the gray program enters the network, it can detect, delete, and freeze it to prevent its spread and infection in the enterprise network. Since various security functions are concentrated on hardware-based platforms, it is difficult for malicious programs to close them.
On the other hand, Fortinet's gray software protection system uses feature values, heuristic methods, and exception detection to detect viruses in the network. Administrators can customize scan levels by starting or disabling a type of gray software (such as spyware, AD software, and illegal dialing.
Provides "dynamic AttacK Defense System" security features, comprehensive anti-virus, status detection firewall, intrusion detection and blocking, virtual private network (VPN), Web filtering, spam filtering, gray software detection and defense, and bandwidth management on a platform. This feature can identify and prevent new hybrid attacks that can penetrate traditional firewall, anti-virus, and intrusion detection systems. Because the system architecture shares and coordinates attack information among various security elements, the efficiency is high.
As the number of attacks and vulnerabilities continues to grow, operating system patches, application patches, and anti-virus feature values must be updated to the latest level, which becomes increasingly important and increasingly difficult. With the service network of the Fortinet global security response center, you can automatically upgrade to the latest attacks. This Network identifies new attacks and provides new feature values and defense methods.