Rogue security software is an application that appears to be beneficial from a security perspective but provides little or no security, generates erroneous alerts, or attempts to lure users into participating in fraudulent transactions. Some products defined as “rogue” simply fail to provide the reliable protection that a consumer paid for. Others are far more sinister, masquerading as legitimate security software, and using deceptive tactics to con users into buying the product.
The Surge of Unsavory Software
Unfortunately for computer users, the number of rogue security and anti-malware software, also commonly referred to as “scareware,” found online is rising at ever-increasing rates, blurring the lines between legitimate software and applications that put consumers in harm’s way. Industry experts have reported a five-fold year-on-year increase in the number of rogue applications invading the Internet.
“Levels have increased dramatically. Of all the rogue security applications we have in detection, approximately 21 percent of the total in detection have appeared since June 2008. There are clearly vast amounts of money to be made from these rogue programs,” says Andrew Browne a malware analyst and Research Team Leader at Lavasoft.
In recent weeks, researchers in the Lavasoft Security Center have seen a variety of new rogue security applications appear, all of which are rogue anti-malware products. Examples of these products include the following: eAntivirusPro, Antimalware 2009, PersonalAntiSpy, Windows AntiVirus 2008, MicroAntivirus 2009, AntiVirus Security, and AntiSpyware Pro XP.
“All of these applications have extremely professional looking user interfaces, making users all the more likely to be tricked into purchasing them,” Browne says.
Stopping the Spread of Rogues
Detection through legitimate security software is not the only way progress is being made to fight the increasing levels of rogue software. Some are trying to take rogues to task, attempting to make the purveyors accountable by working through the justice system. In the end of September 2008, the state of Washington, USA, along with the Microsoft Corporation, filed lawsuits against alleged scareware purveyors, the marketers of the Registry Cleaner XP program.
If the past is anything to go by, this suit may prove to be another important example of what can be done to quell rogue software purveyors and stop consumer fraud in this area. In the United States, Washington has been a leader in the battle against spyware. It was one of the first states to adopt a law prohibiting spyware activities and to impose serious penalties on violators; and since 2005, the attorney general’s office has filed seven suits under this statute – the Computer Spyware Act.
“We won’t tolerate the use of alarmist warnings or deceptive ‘free scans’ to trick consumers into buying software to fix a problem that doesn’t even exist,” Washington Attorney General Rob McKenna said in a statement. “We’ve repeatedly proven that Internet companies that prey on consumers’ anxieties are within our reach.”
What can consumers do to stop the spread of rogues and save their hard-earned cash for genuine programs that protect their PCs and personal information? Here are six tactics from the experts at Lavasoft designed to give computer users the knowledge they need to keep from buying rogue security products.
1. Do not fall for scare tactics. Not sure what that means? While browsing sites, be cautious of pop-ups warning you that your system is infected and offering a product to clean it up. Never pay for a program that installed itself to your computer. This is a hallmark of rogue software.
2. Use security software and keep it up-to-date. If you know that you have anti-virus, anti-spyware, and a firewall on your PC, you can safely ignore security alerts you receive that do not come from your chosen security software provider. (Rogue security software will often try to lure computer uses by using legitimate looking pop-up messages that appear to be security alerts.) Also, most anti-spyware programs will help keep you protected from rogues because they can find and detect these programs.
3. Access experts at online security forums and ask about the software you are considering before you decide to purchase it.
4. Read the software reviews at reputable sites like Download.com. Do not blindly trust individual sites offering security products. You can also refer to reputable lists of trustworthy anti-spyware programs, like the one on SpywareWarrior.com.
5. Ask knowledgeable friends and family members about quality software they use. Keep in mind that when you search for trustworthy security software online, rogue products can, and often do, appear in the search results list.
6. Practice online skepticism. Be aware that rogue security software does exist on the Web, and be vigilant about avoiding it. These programs are designed to appear genuine – meaning they may mimic legitimate programs, use false awards and reviews to rope you in, or employ other deceptive tactics. It’s also a good idea to familiarize yourself with common phishing scams, and to be cautious of links in e-mail messages and on social networking sites.