What is badware?
What is badware?
Badware is software that fundamentally disregards a user’s choice about how his or her computer or network connection will be used.
Some badware is specifically designed for criminal, political, and/or mischievous purposes. These purposes might include:
- stealing bank account numbers, passwords, company secrets, or other confidential information
- tricking the user into buying something that he or she doesn't need
- sending junk email (spam), or sending premium text messages from a mobile device
- attacking other computers
- distributing more badware
This type of badware is often referred to as malware. It includes viruses, Trojans, rootkits, botnets, spyware, scareware, and more.
Some badware may not have malicious intentions, but still fails to put the user in control. Consider, for example, a browser toolbar that helps you shop online more effectively but does not mention that it will send a list of everything you buy online to the company that provides the toolbar. In this case, you are unable to make an informed decision about whether to install or use this software. Another example is when you install a piece of software, and that software installs additional software that you weren’t expecting. This can be especially troubling if the additional software does something you dislike or doesn’t uninstall when you remove the original software.
At times, the line between deliberately malicious software and unintentionally bad software can blur. Software creators and distributors can, and should, stay away from this blurry line by using clear messaging and thoughtful product design to keep users in control of their computers and networks.
A badware website is a website that helps distribute badware, either intentionally or because it has been compromised. Many normal, legitimate websites are infected and turned into badware websites without the knowledge of their owners.
Some badware websites infect your computer with badware using drive-by downloads. Drive-by downloads occur when a website automatically (and often silently) installs software as soon as you visit the site; no clicking is necessary. Typically this kind of attack takes advantage of a vulnerability or “hole” in your web browser, a browser plug-in, or other software on your computer.
Social engineering attacks are also common ways for badware websites to distribute badware. These attacks take advantage of human nature by tricking people into installing badware. A popular trick shows a fake virus scan that indicates that your computer is infected and encourages you to download and/or purchase a tool to remove the infection. Another popular trick is offering to display a video that sounds interesting, but only after you install a plug-in or codec that is “required” to view the content.
Read our Badware Guidelines for more details about what StopBadware defines as badware.
Want to learn more about badware websites? We teamed up with the folks at BlueHost to make this fun video about website security basics.