About computer protection against certain legitimate applications

Legitimate programs are programs that may be installed and used on computers of users and are intended for performing user tasks. However, when exploited by hackers, legitimate programs of certain types can harm the user's computer and the corporate LAN. If hackers gain access to these programs, or if they plant them on the user's computer, some of their features can be used to compromise the security of the user's computer or the corporate LAN.

These programs include IRC clients, dialers, file downloaders, computer system activity monitors, password management utilities, and Internet servers for FTP, HTTP, and Telnet.

Such programs are described in the table below.

Legitimate programs

 

Type

Name

Description

Client-IRC

Online chat clients

Users install these programs to communicate with people in Internet Relay Chats. Hackers use them to spread malware.

Dialer

Auto-dialers

They can establish hidden phone connections using a modem.

Downloader

Downloader programs

These programs can download files from web pages in hidden mode.

Monitor

Monitoring programs

These programs allow monitoring activities on the computer on which they are installed (seeing which programs are active and how they exchange data with programs that are installed on other computers).

PSWTool

Password recovery tools

These programs allow viewing and recovery of forgotten passwords. Hackers secretly plant them on computers for the same purpose.

RemoteAdmin

Remote administration programs

These programs are widely used by system administrators. These programs allow obtaining access to the interface of a remote computer to monitor and manage it. Hackers secretly plant them on computers for the same purpose: to monitor and control computers.

Legitimate remote administration programs differ from Backdoor-type Trojans for remote administration. Trojans have the capability to penetrate the system and perform an unauthorized installation of themselves; legitimate programs do not have such capability.

Server-FTP

FTP servers

These programs function as FTP servers. Hackers plant them on computers to obtain remote access over the FTP protocol.

Server-Proxy

Proxy servers

These programs function as proxy servers. Hackers plant them on computers to send spam from them.

Server-Telnet

Telnet servers

These programs function as Telnet servers. Hackers plant them on computers to obtain remote access over the Telnet protocol.

Server-Web

Web servers

These programs function as web servers. Hackers plant them on computers to obtain remote access over the HTTP protocol.

RiskTool

Tools for managing a virtual machine

They offer the user additional capabilities for managing the computer. These tools allow the user to hide files or windows of active applications and terminate active processes.

NetTool

Network tools

These programs offer the user of the computer on which they are installed additional capabilities for interacting with other computers on the network. These tools allow rebooting other computers, detecting open ports, and starting programs that are installed on the computers.

Client-P2P

P2P network clients

These programs allow using peer-to-peer (P2P) networks. These programs can be used by hackers to spread malware.

Client-SMTP

SMTP clients

These programs send email messages without the user's knowledge. Hackers plant them on computers to send spam from them.

WebToolbar

Web toolbars

These programs add toolbars to the interfaces of other programs to use search engines.

FraudTool

Fake programs

These programs pass themselves off as other programs. For example, there are fake anti-virus programs that display messages about detected malware. However, in reality, they do not find or disinfect anything.

See also

General protection settings

Configuring the Anti-Virus module

Configuring link scanning

Configuring the Anti-Spam module

Configuring the Anti-Phishing module

Configuring Content Filtering

Configuring external services

Preparing to configure SPF and DMARC Mail Sender Authentication for outgoing messages

Page top