August 22, 2017

Not-a-Virus: What is it?

News Products Threats

Sometimes, Kaspersky Internet Security pops up a window with a yellow frame and informs the user that “not-a-virus” has been detected on the computer. Of course, any curious user would wonder why, if something is not a virus, an antivirus application would inform them about it.

Actually, your antivirus has reason for concern. Although the object in question is indeed not a malicious program, it’s something you should know about anyhow. Let us delve into the definition of “not-a-virus,” what kind of applications trigger the warning, and what should you do about those applications.

Generally speaking, Kaspersky Internet Security associates “not-a-virus” with two types of applications: adware and riskware. Both types are not malicious by nature, so they cannot be called viruses. Still, users should know that they are installed; the applications may do something unwanted.

What is adware?

Adware is software with advertising material. This type of software can show you advertisements, alter search results, collect user data to show targeted contextual advertising, or all of the above.

Adware technically is not malicious, but there is nothing good about it, either. All hell may break loose when a few dozen adware applications sneak onto a computer and start to compete with one another for resources.

That said, adware is legitimate software that is installed on computers with the formal consent of users — the catch is, users may not notice a preselected check box during the installation of another application, and thus agree to install adware. Other instances of such monkey business abound, but they are all alike in one way: If users read everything carefully, then they can decline the adware installation.

If adware does not notify the user of its attempt to install itself on the computer, then Kaspersky Internet Security treats it as a malicious Trojan. In that case, the notification will have a red frame, not a yellow one, and the application will be blocked immediately. By the way, you can check out this article in which we discuss what the frame colors of notification windows mean in our products.

My Big Fat Adware Cleaning

What is riskware?

Riskware is a slightly different matter. Applications of this type were initially created as useful tools, and they may be used on a computer for their stated purposes. But quite often, malefactors install riskware — certainly without the user’s knowledge — to pursue their own goals. You can check out the full list of application types that we consider riskware here.

For example, remote computer management software (remote admin) is considered riskware. If you installed one of these applications yourself — and you know what you are doing — then there’s no harm in having it. However, this type of application is frequently included as part of a malware package; in that case, users need to know about it.

Another example is download managers. Many of them do make it easy and convenient to download files, but some of them appear to operate on the brink of breaking the rules, for example, attempting to download extra files while showing a notification using a gray font on a gray background.

Another popular type of riskware is browser toolbars, which may also be adware, depending on their supported features and persistence. And some browser extensions may be considered riskware.

Also, miners fall into the riskware category. Miners are applications for mining bitcoins. Needless to say, if it was you who chose to install a miner on your computer, then everything should be all right. But if someone else did it without your consent, then the installed software is consuming your computer’s resources for their gain.

Explainer: Bitcoin mining

By default, Kaspersky Internet Security does not show notifications of riskware detection. Now, if you go into the “Threats and Exclusions” section of the settings and check the “Detect other software…” option, then Kaspersky Internet Security will inform you about riskware as well.

Still, it will only inform you. The antivirus does not block or delete riskware by default so as not to hinder the legitimate use of these applications. You will not, in fact, see the word “riskware” anywhere in notifications. Only specific information will be shown, telling you if an application is for remote administration, if it is a downloader, or something else.

As soon as riskware starts to download any malware components, it will be reclassified as a Trojan and blocked regardless of whether the “Detect other software…” option is checked.

 

Adware or riskware has been detected. What is the next step?

Kaspersky Internet Security shows detection notifications for such applications so that you know that they are installed on your computer. It is possible that you installed them on purpose: As we said, riskware may be very useful. In that case, there is no reason to worry.

It is also possible that another “not-a-virus” has crawled into your computer without your noticing it. In that case, you need to know if the application is related to either riskware or adware. That is why users are given the chance to choose what to do with the application. If you did not install it, you should probably delete it.