Alan D
Group: Members
Posts: 3670
Joined: Aug. 2004 |
|
Posted: Nov. 24 2006, 13:08 |
|
Quote (Morti @ Nov. 24 2006, 14:12) | anything that allows data transfer over the Internet could be "riskware" in the same way. |
I think that may not be an accurate description of the situation. All I can do is offer the information I've been able to gather myself, and then it's up to the individual whether it's a risk he or she wants to take.
As far as I understand it (which isn't far), mIRC is considered a risky piece of software on two grounds.
1. Some trojans actively use mIRC to communicate with their criminal authors through an IRC network. In fact they actively install some form of IRC client on the compromised machine in order to do so. I think this is the primary reason why some antispyware programs pick up mIRC, and call it 'riskware'. If the user hasn't deliberately installed mIRC himself, then he needs to be alerted that it's there because clearly his system has been compromised even though mIRC itself is not malware. Personally, I'd simply prefer to know that there are no IRC clients on my system - so if I find one there, I know it's a baddie. But that's a personal decision based on the fact that online chatting isn't very significant for me.
2. I was told about other mIRC problems by someone who runs an internet security advisory service. She used mIRC for many years as an administrator and operator on a large chat network, but has now abandoned it because people were distributing more and more malevolent code and she says she couldn't keep up properly with writing scripts to foil them.
Now, maybe I'm just picking up the collective paranoia from talking to too many internet security gurus, but at the end of the process we all decide what risks we're each willing to take on the internet, and this was a sticking point for me.
|