Within the context of corporate and organizational networks, a greynet (or Grayware) is an elusive networked computer application that is downloaded and installed on end user systems without express permission from network administrators and often without awareness or cognition that it is deeply embedded in the organization’s network fabric. These applications may be of some marginal use to the user, but inevitably consume system and network resources. In addition, greynet applications often open the door for end use systems to become compromised by additional applications, security risks and malware.
- Public instant messaging (AOL Instant Messenger, Windows Live Messenger, Yahoo! Messenger)
- Web conferencing (webcam, VoIP telephony)
- Peer-to-peer (P2P) file sharing clients
- Distributed computing such as SETI@home
- Adware "utilities"
- Commercial spyware
- Keystroke logging
The dynamics of greynet growth
As computer workstations have become connected to the Internet, a variety of programs have proliferated that offer the ability to extend communications, gather and deliver information, and to serve the needs of marketing concerns. Among the first to emerge were instant messaging clients such as ICQ, AOL Instant Messenger and MSN Messenger. Developments in technology have added video capability through webcam units, all of which have worked together to take advantage of available bandwidth in single, small network, and corporate environments.
The growth of greynets takes advantage of software and hardware developments. Informal networks are now appearing that provide a variety of streaming media and content that is supplied or modified by end users. An emerging category is "podcasting", in which users generate content for widespread download on portable MP3 players.
Problems with greynet programs
The problem with greynet programs is fourfold. First, greynet programs create network security risks by causing broad vectors for malware dissemination. Second, they create privacy issues for the network by opening large holes for information leakage. Third, greynet programs create compliance issues for a computer network by creating an invisible parallel communications network. Fourth, they create issues on local machines through the consumption of local system resources and possible operating system or program stability concerns. All of these things increase network and IT administration time and costs.
Added to this in the corporate work environment is the loss of meaningful production time due to non-work related distractions through these greynet applications. Individual network environment policies may vary from non-existent to a full lockdown of end user system privileges. See the "Risks and Liabilities" section of instant messaging for a more detailed overview of threats, risks, and solutions to those problems for the most prevalent of the greynet programs, public IM.
Dealing with the security aspects of greynets has led to the emergence of specific administrative software packages that monitor and control traffic, as well as the enhancement of security suites and adware clients.
Security and monitoring
Among the first and most prevalent of the specific administrative software packages were products that secure networks against threats borne by IM and P2P networks. These products were first introduced in 2002, and now protect 10% to 15% of U.S. corporations.
- Dostart, Kate (April 12, 2007). "Instant messaging threats become more sophisticated". SearchVoIP.com.
- Kerner, Sean Michael (November 10, 2006). "Greynets Getting Greyer". internetnews.com.
- Joyce, Erin (August 2, 2005). "Spyware Skyrockets on Greynet Fuel". internetnews.com.