Several weeks ago I posted a note at the Browser Defender "If you believe this site has been incorrectly classified please let us know..." that autohotkey.com was flagged because the .exe download contains backdoor functionality.

Understandable that autohotkey would have some nice low-level stuff that bd might not like, but it got me thinking, is autohotkey really ok? I guess it must be, but in any case I never got a response from my email, and I see that autohotkey still is flagged.

The autokey program contains functionality which resembles some threats. So in this case we would perhaps re-rate the site as yellow but keep the file ratings because say it was maliciously installed on a users PC without them knowing then it could be harmful and users need to be aware of this. The software itself is not harmful, but can be used maliciously.

An similar example is the IRC client. IRC itself is fine, but if installed on a user's PC without them knowing then it could be used to communicate to outsiders such as hackers etc who would issue commands through it.