Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Security Software

When Does Software Start Becoming Malware? 165

New submitter Da w00t writes: Talos security researchers detected a malicious shockwave flash file that not only bypasses pop-up blockers, but also accurately fingerprints computers with the help of some JavaScript. The 'Infinity Popup Toolkit' is a prime example of software that falls into this gray area by bypassing browser pop-up blocking. In deciding to classify the toolkit as malware, the researchers pondered where the line lies between software that's harmful and software that's not. Quoting: "Without a clear standard defining what is and is not acceptable behavior, identifying malware is problematic. In many situations, users are confronted with software that exhibits undesirable behavior such as the Java installer including a default option to install the Ask.com toolbar. Even though many users objected to the inclusion of the Ask.com toolbar, Oracle only recently discontinued including it in Java downloads after Microsoft changed their definition of malware which then classified the Ask.com toolbar as malware."
This discussion has been archived. No new comments can be posted.

When Does Software Start Becoming Malware?

Comments Filter:
  • by xxxJonBoyxxx ( 565205 ) on Wednesday September 16, 2015 @11:37AM (#50533527)

    >> When Does Software Start Becoming Malware?

    When I didn't ask to install it. Toolbars (like this), automatic update services (that are silently added) and anything else that impacts my resources or distributes my information in a way I didn't choose is malware, IMHO.

    Looking at you, Windows 10...

    • by thegarbz ( 1787294 ) on Wednesday September 16, 2015 @11:52AM (#50533675)

      When I didn't ask to install it.

      Oh but you did. Didn't you read the EULA and look for the tiny size 4 "opt-out" text on the screen?

      I would go one step further, any software is malware when it does something other than the user intended. It doesn't matter that the Ask toolbar had a checkbox in the installer, the fact was unless I went to Ask.com and downloaded it there it's malware. Likewise it doesn't matter that I installed Windows 10, the fact that it sends data without the user's intention makes it malware.

      • by war4peace ( 1628283 ) on Wednesday September 16, 2015 @11:53AM (#50533689)

        When I didn't ask to install it.

        I would go one step further, any software is malware when it does something other than the user intended.

        So... software bugs are all malware?

        • by mark-t ( 151149 )
          Software bugs are not malware, but they can turn the software in which they exist into malware whenever the software does something other than what the user intended.
          • by N1AK ( 864906 )
            Given that pretty much the definition of a bug is doing something the user didn't intend (with a small exemption for doing things the maker didn't want, but the user did intend) that's a pretty pointless distinction.

            If you define malware this ridiculously widely then it achieves nothing aside from making the term pointless.
            • by mark-t ( 151149 )

              I said it *CAN*.... not that it *DOES*.

              I more specifically define malware as software that, without the user desiring it, changes how some other piece of software that was not installed with it functions. Software bugs can cause this to happen.

            • by sconeu ( 64226 ) on Wednesday September 16, 2015 @01:05PM (#50534379) Homepage Journal

              Then Malware is DESIGNED to do something other than what the user intended.

              • by thsths ( 31372 )

                Bingo. And this definition is not even contentious - but it clearly includes Java. It also includes many "freemium" games.

              • by N1AK ( 864906 )
                I think that is a pretty good rule of thumb, and it clearly excludes software with bugs which was in the definition I was taking exception to.
            • by mrchaotica ( 681592 ) * on Wednesday September 16, 2015 @01:19PM (#50534493)

              The difference is malicious intent. A bug is when the programmer is trying to make the software do what the user wants, but accidentally fails. Malware is when the programmer is trying to make the software do what the programmer wants, user's wishes be damned.

              • Malware is when the programmer is trying to make the software do what the programmer wants, user's wishes be damned.

                You mean like DRM?

                • Yes. All DRM is malware (but not all malware is DRM).

                  • by N1AK ( 864906 )
                    That definition really doesn't make sense, even if it sounds nice to a demographic that hates not being able to do whatever they want. By that definition any software that charges for premium functionality is malware because the restriction on functionality is for the software makers benefit not the users. Software released under many open source licenses could also be considered malware as the requirement that anyone who modifies the code has to release the changes isn't for their benefit it is for the ben
                    • Yes. All DRM is malware (but not all malware is DRM).

                      That definition really doesn't make sense, even if it sounds nice to a demographic that hates not being able to do whatever they want.

                      In other words, a demographic that respects the concept of property rights. Once I buy [a copy of] something, I own it [i.e., that copy]. Because it is my property, I have the right to use it as I wish!

                      Some examples:

                      • If I buy a house, the seller can't tell me I'm not allowed to sell it to black people.
                      • If I buy a car, the se
                    • In other words, a demographic that respects the concept of property rights. Once I buy [a copy of] something, I own it [i.e., that copy]. Because it is my property, I have the right to use it as I wish!

                      But I thought software, like digital music and movies, wasn't property and therefore couldn't be stolen?

                    • Copyright is not property (it is a limited monopoly, an intangible concept), and can only be "infringed:" making a copy does not "steal" the copyright; the copyright holder still has it.

                      An individual copy is property, and can be stolen.

                      Let's say Alice owns a CD of music created by Bob. If Eave takes Alice's CD then Alice doesn't have it anymore -- Eave has stolen Alice's property. If instead Eave copies Alice's CD then Eave has (probably*) infringed upon Bob's copyright.

                      (*unless Eave had Bob's direct or i

        • by jbmartin6 ( 1232050 ) on Wednesday September 16, 2015 @12:02PM (#50533757)
          Well you are right there is technically a flaw in the definition. But it is a good concept though. How about 'by design does something the user did not intend'
          • by Anonymous Coward

            So do systemd's binary logs, which are like that by design, although this is unwanted by many users, qualify it as "malware"?

          • That doesn't work either. Because 'by design' Windows prefetch uses system resources to allocate memory so that something the user will arguably like (have applications load faster). Users are so ignorant of the workings of their computers we couldn't have computers only do "What the user intended" to happen.

            My proposed definition would be:
            "By design works against the user's best interests."

            For instance in Windows 10 users intend for their touch keyboard to work well. In order for a touch keyboard to w

            • by thsths ( 31372 )

              Yes, I like this. The definition clearly identifies the gray zone, and it can be further refined by defining the terms in the definition.

            • The users best interest is far to vague, you could say the NSA spying on you is in the users best interest as well because they are trying to protect you. You could say selling your information to advertisers is in the users best interest because it lets you buy product that you want.

              There needs to be a list of user rights that should not be violated unless granted explicit opt-in rights. Here is a list of some.

              1. Right to privacy, no information should be recorded unless it is apparent to the so. So enteri

              • You just revealed the best feature of the definition not a flaw. Because:
                1. Google Docs records every keystroke to the cloud. That's in the user's best interest to have live collaborative editing. So is that a keylogger? Yep. Is it a keylogger that has the user's interest at heart? Yes.

                2. This would work better if in fact there was a 'stated intent' of an application. What is an application's stated intent? Notepad is for writing code. Or a novel. Or ASCII art. And that's just notepad!

                Sellin

              • by AmiMoJo ( 196126 )

                Yet again, Stallman is proven right. He was right all along, and the future he predicted is coming true. A future where software works against us.

                All because we trusted closed source software not to be evil. Slowly evil became the norm.

            • NSA would argue that spying on people is not against their best interests.
              In a nutshell: depends who you're asking :)

          • No, I think that's still too broad. If the user intends to give away 5000 copies of that software to people who didn't buy it, but the software prevents that through online license number checking, it would be malware. But it's not.
            Calling it malware is, IMO, a dickish move.
            Maybe "the software does, by design, something that the user didn't intend to do, and does it without notifying the user of whatever it is that it's doing". Not really complete, but takes things a step further.

        • So... software bugs are all malware?

          I believe they can be. What is the practical difference to the end user between a virus blocking access to the internet to prevent you downloading software to eliminate it, and for example a VPN client with a kill switch not correctly unloading the TAP driver (happened on my father's machine) resulting in a computer that is completely unusable?

          The end result to the user is the same: no internet.
          The resulting fix is the same: remove the guilty package and replace it with something the user wanted.

          Do intentio

          • Most software bugs do not result blocking internet access or any virus like behavior, they may crash your game, they may not allow you to do particular thing in your application you are running. They don't generally send out key log information, allow a remote attacker to gain to your computer (sometimes they do but usually not), make your computer part of a DOS attach.

            By the original definition

            Any software is malware when it does something other than the user intended.

            all software bugs are malware, because they probably do what the at least one user doesn't want. In fact, this def

        • It could be argue that bugs are malware, but my definition of malware is that it benefits someone besides the user/owner* of the software.

          *Not sure how corporate spying software falls

      • The problem is that consumers who are "users" of off-the-shelf software may only "intend" that key advertised and user-visible functionality should exist in any application. Consumers, by and large, unconsciously assume that any additional and hidden functions are somehow in good-faith support of the user-visible functionality. However, those same consumers really have no knowledge or insight into any functionality of compiled code other than advertised and user-visible functions. For an application of any
      • by vux984 ( 928602 )

        Frankly, I think the solution is that it needs to be community based. Develop your antimalware kit, develop 'removal' tools for pretty much everything.

        Maintain an obvious malware list internally, where there is no debate.

        Then let communities develop lists of their own lists, and allow users to subscribe to one or more of those lists. Stuff like ask.com and mcafee security scan, and other borderline stuff will be added to the community lists.

        The decision making process is then shifted to the people the decis

      • I would go one step further, any software is malware when it does something other than the user intended. It doesn't matter that the Ask toolbar had a checkbox in the installer, the fact was unless I went to Ask.com and downloaded it there it's malware. Likewise it doesn't matter that I installed Windows 10, the fact that it sends data without the user's intention makes it malware.

        think about your OS and installed software, and really, think hard if you explicitly asked for them to them to do everything they do. you don't even know everything they do.

        as for linux, not too long ago it forced Ubuntu One on me and had a persistent icon in my bar. i never asked for that. i guess Ubuntu is malware too.

        • think about your OS and installed software, and really, think hard if you explicitly asked for them to them to do everything they do. you don't even know everything they do.

          You opted in to your OS when you bought or installed it. That's not quite the same thing.

          If a piece of software writes persistent-id-cookie-type information to my hard drive, and I did not explicitly give it permission to do that (as I do with my OS and any DRMed purchased software I install... which is damned little), it's malware. I don't give a damn about any other definition.

    • by mlts ( 1038732 )

      Part of the definition should be software that sends or alters data and the machine configuration from a user's machine without explicit authorization and without a direct, primary purpose beneficial to the user.

      Something like VirusTotal where a user scans a file against a good amount of AV programs passes these two tests. It has a primary reason to grab and upload a file, and the user explicitly uploaded it.

      Browser fingerprinting software, update "services", loopback tunneling services to MITM SSL, and ma

    • No, I think its way earlier than that. Software is malware when the device owner isn't in control of the software. If it communicated with anyone or anything in a way that you are unable to view, start and stop communications then it is malware. If it does things without asking you telling it to or at least authorizing automated activity, it is malware. If it enables secrecy between your device and a 3rd party that you aren't privvy to, it is malware.

    • >> When Does Software Start Becoming Malware?

      When I didn't ask to install it. Toolbars (like this), automatic update services (that are silently added) and anything else that impacts my resources or distributes my information in a way I didn't choose is malware, IMHO.

      Looking at you, Windows 10...

      I'm a bit curious. Would you include Chrome in this classification? Just about every other free download from most sites has Google Chrome with the check-box already checked.

    • by thsths ( 31372 )

      Indeed. The definition is actually quite simple:

      If software intentionally does something the user does not want.

      It is a subset of bad software (which does not require intent).

      Of course intent is difficult to prove, but any kind of revenue sharing is usually a pretty good clue.

  • by Arkh89 ( 2870391 ) on Wednesday September 16, 2015 @11:38AM (#50533529)

    When the ratio nuisance / benefits is larger than some threshold (>=1)?

  • when it becomes malicious? tbh, I think it's when software does something that the user wasn't expecting or want and feels that they can't trust that software anymore.
    • ...such as bugs?

  • by netsavior ( 627338 ) on Wednesday September 16, 2015 @11:42AM (#50533573)
    Here is the test: Does the software do anything that I want it to do? Did I install it or did I have a choice in installing it (a real choice, not a tricky dialog box). And finally, the true test... if someone UNINSTALLED or stopped this software from functioning, would I actively try to re-enable it.
    If it doesn't meet these criteria, then it is spyware, crapware, malware, or junk, and should be classified as malicious. This includes almost all programs and web pages. This is Sturgeon's law, 90% of everything is crap. But in computer science you can take it one step farther. 90% of everything is crap, and 90% of the stuff that is worthwhile is designed to keep away the crap.
    • Malware can also be trojan. Spyware is an excelent example of that, most spyware is very useful, they just collect data on you and sell it on. In some cases like Google, you don't even risk them selling it on to anyone criminal, just for advertisement.

      So some spyware is certainly malware.

      The real question is: Is Chrome or Android, they are if Windows 10 is.

    • So, if I were to write a computer game you really liked, and had it send me interesting things like your personal information, credit card numbers, and porn, it isn't malware? You installed it, it does something you want, and if you didn't know any better you'd want the software reinstalled if it were removed.

    • by gweihir ( 88907 )

      But in computer science you can take it one step farther. 90% of everything is crap, and 90% of the stuff that is worthwhile is designed to keep away the crap.

      Very true. My chosen field has decided to screw itself over repeatedly and with a vengeance. I really do not get the level of stupidity that gets applied. It is like every moron that can barely write a line of code insists on shaping the "future" of CS. CS also still fails to really be engineering or science. This is just pathetic, given the time it had to evolve.

  • Based on Skype and now Windows 7-10, I'd say that Microsoft-owned --> Malware.

    • by jafac ( 1449 )

      YEs.

      And in the example in the OP; if Microsoft deems the "ask.com" toolbar as "malware" - - - hmm, is that because users don't want it? Or is it because Microsoft doesn't want a competitor's search engine on the desktop? This rabbit-hole doesn't actually go that deep.

  • by nimbius ( 983462 ) on Wednesday September 16, 2015 @11:43AM (#50533591) Homepage
    coming from windows and mac, its hard to imagine youd need a definition. For a linux user, the answer is simply whenever the application does something i did not tell it to do.
    when i read its changelog and its now, for example like firefox, going to include a targeted advertising system. If the application lies about its intended function, or prevents me from using my computer as I've set out to use it.

    For some of us, malware is an ethos, foretold by Richard Stallman. in Linux the word of root is sacrosanct. there are no upgrades, no updates, and no communication from the system or its processes that is not controlled by or intrinsically authorized by root. For myself, Windows and Mac have been malware for quite some time.
    • So, you specifically told every single Linux program what to do? You actually told gdm to start? You told your web browser to cache data? You told vi to automatically make backup files?

      I get your primary point. But the way you put it may be a little bit simplistic for a complex system. My Linux boxes do a lot of things that I didn't actually tell it to do. Cron runs, and I didn't tell it to. I know it does it, but I didn't TELL it to. It's default behavior. Some distros have sudo automatically setup. Some d

      • So, you specifically told every single Linux program what to do? You actually told gdm to start? You told your web browser to cache data? You told vi to automatically make backup files?

        The software has a description of what it does. As such, he told them those pieces of software to do those things when he accepted the defaults in good faith during the initial installation.

        • when he accepted the defaults in good faith

          Exactly. So, the issue here isn't so much what MS is doing, but not being more up front about it. In other words - documentation and probably some better decisions (heh). But the OP said that malware was a program doing anything that he didn't *tell* it to do. Telling something to do something is active; accepting defaults is fairly passive, I would argue.

          Maybe it's a nitpick, but I see it as a pretty big one. Linux distros do a lot of things that I didn't actually ask them to do. It just so happens t

          • My argument is that defaults are active because you told the software to install and trust that it's going to do what it says on the tin. If I install a widget that says it'll automatically delete my browsing history when I close my browser, I should be able to reasonably trust that by default it's not going to erase my hdd while leaving my history intact or send the history out to a 3rd party before deleting it.

            Obviously there's an element of degree to it, which I think is where the nitpicking comes in.
      • I have a laptop running Gentoo as its' sole OS. The fact there is a cron service installed at all is because I wanted one. Whether the system boot manager is OpenRC or systemd was my choice, not somebody in charge of the distribution. For any compilation option that can be turned on or off, there is a good chance that it is exposed to the package manager and thus I chose its' state when installing. (If not, portage is the simplest manager I've seen when altering installation scripts, so overriding that choi
        • So even within Linux distros, there's differences in how much they do without you "knowing." This was my point. :)

          I haven't actually setup Gentoo... I played with Sabayon at one time, but that's a just a Gentoo-based distro, as I recall. I don't think I had to do the whole crazy long Gentoo installation and configuration process.

          But I've installed and configured a whole lot of aix, linux, solaris, hp-ux, and windows servers for work, so I'm not unfamiliar with the way *nix works. :)

      • by allo ( 1728082 )

        At this point you start with the big picture. You installed some distro to have a usable desktop. you expect a sane login system. Your distro does so, by using gdm. So your distro does what you expect from it, gdm does whats needed to fulfill this. cron is some helper, which does useful things, too. You may inspect it or disable it. Now systemd is another topic ...
        But in the end, its something you (indirectly) chose. Some flash downloaded from a website is downloaded by some software you trust, still it is

    • by gweihir ( 88907 )

      Good definition. I like it.

  • Lies (Score:5, Insightful)

    by Moof123 ( 1292134 ) on Wednesday September 16, 2015 @11:43AM (#50533593)

    When the software behaves counter to the stated purpose, or the company behind it lies about the what they are doing with data collected by the software, it is malware.

    Sadly Windows appears to fall into this with all their recent auto-downloading of Windows 10, and extra monitoring being added to 7 and 8. I welcome a broader definition that shames such behavior, if not criminalizes it. Google is a little more upfront about this being their business model, but I still squirm at their cavalier collection of every piece of information they can get their paws on.

    • This was my first reaction too, and I thought along the lines of: if it conceals what it does (encryption or obfuscation) and will not work within the existing controls. Yes, I know encryption has legit uses so that as a criteria needs some refinement. I was just thinking of all the signatures that block obfuscated Javascript. Sure, some stuff is obfuscated and isn't malicious in any other way, but you know what? We never missed it. Honest people and/or software act openly and directly. To me at least anyth
    • by jafac ( 1449 )

      I welcome a broader definition that shames such behavior, /i>

      Really? I don't see that as a new thing. I see this as an extension of the Computing Ethics class I took for my degree. It was required. I suspect that when you get Marketroids making Engineering decisions (as you very commonly see at Microsoft), you end up with people who haven't been required to take a Computing Ethics class - making UNETHICAL decisions.

      All this data collection that has been going on since around 2000 or so, was deemed comp

  • by lambsonic ( 512680 ) on Wednesday September 16, 2015 @11:47AM (#50533631)

    Toolbars are just the tip of the iceberg. All major browsers are malware because they don't isolate cookie storage (or all storage, really) between origin domains, breaking the same-origin policy. Third-party cookies then become data trojans. Intent is important here. It isn't just a vulnerability, but a design flaw continued by the fact that all major browser development is funded by advertising companies.

    See for yourself how Mozilla refuses to fix a security vulnerability that is enabling billions to be made from stolen user data: Bugzilla bug 565965 [mozilla.org]

  • by Anonymous Coward

    Does it do what it is supposed (and documented/advertised) to do, and nothing else? Probably not malware.

    Does it do all kinds of stuff that it isn't documented as doing (especially if it does it unasked)? Probably malware.

    And yes, I regard programs that call home looking for updates -- if they haven't asked for and received permission to do that -- to be a (mild) form of malware, although their benefits might outweigh that.

  • by Anonymous Coward

    Is this article posting Dice's way to introduce the Dice Toolbar?

  • by QuietLagoon ( 813062 ) on Wednesday September 16, 2015 @12:03PM (#50533767)
    Software is malware when:

    .
    - it does things to your computer that you did not ask it to do

    - it downloads software you did not ask it to download

    - it gathers data from your computer and sends it to distant servers without your knowledgeable permission (agreeing to a fine-print multi-page EULA is not knowledgeable permission)

    • While I largely agree, the issue is not quite as black and white as you paint.

      There are something around 2 Billion users with Windows installed on their computer. Regardless of your personal opinion about updates, they should be enabled by default, with no user prompt asking them at install time if they want updates. This is the same argument for mandatory immunization; the species as a whole benefits from herd immunity. If you are arguing against automatic updates, and malware-scanning-by-default, then I t

    • by trawg ( 308495 )

      - it does things to your computer that you did not ask it to do

      Like a bug?

      - it downloads software you did not ask it to download

      Like all Google software that auto-updates?!

      - it gathers data from your computer and sends it to distant servers without your knowledgeable permission (agreeing to a fine-print multi-page EULA is not knowledgeable permission)

      This is a good one though.

  • I will go by the definition of malicious as "characterized by malice; intending or intended to do harm"
    Oracle has the intent of causing harm by installing the ASK toolbar? Yes -> malware, No -> not malware.
    ASK has the intent of causing harm with the toolbar? Yes -> malware, No -> not malware.

    Buuuuuuut....
    I will also go by the definition of pernicious as "having a harmful effect, especially in a gradual or subtle way" To bring up a new classification perniciousware (or pernware)
    Is ASK
    • I'm not sure you need to use "pernicious". As far as I'm concerned, somebody who attempts to use a position of power or specialized knowledge to trick me into behaving against my own interests is being malicious. In this case, they are doing me harm by appropriating something that's mine for their own use.

      My computer doesn't own anything. So they aren't stealing my computer's resources. They are stealing my resources.

  • by gurps_npc ( 621217 ) on Wednesday September 16, 2015 @12:08PM (#50533801) Homepage
    rather than the customer's benefit, without making it very clear and expressly asking permission.

    Putting anything on my computer for your benefit without making absolutely sure I know what is going on, is MALWARE.

    Or will you let me put a key logger on your PC in order to 'ensure quality'.

  • ...it's called iTunes.

  • easy. (Score:4, Interesting)

    by epyT-R ( 613989 ) on Wednesday September 16, 2015 @12:11PM (#50533829)

    When it:
    1. Installs without permission
    2. makes any unnecessary network connections
    3. tracks the user and uploads any data not relevant to functionality (with or without permission, mandatory or not)
    4. injects code into the bootloader, filesystem, or anywhere else that's not strictly necessary
    5. localfunction/desktop software that requires the user to 'log on' to a vendor portal and/or has 'dead man' switches that require subscriptions (adobe suite)
    6. abuses system GUI conventions (skinned applications)
    7. is bundled with irrelevant 3rd party plugins, addons, or extensions for marketing purposes (browser search toolbars, apple itunes/quicktime on windows etc)

    • by jafac ( 1449 )

      "unnecessary" is a very squishy term.

      Microsoft might think that it's completely necessary to collect your personal preference information, in order to provide ontological context for the desktop AI assistant. Or to give their developers more information when they're troubleshooting application crashes. It's offloading data from your machine, for "distributed processing" - data that is shared with applications running on their server, or even going to analysis by their developers. These uses may sound perfec

    • by allo ( 1728082 )

      Firefox? 2, 3, 6, 7. Maybe 5, if you count firefox accounts and pocket as "requires" (for some of the functionality)

  • When the software changes how some other software that is already installed on the computer behaves when the user did not expressly indicate that they desired it, it is malware.

    It is insufficient to conclude that the user desires how such software might modify the behavior of other software when it is bundled by default with with yet another piece of software that the user did express intent to want to use . In many ways, such software would resemble a trojan.

  • Grayware, also known as PUPs (Potentially Unwanted Programs). It's these programs that may not be malware in of themselves in terms of causing direct damage within their own code, but rather act as a conduit to other forms of malvertisements. For example, Adobe Flash or JRE would be, or rather should be called a form of Grayware.

  • When it's written by Symantec?

    Think I'm kidding? Ever try to REMOVE Symantic "antivirus" crap?

    • Symantec has an app for that. Really, they do. It beats spending an hour manually deleting every Norton and Symantec registry entry.
    • Yes, I have. And I almost always use their removal tool first. Same as with McAfee. Never uninstall from Control Panel. And it's true, sometimes their uninstall tool doesn't even get it all.

    • When Microsoft gives it away for free?
  • by istartedi ( 132515 ) on Wednesday September 16, 2015 @12:40PM (#50534157) Journal

    This is just like the define obscenity [wikipedia.org] problem. You know it when you see it.

    Windows "telemetry". Malware--and after years of zealots on this site tossing that around and me disagreeing, this is not something I say lightly.

  • 1. ads
    2. tries to lure you into installing additional, non-wanted software (such as bundling McAfee with Flash Player, or Safari with iTunes, or the ask toolbar)
    3. Has a nag screen (WinZIP "I agree")
    4. its sole purpose is to spy on you (the ask toolbar again fall into that category)

  • 1. If it installs without my permission
    2. If it ignores me when I turn off certain settings.

    Not that I can think of anything that meets those. ;)

  • If it does something that a reasonable user would not expect, it is malware. I don't care if it's documented because those bastards will bury their evil deeds in twenty pages of legalese.

  • Answer: When it's Windows 10.
  • The Ask toolbar is not a gray area. It's malware. Oracle knows it's malware, but they don't care. I don't even believe Talos security researchers are confused about the Ask Toolbar. They are simply afraid to go against a 600 lb. Gorilla in the industry. It takes Microsoft to force Oracle to do the right thing.

  • 1. Software that is installed without the fully informed consent of the user.
    2. Software that performs previously unknown or other functions not specifically alluded to, in a repeatable manner.
    3. Software that performs functions nonconducive to the secure functionality of a host computer system.
    4. Software that installs other software without the fully informed consent of the user.
    5. Software that communicates with other hosts without the fully informed consent of the user.
    6. Software that degrades the perf

  • Tuesday.

  • Malware is any software that functions to benefit a third party rather than the user.

    If your installer/updater is installing some app/toolbar/etc in addition to the application I want it to install -- that's malware.

    If your installer/app/updater is changing settings in my browser or any other application on my system -- that's malware.

    I want to write a letter, if your "letter writing app" is sending a copy of the letter or meta-data about the letter or my writing of the later to a third party -- that's malw

  • .. as soon as I install it.

    Next question!

  • Software becomes malware whenever it does anything the user, had he been given an informed choice, would have chosen to reject.

    (This includes surreptitious installation, hidden misfeatures, information leakage, etc.)

  • I know it when I see it. But it's an interesting question.
    The simplest is "it does something the user doesn't want". But this gets bogged down in questions.

    I propose that any software that fits (1) AND (2) is malware, *no exceptions*.

    1- The software does ANY of the following:
    - Hides its presence from the user (registry malarkey, malicious RAM stuff, etc)
    - Tricks the user into being installed (packaged in other software, straight up virus piggyback, checkbox you must unclick)
    - Is inside a package via spon

  • There are a number of recurring themes I see here, and I see examples that muddy the waters further.

    "Installs without user consent"
    Counterargument: I install a game from Steam. A copy of the required version of MS VC++ Runtime is installed with a /v/qn switch, so I never see any form of "consent", but I've consented to install a game that requires this runtime version in order to function. Malware?

    "Sends data to a third party without user consent"
    What *exactly* lives in the usage data that Microsoft gets? I

  • Malware is software I don't want it on my machine and cannot uninstall easily.

    "Easily", in this case, being using the mechanism appropriate for that particular OS. Uninstall a program dialog / apt-get uninstall / whatever.

    That's it. Crap I don't want, and can't get rid of easily. Yes, that means I may call IE is malware (it increases surface attack area on my machine, and I cannot remove it), while someone else does not.

    ~D

"It ain't over until it's over." -- Casey Stengel

Working...