Slashdot Mirror
When Does Software Start Becoming Malware?
New submitter Da w00t writes: Talos security researchers detected a malicious shockwave flash file that not only bypasses pop-up blockers, but also accurately fingerprints computers with the help of some JavaScript. The 'Infinity Popup Toolkit' is a prime example of software that falls into this gray area by bypassing browser pop-up blocking. In deciding to classify the toolkit as malware, the researchers pondered where the line lies between software that's harmful and software that's not. Quoting: "Without a clear standard defining what is and is not acceptable behavior, identifying malware is problematic. In many situations, users are confronted with software that exhibits undesirable behavior such as the Java installer including a default option to install the Ask.com toolbar. Even though many users objected to the inclusion of the Ask.com toolbar, Oracle only recently discontinued including it in Java downloads after Microsoft changed their definition of malware which then classified the Ask.com toolbar as malware."
coming from windows and mac, its hard to imagine youd need a definition. For a linux user, the answer is simply whenever the application does something i did not tell it to do.
when i read its changelog and its now, for example like firefox, going to include a targeted advertising system. If the application lies about its intended function, or prevents me from using my computer as I've set out to use it.
For some of us, malware is an ethos, foretold by Richard Stallman. in Linux the word of root is sacrosanct. there are no upgrades, no updates, and no communication from the system or its processes that is not controlled by or intrinsically authorized by root. For myself, Windows and Mac have been malware for quite some time.
Good people go to bed earlier.
When the software behaves counter to the stated purpose, or the company behind it lies about the what they are doing with data collected by the software, it is malware.
Sadly Windows appears to fall into this with all their recent auto-downloading of Windows 10, and extra monitoring being added to 7 and 8. I welcome a broader definition that shames such behavior, if not criminalizes it. Google is a little more upfront about this being their business model, but I still squirm at their cavalier collection of every piece of information they can get their paws on.
When I didn't ask to install it.
Oh but you did. Didn't you read the EULA and look for the tiny size 4 "opt-out" text on the screen?
I would go one step further, any software is malware when it does something other than the user intended. It doesn't matter that the Ask toolbar had a checkbox in the installer, the fact was unless I went to Ask.com and downloaded it there it's malware. Likewise it doesn't matter that I installed Windows 10, the fact that it sends data without the user's intention makes it malware.
.
- it does things to your computer that you did not ask it to do
- it downloads software you did not ask it to download
- it gathers data from your computer and sends it to distant servers without your knowledgeable permission (agreeing to a fine-print multi-page EULA is not knowledgeable permission)
Putting anything on my computer for your benefit without making absolutely sure I know what is going on, is MALWARE.
Or will you let me put a key logger on your PC in order to 'ensure quality'.
excitingthingstodo.blogspot.com
Then Malware is DESIGNED to do something other than what the user intended.
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
The difference is malicious intent. A bug is when the programmer is trying to make the software do what the user wants, but accidentally fails. Malware is when the programmer is trying to make the software do what the programmer wants, user's wishes be damned.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz