When Does Software Start Becoming Malware?

New submitter Da w00t writes: Talos security researchers detected a malicious shockwave flash file that not only bypasses pop-up blockers, but also accurately fingerprints computers with the help of some JavaScript. The 'Infinity Popup Toolkit' is a prime example of software that falls into this gray area by bypassing browser pop-up blocking. In deciding to classify the toolkit as malware, the researchers pondered where the line lies between software that's harmful and software that's not. Quoting: "Without a clear standard defining what is and is not acceptable behavior, identifying malware is problematic. In many situations, users are confronted with software that exhibits undesirable behavior such as the Java installer including a default option to install the Ask.com toolbar. Even though many users objected to the inclusion of the Ask.com toolbar, Oracle only recently discontinued including it in Java downloads after Microsoft changed their definition of malware which then classified the Ask.com toolbar as malware."

The second is does something for THEIR benefit

[gurps_npc]

rather than the customer's benefit, without making it very clear and expressly asking permission.

Putting anything on my computer for your benefit without making absolutely sure I know what is going on, is MALWARE.

Or will you let me put a key logger on your PC in order to 'ensure quality'.

Re:When you didn't ask to install it.

[sconeu]

Then Malware is DESIGNED to do something other than what the user intended.

Re:When you didn't ask to install it.

[mrchaotica]

The difference is malicious intent. A bug is when the programmer is trying to make the software do what the user wants, but accidentally fails. Malware is when the programmer is trying to make the software do what the programmer wants, user's wishes be damned.