Slashdot Mirror

← Back to Stories (view on slashdot.org)

When Does Software Start Becoming Malware?

Posted by Soulskill on from the when-two-ad-networks-love-each-other-very-much... dept.

New submitter Da w00t writes: Talos security researchers detected a malicious shockwave flash file that not only bypasses pop-up blockers, but also accurately fingerprints computers with the help of some JavaScript. The 'Infinity Popup Toolkit' is a prime example of software that falls into this gray area by bypassing browser pop-up blocking. In deciding to classify the toolkit as malware, the researchers pondered where the line lies between software that's harmful and software that's not. Quoting: "Without a clear standard defining what is and is not acceptable behavior, identifying malware is problematic. In many situations, users are confronted with software that exhibits undesirable behavior such as the Java installer including a default option to install the Ask.com toolbar. Even though many users objected to the inclusion of the Ask.com toolbar, Oracle only recently discontinued including it in Java downloads after Microsoft changed their definition of malware which then classified the Ask.com toolbar as malware."

8 of 165 comments (clear)

  1. When you didn't ask to install it. by xxxJonBoyxxx · · Score: 5, Informative

    >> When Does Software Start Becoming Malware?

    When I didn't ask to install it. Toolbars (like this), automatic update services (that are silently added) and anything else that impacts my resources or distributes my information in a way I didn't choose is malware, IMHO.

    Looking at you, Windows 10...

    1. Re:When you didn't ask to install it. by thegarbz · · Score: 4, Insightful

      When I didn't ask to install it.

      Oh but you did. Didn't you read the EULA and look for the tiny size 4 "opt-out" text on the screen?

      I would go one step further, any software is malware when it does something other than the user intended. It doesn't matter that the Ask toolbar had a checkbox in the installer, the fact was unless I went to Ask.com and downloaded it there it's malware. Likewise it doesn't matter that I installed Windows 10, the fact that it sends data without the user's intention makes it malware.

    2. Re:When you didn't ask to install it. by sconeu · · Score: 5, Insightful

      Then Malware is DESIGNED to do something other than what the user intended.

      --
      General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
    3. Re:When you didn't ask to install it. by mrchaotica · · Score: 5, Insightful

      The difference is malicious intent. A bug is when the programmer is trying to make the software do what the user wants, but accidentally fails. Malware is when the programmer is trying to make the software do what the programmer wants, user's wishes be damned.

      --

      "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

  2. Lies by Moof123 · · Score: 4, Insightful

    When the software behaves counter to the stated purpose, or the company behind it lies about the what they are doing with data collected by the software, it is malware.

    Sadly Windows appears to fall into this with all their recent auto-downloading of Windows 10, and extra monitoring being added to 7 and 8. I welcome a broader definition that shames such behavior, if not criminalizes it. Google is a little more upfront about this being their business model, but I still squirm at their cavalier collection of every piece of information they can get their paws on.

  3. non-isolated third-party cookies are data trojans by lambsonic · · Score: 4, Interesting

    Toolbars are just the tip of the iceberg. All major browsers are malware because they don't isolate cookie storage (or all storage, really) between origin domains, breaking the same-origin policy. Third-party cookies then become data trojans. Intent is important here. It isn't just a vulnerability, but a design flaw continued by the fact that all major browser development is funded by advertising companies.

    See for yourself how Mozilla refuses to fix a security vulnerability that is enabling billions to be made from stolen user data: Bugzilla bug 565965

    --
    # make clean sig
  4. When Windows - Windows 10? by QuietLagoon · · Score: 4, Insightful
    Software is malware when:

    .
    - it does things to your computer that you did not ask it to do

    - it downloads software you did not ask it to download

    - it gathers data from your computer and sends it to distant servers without your knowledgeable permission (agreeing to a fine-print multi-page EULA is not knowledgeable permission)

  5. The second is does something for THEIR benefit by gurps_npc · · Score: 5, Insightful
    rather than the customer's benefit, without making it very clear and expressly asking permission.

    Putting anything on my computer for your benefit without making absolutely sure I know what is going on, is MALWARE.

    Or will you let me put a key logger on your PC in order to 'ensure quality'.

    --
    excitingthingstodo.blogspot.com