May 5, 2023 in Preaching
I have read Ali‘s question with a great interest, because it’s the questions like this that make you pause and think.
In my reply I suggested that the context is very important, and that we can leverage the triplet of Confidentiality, Integrity and Availability as a point of reference. If there is an intent to harm, or if the CIA triad is affected then we are dealing with malware…
Now, I don’t think it is enough.
Malware is literally short for… “malicious software”. Oxford dictionary says:
software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system.
What makes the software “malicious”? And hey… is the “software” that is a part of the definition even the same thing today as what it was few decades ago when the term was coined?
Is an exploit a piece of malware? If it is, is it at the time of writing, successful completion (when it’s available locally only, and to the author), or is it when it’s made public? Or only when used in active malicious campaigns? Is changing a configuration to enable verbose/debugging logging allowing for unauthorized data access a case of malware? Is a tool used for web mirroring of a badly configured web site allowing to download files that were not intended for public view, a malware? Is ransomware written for teaching purposes a malware? Is psexec a malware? Can an empty file be a malware? Can an antivirus file/program be a malware? Is BYOVD a malware? Is AI prompt injection a type of malware? Is Windows Explorer used to delete all files on a hard drive, a malware? Is an AI software generator that relies on code of others, and is trained on a wrong data set or its data set gets poisoned, and as a result – unintentionally producing a backdoored code, a malware?
Motive, Means and Opportunity form the so-called crime triangle. Lots of modern malware authors are criminals, because they tick these boxes. BUT while this affects the general opinion about malware authors, it does not make everyone writing a ‘questionable’ software a criminal. It also doesn’t make every ‘bad’ software – malware.
There is an argument that as long as you don’t harm others, you can do to your system whatever you want. You can change anything on the system provided you are its legitimate owner. The OS and Software EULAs may be a bit more complicated than that, but let’s put them aside here. There is simply an argument that you can write, code and produce the most destructive and malicious code ever, but as long as it stays on your system, it’s harmless to others. And then, is it even a malware at that stage? And yes, the moment you take it publicly, you have to own it. There is a responsibility associated with sharing that information.
I think the safest definition of malware is quite simple – it’s a child of malicious state transition:
any meatware, hardware, or software action that changes the state to the one that is undesirable.
It embraces context, motives, means, and opportunity, it may leverage CIA to define what that undesirable state is, and keeps the doors open for novelty and new developments…
And despite all that, I still don’t know what malware is anymore…