What is Malware?

The definition of the term malware has been the subject of many discussions. People disagree on what constitutes malicious software. This isn't surprising, given that individuals' experiences and priorities will lead them to define malware differently.

NIST SP 800-83, titled Guide to Malware Incident Prevention and Handling for Desktops and Laptops, provides a reasonable starting point for defining malware:

"Malware, also known as malicious code, refers to a program that is covertly inserted into another program with the intent to destroy data, run destructive or intrusive programs, or otherwise compromise the confidentiality, integrity, or availability of the victim’s data, applications, or operating system."

Based on my experience in fighting malware, this explanation seems unnecessarily verbose. I propose a simpler definition, which is compatible with that of NIST:

Malware is code that is used to perform malicious actions.

In this case, the word "malicious"  follows the standard English definition: actions characterized by malice. It implies that the actions were taken against the victim's or someone else's interests. It also suggests that intent is a factor when deciding whether the actions were malicious.

My definition implies that whether a program is considered malware depends not so much on its capabilities but, instead, on how the attacker uses it. Adversaries benefit from malware at the victim's expense. Behind malicious software there is usually a human or organization that is making use of its capabilities for malicious purposes.

As a side note, please don't pluralize the word "malware" by using "malwares." This sounds very awkward. It's just "malware," even in a plural form.

Thanks to Michael Murr and the good folks on Twitter who provided feedback on my attempts to define malware.


About the Author

Lenny Zeltser develops products and programs that use security to achieve business results. He is the CISO at Axonius and Faculty Fellow at SANS Institute. Lenny has been leading efforts to establish resilient security practices and solve hard security problems for over two decades. A respected author and practitioner, he has been advancing tradecraft and contributing to the community. His insights build upon real-world experience, a Computer Science degree from the University of Pennsylvania, and an MBA degree from MIT Sloan.

Learn more