What is Malware?

The definition of the term malware has been the subject of many discussions. People disagree on what constitutes malicious software. This isn't surprising, given that individuals' experiences and priorities will lead them to define malware differently.

NIST SP 800-83, titled Guide to Malware Incident Prevention and Handling for Desktops and Laptops, provides a reasonable starting point for defining malware:

"Malware, also known as malicious code, refers to a program that is covertly inserted into another program with the intent to destroy data, run destructive or intrusive programs, or otherwise compromise the confidentiality, integrity, or availability of the victim’s data, applications, or operating system."

Based on my experience in fighting malware, this explanation seems unnecessarily verbose. I propose a simpler definition, which is compatible with that of NIST:

Malware is code that is used to perform malicious actions.

In this case, the word "malicious"  follows the standard English definition: actions characterized by malice. It implies that the actions were taken against the victim's or someone else's interests. It also suggests that intent is a factor when deciding whether the actions were malicious.

My definition implies that whether a program is considered malware depends not so much on its capabilities but, instead, on how the attacker uses it. Adversaries benefit from malware at the victim's expense. Behind malicious software there is usually a human or organization that is making use of its capabilities for malicious purposes.

As a side note, please don't pluralize the word "malware" by using "malwares." This sounds very awkward. It's just "malware," even in a plural form.

Thanks to Michael Murr and the good folks on Twitter who provided feedback on my attempts to define malware.


About the Author

I transform ideas into successful outcomes, building on my 25 years of experience in cybersecurity. As the CISO at Axonius, I lead the security program to earn customers' trust. I'm also a Faculty Fellow at SANS Institute, where I author and deliver training for incident responders. The diversity of cybersecurity roles I've held over the years and the accumulated expertise, allow me to create practical solutions that drive business growth.

Learn more