What is Malware?

The definition of the term malware has been the subject of many discussions. People disagree on what constitutes malicious software. This isn’t surprising, given that individuals’ experiences and priorities will lead them to define malware differently.

NIST SP 800-83, titled Guide to Malware Incident Prevention and Handling for Desktops and Laptops, provides a reasonable starting point for defining malware:

“Malware, also known as malicious code, refers to a program that is covertly inserted into another program with the intent to destroy data, run destructive or intrusive programs, or otherwise compromise the confidentiality, integrity, or availability of the victim’s data, applications, or operating system.”

Based on my experience in fighting malware, this explanation seems unnecessarily verbose. I propose a simpler definition, which is compatible with that of NIST:

Malware is code that is used to perform malicious actions.

In this case, the word “malicious”  follows the standard English definition: actions characterized by malice. It implies that the actions were taken against the victim’s or someone else’s interests. It also suggests that intent is a factor when deciding whether the actions were malicious.

My definition implies that whether a program is considered malware depends not so much on its capabilities but, instead, on how the attacker uses it. Adversaries benefit from malware at the victim’s expense. Behind malicious software there is usually a human or organization that is making use of its capabilities for malicious purposes.

As a side note, please don’t pluralize the word “malware” by using “malwares.” This sounds very awkward. It’s just “malware,” even in a plural form.

Thanks to Michael Murr and the good folks on Twitter who provided feedback on my attempts to define malware.


About the Author

Lenny Zeltser is a seasoned business and tech leader with extensive cybersecurity experience. He builds innovative endpoint defense solutions as VP of Products at Minerva Labs. Beforehand, he was responsible for security product management at NCR Corp. Lenny also trains incident response and digital forensics professionals at SANS Institute. An engaging presenter, he speaks at industry events, writes articles and has co-authored books. Lenny has earned the prestigious GIAC Security Expert designation, has an MBA from MIT Sloan and a Computer Science degree from the University of Pennsylvania.

Learn more