The definition of the term malware has been the subject of many discussions. People disagree on what constitutes malicious software. This isn’t surprising, given that individuals’ experiences and priorities will lead them to define malware differently.
NIST SP 800-83, titled Guide to Malware Incident Prevention and Handling for Desktops and Laptops, provides a reasonable starting point for defining malware:
“Malware, also known as malicious code, refers to a program that is covertly inserted into another program with the intent to destroy data, run destructive or intrusive programs, or otherwise compromise the confidentiality, integrity, or availability of the victim’s data, applications, or operating system.”
Based on my experience in fighting malware, this explanation seems unnecessarily verbose. I propose a simpler definition, which is compatible with that of NIST:
Malware is code that is used to perform malicious actions.
In this case, the word “malicious” follows the standard English definition: actions characterized by malice. It implies that the actions were taken against the victim’s or someone else’s interests. It also suggests that intent is a factor when deciding whether the actions were malicious.
My definition implies that whether a program is considered malware depends not so much on its capabilities but, instead, on how the attacker uses it. Adversaries benefit from malware at the victim’s expense. Behind malicious software there is usually a human or organization that is making use of its capabilities for malicious purposes.
As a side note, please don’t pluralize the word “malware” by using “malwares.” This sounds very awkward. It’s just “malware,” even in a plural form.