What is Malware?

People and organizations disagree on what is malware. The exact definition of malicious software has been the subject of many discussions. Before attempting to explain this term, we must acknowledge that differences in individuals’ experiences and priorities will lead them to define malware differently.

NIST Guide to Malware Incident Prevention and Handling, SP 800-83, provides a good definition:

“Malware, also known as malicious code and malicious software, refers to a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim’s data, applications, or operating system or otherwise annoying or disrupting the victim.”

This definition feels right to me, yet it is a bit too lengthy. I propose a simpler definition, which is compatible with that of NIST:

Malware is code that is used to perform malicious actions.

In this case, the word “malicious” in the follows the standard English definition: actions characterized by malice. It implies that the actions were taken against the victim’s or someone else’s interests. It also suggests that intent could be a factor when deciding whether the actions were malicious.

My definition implies that whether a program is malware depends not so much on its capabilities but, instead, on how the attacker uses it. Attackers benefit from malware at the victim’s expense. Behind malicious software there is usually a human or organization that is making use of its capabilities for malicious purposes.

To see and join the latest discussion related to this definition, take a look at the Twitter thread on this topic. Thanks to Michael Murr and the good folks on Twitter who provided feedback on my attempts to define malware.


About the Author

Lenny Zeltser is a seasoned business and technology leader with extensive information security experience. He builds innovative endpoint defense solutions as VP of Products at Minerva. He also trains incident response and digital forensics professionals at SANS Institute. Lenny frequently speaks at industry events, writes articles and has co-authored books. He has earned the prestigious GIAC Security Expert designation, has an MBA from MIT Sloan and a Computer Science degree from the University of Pennsylvania.

Learn more