Malware

From Citizendium, the Citizens' Compendium
Jump to: navigation, search
This article is developing and not approved.
Main Article
Talk
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
 
This editable Main Article is under development and not meant to be cited; by editing it you can help to improve it towards a future approved, citable version. These unapproved articles are subject to a disclaimer.

Malware is a term used in the computer field to describe "Malicious Software". Malware is an inclusive term that was coined to describe viruses, spyware, worms, rootkits, trojans, nagware, and scareware. Due to the rapidly changing landscape of deliberately malicious software, many people will use the term "malware" to describe a general problem or threat that exists in the computer field and on the Internet. It is often difficult to distinguish (and explain), the subtle differences between worms, trojans, viruses, and other threats which reduce the productivity of a computer or compromise the security of a networked system. A much rarer alternate term is "scumware", a comment on the scum who write such programs.

Malware need not execute on the user's computer, but may be software installed on another computer, which, in the course of a seemingly innocent interaction, causes the user or the user's computer to take action to the detriment of the user computer. Phishing, for example, is a scheme where a user is induced to go to an apparently legitimate website, which prompts the user for sensitive information, such as a credit card number, which is then misused.

The term malware can be used to describe a program that is as harmless as an annoying pop-up box that attempts to direct a user to a website in order to increase the website's traffic.

Why it exists

Originally, malware began as a purely amateur effort, with rewards to its developer being notoriety in miscreant circles, as well as the intellectual challenge of developing it. While creating software that did damage was a violation of the traditional hacker ethic, things could be blurry. One of the best-known early pieces of malware, the Morris worm, may not have been deliberately malicious, but its developer did not expect it to have such a major impact or reproduce as quickly.

Some malware developers saw their role as crusading for a good: demonstrating vulnerabilities that the original software developers would not or could not fix.

It is not a given that people that spread, as opposed to created, malware are technically sophisticated. Some talented if misguided individuals would develop easy-to-use malware generators, which would then be made available, in places such as clandestine bulletin boards, to members of the miscreant community. A developer gained social status if large numbers of "script kiddies", who were capable of running the attack script but not capable of creating it, used the "product".

Eventually, however, a good deal of malware was created for pure economic benefit of the developer. Certain classes would steal financially valuable information, such as credit card numbers or the access codes to long-distance telephone systems. At least one security expert has analyzed the economics of this.[1]

Other classes caused indirect benefits: if Websites were compensated by the number of hits they received, perhaps to view advertising on them, anything that could lure unsuspecting users to the sites increased the compensation of the site operators. Other forms, seen most often with spam (e-mail), might stimulate stock market activity on a specific security, activity from which speculators had planned to profit. Yet other forms are "protection rackets", demanding money not to damage systems, or perhaps to disclose confidential data stored on them.

Some malware is created as a form of political protest. This does get into a blurry area of definition: is an attack on a specific web page or class of pages, by an individual or group with an objective, truly malware if the attack software is part of an overall strategy? Is malware limited to computer pathogens that are released without real knowledge of how they will propagate?

Corporate malware

It is not uncommon for corporations to install dangerous software on customers' machines. The best-known example was the Sony rootkit, a DRM system automatically installed on any Windows computer which played certain music CDs. Recently a tracking system used by many mobile phone carriers has come to light [1][2].

Protection

The protection against malware can exist on several levels. The first level of protection should center around the education of the user, and how good computing habits can help prevent a system or network from being infected or compromised. An educated user may consider the first line of defense against malware to be installing an anti-virus program. [2] Additional steps that enhance a computers protection include the activation or installation of a firewall, maintaining and up-to-date web browser, plugging any operating system (OS) security risks with patches and updates, and avoiding potentially hazardous web-sites and downloads.

Anti-virus packages come in many forms and provide varying degrees of protection. There are free anti-virus (AV) packages which offer only virus protection and scanning abilities, and entire protection suites which provide additional components such as firewall, spyware protection, phishing protection, and email spam protection. Those who opt for the simple single purpose or free AV packages, may wish to download additional spyware detection and removal programs.

References

  1. Peter Gutmann, The Commercial Malware Industry
  2. microsoft.com. Defining Malware: FAQ.