What is malware?

There are plenty of definitions, including:

Malicious code, in the form of viruses, worms, and Trojans, is also referred to as malware.

But exactly what is "malicious"?

Frequently, desirable software is being bundled with software that generates revenue through advertising.  If you want to use SoftwareX, you must run AdwareY.  Or, if you want to use WebsiteZ, you need to install an ActiveX version of AdwareY.

Some thoughts:

  • If you really want to run SoftwareX or access WebsiteZ, and you're willing to accept what AdwareY does, then it's not really 'malware' is it?  It's something you're willing to put up with, much like commercials on tv.  Are commercials on TV 'malware'?

  • AdwareY requires administrator rights to install.  This means that even though all a user wants to do is access WebsiteZ, they need administrator rights to do it.  Of course, if the administrator took away their admin privileges to keep them from buggering up the computer, then it's just worked out well for him.

  • On a shared computer, AdwareY is (in every case I've seen) going to advertise to every user of the system, not just the users who are accessing SoftwareX.
In a family environment, this can lead to a giant family feud.  One person wants to access AdwareY, but another person doesn't want the constant popups.

Rather than continuing this war on adware, why not accept that it's a model that's going to be used, and facilitate it.  Provide some reasonable hooks that sites or software can use to control what ads get displayed and when, and then remove all the crafty techniques that are being used to keep the users from uninstalling the adware.  Only show the ads to the users that are accessing the software or services that are paid for by the advertising.

When Windows 95 was released, Microsoft introduced a set of guidelines that software developers had to follow, to ensure their applications worked well with the new OS.  A lot of simple things, but things that developers frequently overlooked - like putting settings in the Registry, and making sure that your uninstall didn't leave anything behind.  I think it worked out well for users that there was a big push to get the logo for your product - large retailers required the logo, so there was some serious financial motivation to ensure your apps worked well.

I'm thinking that a solution to this problem might be a Windows 95 Logo type solution.  Let Microsoft publish a set of standards and an API that developers can use if they wish to be ad-supported, and provide a certification mechanism to ensure that they follow the rules.  One way to encourage adoption of this would be to encourage system builders to not make the default user an administrator (the way the Mac does; I think Longhorn is going to be doing this), and then make it that you can access the ad-supported stuff without it needing admin rights to install the ads.  So a user who wants ot use WebsiteZ gets AdwareY, other users on the system don't, and they don't need to be Administrator.

Adware isn't a technical problem; it's a business model.  If users move to Firefox, Opera, the Mac, Linux, or wherever they go, adware will follow them.  It's time to accept it, make some concessions, and perhaps regain some control over our computers.