📆 March 12, 2021 | ⏱️ 5 minutes read | 🏷️ computing

On Malware

A Hypothetical Program

Imagine a program that:

  1. Has a “universal back door” that allows the developer to make remote changes to users’ systems without their knowledge or permission.
  2. Forces upgrades on its users.
  3. Steals users’ encryption keys.
  4. Forcibly removes software from its users’ systems.
  5. Pesters its users when they don’t install the “preferred browser”.
  6. Displays annoying ads on users’ systems.
  7. Spies on users while they use it, with surveillance anti-features that cannot be disabled.
  8. Forces users to be online just to write a text document.
  9. Blocks users from downloading any apps other than the ones the developers approve of.
  10. Purposely deletes ebooks that users have already bought.

Would you count this program as malware? What if I told you that somewhere between 70%-90% of desktop and laptop computers have this program installed?

What is Malware?

I am of course talking about the Windows 10 operating system. Windows 10 did all of these things at one point or another and still does many of them. Let’s not forget that operating systems are “just” programs too. They manage system resources and act as a middleman between the hardware and the user, but they are “just” programs like anything else. And any kind of program can potentially be malware.

If I asked a classroom full of computer science students if Windows 10 is malware, I’d have a hard time finding someone besides GNU/Linux nerds to say yes. However, if I asked the same question listing the 10 items as I did just now with no mention of Windows 10, I’d be hard-pressed finding someone to say no. Why is that?

There exists a strong bias especially among the tech industry and academia not to see useful software as malware. Windows 10 isn’t entirely malicious like ransomware or a virus. Windows 10 is very useful and its “primary” function as an operating system is not malicious although it has far more known anti-features than I’m comfortable with and probably a host of others no one even knows about. With all that said, the vast majority of Microsoft employees that code Windows 10 are not intentionally adding anti-features and the employees that are adding them probably wouldn’t consider the anti-features they add “malicious”. None of this detracts from the fact that these anti-features are in fact malicious and are basically harming the world.

Expanding the Definition of Malware

Now my goal in this post is not to say that you have to call Windows 10, or any other program with anti-features, malware. The point is that right now most computer users have a very narrow idea of what counts as malware and I hope to expand that. With a computer virus, worm or trojan, infecting the target machine is almost always the main goal of the program. In cases where it’s not, there’s usually a supply chain attack where the virus is embedded inside a useful program that was written by another developer to trick users into downloading it.

Malware is a more generic term, so it need not be the case that its main purpose is to harm users. Malware is simply malicious software, software that contains anti-features. Telemetry isn’t always malicious if done right especially if it can be disabled. However, remotely deleting users ebooks, whether or not they “agreed” to the terms of service which nobody has the time to read let alone understand, forcing users to be online just to create documents, having a universal backdoor and intrusive telemetry that is impossible to turn off, that’s malware. There’s no excuse for anti-features like that to be out of the user’s control.

Malware in Free Software

The main difference with malware in free and proprietary software is when a free program has anti-features, they can’t be hidden from the users. The anti-features are out in the open. With proprietary software like Windows 10 there’s no way to determine how many anti-features it contains. It could easily contain far more than we already know about.

It is true that free software generally has far fewer anti-features due to its very nature of the source code being public. However free (as in freedom) software isn’t immune to malware. The Spyware Watchdog Article Catalog lists free software programs that it considers spyware. Spyware is a subcategory of malware focused on user spying. The catalog is doing with spyware much the same thing I’m doing with the word malware; it is applying a broader definition of spyware to programs to see what happens. The results are quite interesting. See the link below for their spyware list.

Spyware Watchdog

Finally, one reason free software has less malware is reputation. Reputation is important to many programmers and adding anti-features to programs might mean no one will trust your work any more, so there’s a strong incentive to not do that. This is true even if you’re only pseudonymous like some i2p developers are. Your anonymous identity still has a reputation and it’s best to preserve it.

Closing

I want to encourage readers to consider expanding their idea of what counts as malware and to start using the term “malware” more often to describe common programs with anti-features. Malware programs like Windows 10 are too normalized. We must demand better and freer software and one way to do that is by changing the words we use when talking about software.

You’ll also notice I use the word “anti-feature” instead of “feature”. This is another way we can change our language to expose the truth about what these programs actually do. Calling anti-features malicious features instead may be better for non-technical audiences. What matters is getting the point across to others that these features don’t deserve to be called features unqualified because they are malicious and they hurt the user.