As users tend to rely on systems of growing complexity without themselves being able to understand or control malevolent behaviour, threats contained in software must be well understood. The paper deals with different aspects of malicious software (malware), both self-replicating (aka viruses and worms) and "pure" pay loads (aka Trojan Horses) which are understood as additional though unwished and unspecified features of systems of programs; such system or software features are regarded as "dysfunctional". As traditional definitions somewhat lack consistency which is prerequisite to describing complex dysfunctionalties, and as they are partially self-contradicting and incomplete concerning recent threats, a definition is developed which distinguishes "normal" dysfunctionalties (produced through weaknesses of contemporary Software Engineering) from "intentionally malevolent" ones. Complex real threats may be built from two atomic types, namely self-replicating and Trojanic elements, each of which may act under some trigger condition. Based on experiences collected from tests, AntiMalware methods need further developments, both concerning classification of newly experienced threats and concerning online detection in user systems.
展开▼