Malware is the overarching category name for programs that are either classified as unwanted software or malicious software.
Identifying and analyzing unwanted software is a complex challenge. New forms of unwanted software are constantly under development. The same technology that can make software unwanted also appears in software that you want to keep and use (such as antivirus or antimalware software). It’s not always possible to automatically determine whether a program is something you want to keep or something you want to remove.
Microsoft helps by giving you the information and tools you need to decide which software to download, install, and run on your PC.
We maintain a definition library of unwanted software. This library has a database of unwanted software files and settings. When our researchers identify new unwanted software, they create definitions and add them to the library. We release regular definition updates to help protect your PC and personal information.
You can participate in our worldwide network by submitting unwanted software for analysis. This network helps identify programs to add to our definition library.
New forms of unwanted software are developed and distributed rapidly. As a result, Microsoft reserves the right to adjust, expand, and update its criteria for analysis without prior notice or announcements.
Microsoft has created a worldwide network where you can submit unwanted software for analysis. Participants in the network play a key role in helping identify new suspicious programs quickly. After analysis, Microsoft creates definitions for programs that meet the criteria, and makes them available to all users through Microsoft antimalware software.If you believe you have been negatively affected by unwanted software, download and install Microsoft antimalware software. If the unwanted software persists, you can report the problem to Microsoft.
Microsoft researchers use the following categories to determine whether to add a program to the definition library, and what classification type, risk level, and recommendation to give it:
You must be notified about what is happening on your PC, including what a program does and whether it is active.
Software that exhibits lack of choice may:
Fail to provide prominent notice about the behavior of the program and its purpose and intent.
Fail to clearly indicate when the program is active, and may attempt to hide or disguise its presence.
Install, reinstall, or remove software without your permission, interaction, or consent.
Install other software without a clear indication of its relationship to the primary program.
Circumvent user consent dialogs from the browser or operating system.
Falsely claim to be a program from Microsoft.
You must be able to control programs on your computer. You must be able to start, stop, and otherwise revoke authorization to a program.
Software that exhibits lack of control may:
Prevent or limit you from viewing or modifying browser features or settings.
Open browser windows without authorization.
Redirect web traffic without clear notification and consent.
Modify or manipulate webpage content without your consent.
You must be able to start, stop, and otherwise revoke authorization to a program. Programs should obtain your consent before installing, and the program must provide a clear and straightforward way for you to install, uninstall, or disable it.
Software that exhibits a poor installation experience may:
Bundle or download other unwanted software classified in the Microsoft antimalware definition library.
Software that exhibits a poor removal experience may:
Present confusing or misleading prompts or pop-ups when attempting to uninstall software.
Fail to use standard install/uninstall features, such as Add/Remove Programs.
You must be able to expect that the actions a system maintenance or optimization program takes towards system performance are actually beneficial. You should be able to maintain the overall quality of your computing experience.
Software that impairs computer performance may:
Display exaggerated claims about the system's health.
Make misleading or inaccurate claims about files, registry entries, or other items on the system.
Decrease computer reliability.
Programs that promote a product or service outside of their own program can interfere with your computing experience. You should have clear choice and control when installing programs that open advertisements.
The advertisements that are opened by these programs must:
Include an obvious way to close the ad. The intent of closing the ad must not open another ad.
Include the name of the program that created the ad.
The program that creates these advertisements must:
Provide a standard uninstall method for the program using the same name as shown in the ads it produces.
Programs that create advertisements in web browsers must:
Only use the browsers’ supported extensibility model for installation, execution, disabling and removal.
Advertisements shown to you must:
Be distinguishable from the website content.
Not mislead or deceive, or confuse with the intent to mislead or deceive.
Not contain malicious code.
Not invoke a file download.
You want to maintain control over your information. You expect to determine how your information is collected, used, and shared with others.
Some types of programs can also have an impact on your privacy. These include, but are not limited to:
Monitoring programs: software that stores or transmits your activities without notice and consent, or offers a stealth option to hide this behavior.
Note: Monitoring programs are not necessarily malicious. For example, parental controls can feature keystroke monitors, but these programs can pose a risk to your privacy if you don't expect or know about their presence.
Malicious software is the general name for programs that perform malicious actions on your PC. This can include stealing your personal information, locking your PC until you pay a ransom, using your PC to send spam, or downloading other malicious software.
Most software that we classify as malware falls into one of the following categories:
Backdoor trojan: A type of trojan that gives a malicious hacker access to and control of your PC. This means they may be able to tell your PC what to do or monitor what you do online. A bot is a type of backdoor trojan.
Downloader: A type of trojan that downloads other malware onto your PC. The downloader needs to connect to the Internet to download the files.
Dropper: A type of trojan that installs other malware files onto your PC. The other malware is included within the trojan file. This is different to a downloader, which needs to connect to the Internet to download other files.
Exploit: A piece of code that uses software vulnerabilities to access information on your PC or install malware. For more information, see our page on exploits.
Hacktool: A type of tool that can be used to allow and maintain unauthorized access to your PC.
Macro virus: A type of virus that spreads through infected documents such as Microsoft Word or Excel documents. The virus is run when you open an infected document.
Obfuscator: A type of malware that hides its code and purpose to make it more difficult for security software to detect or remove it.
Password stealer: A type of malware that is used steal your personal information, such as user names and passwords. It often works along with a keylogger that collects and sends information about what keys you press and websites you visit to a malicious hacker.
Ransomware: A type of malware that can stop you from using your PC, or encrypt your files so you can’t use them. You may be warned that you need to pay money, complete surveys, or perform other actions before you can use your PC again. For more information, see our ransomware page.
Rogue security software: Software that pretends to be an antivirus program but doesn't actually provide any security. This type of software usually gives you a lot of alerts about threats on your PC that don't exist. It also tries to convince you to pay for its services. Our rogue security software page has more information.
Trojan: A type of malware. A trojan is a program that tries to look innocent, but is actually a malicious application. Unlike a virus or a worm, a trojan doesn't spread by itself. Instead they try to look innocent to convince you to download and install them. Once installed, a trojan can steal your personal information, download more malware, or give a malicious hacker access to your PC.
Trojan clicker: A type of trojan that can use your PC to "click" on websites or applications. They are usually used to make money for a malicious hacker by clicking on online advertisements and making it look like the website gets more traffic than it does. They can also be used to skew online polls, install programs on your PC, or make unwanted software appear more popular than it is.
TrojanSpy: A program that collects your personal information, such as your browsing history, and uses it without adequate consent.
Virtool: A detection that is used mostly for malware components, or tools used for malware-related actions, such as rootkits.
Worm: A type of malware that spreads to other PCs. Worms may spread using one or more of the following methods: email programs, instant messaging programs, file-sharing programs, social networking sites, network shares, removable drives with Autorun enabled, and software vulnerabilities.
I want to...