Defining Software Behavioral Space

The end result of this lack of perfect correspondence between what you want software to do and what actions it actually takes is that with some frequency, software will do things that you don't really want and don't intend for it to do. Any of the "things"that software might do when used lie along a continuum from useful, through almost invisible, to truly painful. If the effect is not exactly what you desired, it may still be useful for your purpose, but sometimes effects may be inconsequential or of minor annoyance, such as the creation of log files in places you didn't want them to go, or the modification of timestamps on files leaving you unable to determine when they were really created. In other instances, the effects can be potentially devastating, such as the erasing of your disk drives or corruption of important files. In other instances, the effects could be somewhere in between, such as a breach of security that results in the nondestructive use of your machine as a remote base of operations for an activity such as pirated software distribution, or as a base of attack for yet other remote systems.

Likewise, your interest (or lack thereof) in the action of the software can range from actively desiring it to cause an event, through complete disinterest in whether certain events happen and how, to frantic determination to prevent the event or events. If you're trying to send email, you probably have an active interest in your email client sending the mail, whereas most users are completely unconcerned with the mechanics of the process that enables their Web browsers to retrieve all the information necessary to display a Web page. On the other hand, if you've ever accidentally clicked "OK" to a "Should I format this disk?" dialog query, you have an idea of the urgency one can muster to get the program stopped again.

Finally, the actual intended action of the software can differ from the advertised intent. To a degree, this happens with most software, but the minor annoyance of finding that the features advertised on a product box don't exactly match the features provided by the software doesn't compare to the problems caused by applications that masquerade malicious intent behind a claim of benign effect. Users of Microsoft email clients are probably familiar with the Microsoft Transport Neutral Encapsulation Format ( ms-tnef / WINMAIL.DAT ) option for email file attachments that purports to be "transport neutral," but in fact packages the attachment in a fashion that is Microsoft-proprietary, and defies extraction by all but MS products (and a few Open Source applications that have been written to gut the contents from mail sent with this abomination). Other less fortunate users have been burdened with considerably more grief than needing to resend email using a nonproprietary format when they mistook Tetricycle (also Tetracycle ) as the game it was advertised to be, instead of the Trojan virus installer it really was.

Taken together, these distributions of behavior define a sort of three-dimensional behavioral space. Different applications might lie anywhere in this space, and in fact many have aspects that spread across several regions . The majority of the ones that you're most likely to want to use, however, are those that do what they advertise (and little else), and for which you've a need for that advertised behavior. Most of the day-to-day desktop applications you use probably fall into this category, providing functions that are near what they advertise and near what you need, with few annoying consequences. The population that intentionally causes harm at your command, and that you'd deliberately run for this effect, are likely to be fewer, yet not completely nonexistent. For example, in writing this book we've intentionally run quite a bit of software that we knew was going to crash or damage our machines. If you're a network administrator, you might use couic (discussed in Chapter 8, "Impersonation and Infiltration: Spoofing") for exactly its damaging effect on network communications. For a large percentage of the software that runs to make up the operating system on your computer, you're probably unaware of, and usually disinterested in (unless it stops), its ongoing primarily beneficial operation.

There are also areas of the behavioral space that describe software that acts against your intent, and if you were aware of its real ”rather than advertised ”function, you would probably be quite interested in stopping its action. Unfortunately, software exists to fit these niches . Programs that lie in these problem areas ”that is, typically malicious software ”have been dubbed malware .