Editing Malware (section)

===Excessive privileges===
Users and programs can be assigned more [[Privilege (computing)|privileges]] than they require, and malware can take advantage of this. For example, of 940 Android apps sampled, one third of them asked for more privileges than they required.<ref>{{Cite book|last1=Felt|first1=Adrienne Porter|author1-link=Adrienne Porter Felt|last2=Chin|first2=Erika|last3=Hanna|first3=Steve|last4=Song|first4=Dawn|last5=Wagner|first5=David|title=Proceedings of the 18th ACM conference on Computer and communications security|chapter=Android permissions demystified|date=2011-10-17|chapter-url=https://doi.org/10.1145/2046707.2046779|series=CCS '11|location=New York, NY, USA|publisher=Association for Computing Machinery|pages=627–638|doi=10.1145/2046707.2046779|isbn=978-1-4503-0948-6|s2cid=895039}}</ref> Apps targeting the [[Android (operating system)|Android]] platform can be a major source of malware infection but one solution is to use third-party software to detect apps that have been assigned excessive privileges.<ref>{{Cite book|last1=Wu|first1=Sha|last2=Liu|first2=Jiajia|title=ICC 2019 - 2019 IEEE International Conference on Communications (ICC)|chapter=Overprivileged Permission Detection for Android Applications|date=May 2019|chapter-url=https://ieeexplore.ieee.org/document/8761572|pages=1–6|doi=10.1109/ICC.2019.8761572|isbn=978-1-5386-8088-9|s2cid=198168673|access-date=1 January 2022|archive-date=21 January 2022|archive-url=https://web.archive.org/web/20220121021339/https://ieeexplore.ieee.org/document/8761572/|url-status=live}}</ref>

Some systems allow all users to make changes to the core components or settings of the system, which is considered [[Administrative privileges|over-privileged]] access today. This was the standard operating procedure for early microcomputer and home computer systems, where there was no distinction between an ''administrator'' or ''root'', and a regular user of the system. In some systems, [[system administrator|non-administrator]] users are over-privileged by design, in the sense that they are allowed to modify internal structures of the system. In some environments, users are over-privileged because they have been inappropriately granted administrator or equivalent status.<ref>{{Cite web|title=Malware, viruses, worms, Trojan horses and spyware|url=https://list.ercacinnican.tk/|access-date=2020-11-14|website=list.ercacinnican.tk|archive-date=5 February 2021|archive-url=https://web.archive.org/web/20210205072901/https://list.ercacinnican.tk/|url-status=dead}}</ref> This can be because users tend to demand more privileges than they need, so often end up being assigned unnecessary privileges.<ref>{{Citation|last1=Mutch|first1=John|title=The Hard and Soft Cost of Apathy|date=2011|url=https://doi.org/10.1007/978-1-4302-3922-2_10|work=Preventing Good People from doing Bad Things: Implementing Least Privilege|pages=163–175|editor-last=Mutch|editor-first=John|place=Berkeley, CA|publisher=Apress|language=en|doi=10.1007/978-1-4302-3922-2_10|isbn=978-1-4302-3922-2|access-date=2021-12-02|last2=Anderson|first2=Brian|editor2-last=Anderson|editor2-first=Brian|archive-date=27 February 2023|archive-url=https://web.archive.org/web/20230227061951/https://link.springer.com/chapter/10.1007/978-1-4302-3922-2_10|url-status=live}}</ref>

Some systems allow code executed by a user to access all rights of that user, which is known as over-privileged code. This was also standard operating procedure for early microcomputer and home computer systems. Malware, running as over-privileged code, can use this privilege to subvert the system. Almost all currently popular operating systems, and also many [[script (computing)|scripting applications]] allow code too many privileges, usually in the sense that when a user [[Executable|executes]] code, the system allows that code all rights of that user.{{Citation needed|date=July 2024|reason=This last sweeping statement needs a citation.}}