There are plenty of reasons why malware is "bad." Are there any times when malware is valid and legal?
Many shareware programs today come bundled with adware. The premise is this: If you try out the program, and enjoy it, you'll buy it. Until you pay for it, the programmer is paid through the advertising that the shareware program displays. If the user somehow kills or removes the advertising, then he is also obligated to remove the program that was supported by the ads.
In some cases, the ads are displayed in the actual program, like in a small window or corner of the program's screen. In most cases, though, the ads are displayed by a totally separate program included in the same installer program.
If the adware is legitimate, then it has to be explicitly displayed in the install, and the user has to have the option of not installing it. This is where adware earned it's poor reputation. Many adware programs simply install alongside the ad-supported program, without ever informing the user. The user is then surprised by the constant barrage of pop-up ads on his computer when he isn't even visiting websites and the collection of strange programs on the hard drive that he doesn't remember installing.
The key factor in whether or not malware is "legitimate:" If the user has no problem giving demographics information for a program he enjoys using, then the spyware that comes with that program is legal and accepted. However, if another user then sits at the same computer--one who doesn't know the spyware is there--then it's no longer a legitimate program. The person being spied upon by the spyware, or forced to view the pop-ups delivered by the adware, has to understand and accept what the program is going to do.