Re: What is the difference between a worm and a trojan ?

From: kurt wismer (kurtw_at_sympatico.ca)
Date: 05/26/04 

Date: Wed, 26 May 2004 10:20:26 -0400

Big Will wrote:
> kurt wismer wrote:
>> Big Will wrote:
>>> FromTheRafters wrote:
>> [snip]
>>>> They developed an ad hoc hierarchy that places them in what
>>>> seems to most people as a logical order.
>>>>
>>>> It is a trojan.
>>>>
>>>> unless it replicates, which makes it a worm.
>>>>
>>>> unless it infects other programs, which makes it a virus
>>>
>>> You're hierarchy is messed up. It's a trojan unless:
>>> it replicates. That makes it a worm or virus, or both.
>>> From there, it's a worm if it infests and a virus if it infects, and
>>> both if it serves both functions.
>>
>> you misunderstood what he was saying.. that's not *his* hierarchy,
>> that's the one put forward by folks who are trying to talk down to the
>> masses...
>>
>> further, your 'correction' indicates a half-measure... you allow for
>> overlap between virus and worm but none with trojan...
>
> Because a worm and a virus replicates, whereas a trojan doesn't (on its
> own).

says you and some misguided definitions you've found...

a trojan presents itself in a fraudulent manner, so do many viruses and
  worms... if self-replication is justification enough to allow overlap
between worm and virus then fraudulent presentation should be enough to
justify allowing overlap between trojans and viruses and worms...

>> the point of the above hierarchy is to get rid of all overlapping to
>> make it simple for the average joes to understand...
>
> Then howabout dynamic malware v. stagnet malware. That should be simple
> enough for the average Joe to understand.

i'm not the least bit concerned with what is simple enough for the
average joe to understand at the moment - dumbing things down for the
lowest common denominator is a mistake as far as i'm concerned... i'm
more focused on accuracy than on simplicity...

>> the reality is that none of them are necessarily mutually exclusive
>> but in the old days there weren't many occurrences of overlap so
>> misinterpretations have arisen...
>>
> But how can you have a program that replicates while at the same time
> doesn't replicate.

non-replication is an artificial constraint for trojans, it was added
for no good reason except to dumb things down for the neophytes...
trojans have existed since before self-replicating code was a real
concern, there's no reason 'non-replication' would have been made part
of the original definition... and the lack of mutual exclusivity
between other forms of malware suggests there's no need to add
non-replication to the definition of "trojan horse program" now...

refer to the comp.virus/virus-l faq for a definition that wasn't penned
specifically for the unwashed masses...
(http://www.faqs.org/faqs/computer-virus/faq/) 

-- 
"we're the first ones to starve, we're the first ones to die
the first ones in line for that pie in the sky
and we're always the last when the cream is shared out
for the worker is working when the fat cat's about"

Relevant Pages