Re: What is the difference between a worm and a trojan ?
From: Big Will (SPAMwSPAMiSPAMlSPAMlSPAMbSPAM4SPAMeSPAMvSPAAAAAMeSPAMMITTYrSPAAAAM_at_nIeDONTtLIKE)
Date: 05/27/04
- Next message: Thor Kottelin: "Re: HTTPS and URL encoding"
- Previous message: Big Will: "Re: What is the difference between a worm and a trojan ?"
- In reply to: kurt wismer: "Re: What is the difference between a worm and a trojan ?"
- Next in thread: kurt wismer: "Re: What is the difference between a worm and a trojan ?"
- Reply: kurt wismer: "Re: What is the difference between a worm and a trojan ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 27 May 2004 12:17:33 -0700
kurt wismer wrote:
> Big Will wrote:
>
>> kurt wismer wrote:
>>
>>> Big Will wrote:
>
> [snip]
>
>>>> Because a worm and a virus replicates, whereas a trojan doesn't (on
>>>> its own).
>>>
>>>
>>> says you and some misguided definitions you've found...
>>>
>>> a trojan presents itself in a fraudulent manner, so do many viruses
>>> and worms... if self-replication is justification enough to allow
>>> overlap between worm and virus then fraudulent presentation should be
>>> enough to justify allowing overlap between trojans and viruses and
>>> worms...
>>
>>
>> Do you understand, however, that most viruses and worms do
>> fraudulently present themselves.
>
>
> of course...
>
>> By the way, it's splitting hairs but fraudulent presentation is not
>> the defining feature, just misleading the user.
>
>
> fraudulent presentation == misleading the user == trojan defining
> feature...
But it doesn't have to be fraudulently presented to mislead the user.
No representation of a program being installed without user's input such
that the program does an unadvertised function IS still misleading the
user, since the user is made unaware of the trojan horse being installed
in the first place.
>
>>>> Then howabout dynamic malware v. stagnet malware. That should be
>>>> simple enough for the average Joe to understand.
>>>
>>>
>>> i'm not the least bit concerned with what is simple enough for the
>>> average joe to understand at the moment - dumbing things down for the
>>> lowest common denominator is a mistake as far as i'm concerned... i'm
>>> more focused on accuracy than on simplicity...
>>
>>
>> And it's very accurate to classify malware as to if it replicates and
>> if it doesn't. Simple does not mean simplistic.
>
>
> yes, it is very accurate... unfortunately trojan doesn't mean
> non-replicator... using it thusly ruins your attempts at accuracy...
>
Depends on who you ask, and at no time did I say trojan=non-replicator,
just that non-replication is a prerequesite for a trojan horse.
>>>> But how can you have a program that replicates while at the same
>>>> time doesn't replicate.
>>>
>>>
>>> non-replication is an artificial constraint for trojans, it was added
>>> for no good reason except to dumb things down for the neophytes...
>>
>>
>> No, it's included to make classification and distinction between
>> viruses/worms and trojans easier.
>
>
> that's what i just said...
>
> please note that you are assuming there is supposed to be a strong
> distinction between trojan and virus - some people want there to be, but
> that doesn't make it so...
>
>>> trojans have existed since before self-replicating code was a real
>>> concern, there's no reason 'non-replication' would have been made
>>> part of the original definition... and the lack of mutual exclusivity
>>> between other forms of malware suggests there's no need to add
>>> non-replication to the definition of "trojan horse program" now...
>>
>>
>> see above
>
>
> that neither addresses the lack of a non-replication constraint in the
> original definition, nor my position that one isn't needed in the
> current definition...
>
>>> refer to the comp.virus/virus-l faq for a definition that wasn't
>>> penned specifically for the unwashed masses...
>>> (http://www.faqs.org/faqs/computer-virus/faq/)
>>>
>> And they state in the definition that "many people use the
>> term "Trojan" to refer only to *non-replicating* malware, so that the
>> set of Trojans and the set of viruses are disjoint."
>> (http://www.faqs.org/faqs/computer-virus/faq/, 5-26-04 GMT -7)
>
>
> consider reading the entire sentence... namely the part that prefaces
> that and says "despite the definitions", which clearly indicates that
> that distinction is not part of the definition but rather wishful
> redefining on the part of the practitioners...
>
I believe that's referring to the two opposing definitions of viruses as
trojan horses, and not to the definition of trojan horse itself. Please
read again.
-- William If it don't work, hit it. If it still don't work, kick it. If it works after that, than it doesn't matter if that helped, what's important is it works.
- Next message: Thor Kottelin: "Re: HTTPS and URL encoding"
- Previous message: Big Will: "Re: What is the difference between a worm and a trojan ?"
- In reply to: kurt wismer: "Re: What is the difference between a worm and a trojan ?"
- Next in thread: kurt wismer: "Re: What is the difference between a worm and a trojan ?"
- Reply: kurt wismer: "Re: What is the difference between a worm and a trojan ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
