Re: What is the difference between a worm and a trojan ?

From: FromTheRafters (!0000_at_nomad.fake)
Date: 06/04/04 

Date: Fri, 4 Jun 2004 00:17:31 -0400

"mike3" <mike4ty4@yahoo.com> wrote in message news:1d54b7e4.0406021829.45a558f6@posting.google.com...
> pmeister2@lycos.com (Peter Meister) wrote in message news:<c8e6db$2u5$00$1@news.t-online.com>...
> > Ok, I know the difference between a virus and a trojan. But what is the difference between a worm
> > and a trojan? Is the one a subset of the other type or are they completele different ?
> >
> > Peter
>
> All viruses, including worms,

So you subscribe to the belief that worms are a subset of viruses?

> can replicate once inside a computer.

That is a given (sort of) - especially since we are talking about "computer"
viruses and worms, but what if a program is "broadcast" throughout a LAN?
Where is the replication taking place?

> Trojans are just programs that promise one thing but do something
> completely different (and usually something bad) --

It is better to say that they do something *other* than expected, as
this still leaves open the possibility that it does also what is expected.
"Completely different" might be interpreted as not performing the
expected.

> for instance a
> program might promise to be a cool game but when executed it wipes
> your hard disk.

....or plays the game while punching holes in your data.

> But they _do_not_replicate_.

This is not a part of the definition of trojan.

> Viruses (including worms)

Why not "worms (including viruses)"? :O)

I like to keep them separated myself.

> REPLICATE. Trojans do not.

Trojans are just about what you had stated previously, whatever they do
beyond that, is beyond the definition of trojan.

> Since a virus and worm are pretty much the same thing, a self-replicating
> program, the difference is in the means of execution.

No, they are different things, hence the different names.

> File viruses simply piggyback on other programs within
> the computer they infect, so they require the user to activate or copy
> these programs to multiply and spread to other computers.

They are not specifically programmed to spread to other computers?
Okay for "file viruses" (whatever they are), but not for viruses, BSI's
are known to spread from computer to computer as a matter of their
design.

> Worm viruses are 100% self-contained,

Some are fragmented, with parts executing on separate computers.

> they do not require piggybacking on another program to be executed.

Yes, unless you consider process injection to be "piggybacking". Many
worms require a certain process (with a vulnerable buffer) to be executing
for their code to be injected. But, I suppose *technically* a "process" isn't
a "program" in this sense.

...lets not go there.

> Usually the user just executes the virus, it installs itself into the registry,

A virus does not need to install, nor does it have any use for the registry.
It just executes when the program it has infected is executed (or has been
somehow requested to execute).

> and proceeds to e-mail or otherwise propagate itself.

Worms do this, viruses generally replicate and place their progeny
into a place where they in turn will execute when another program
(the one that is said to be "infected" by it) is asked to execute. It
is this "program infection" that mainly distinguises a virus from a
worm.

> Trojans are just scraps of harmful code that do not replicate at all.

They can do many things in addition to the "definiton" without becoming
"not trojans".

> Trojans CAN NOT REPLICATE ON THEIR OWN.

Then why are there sooo many of them? :oD <rimshot>

> For the analogy to a biological system,...[...]...

Unfortunately, the biological analogy fails on many levels.

Relevant Pages