Worm bait?

Derek Martin invalid at pizzashack.org
Wed Aug 20 11:20:23 EDT 2003 

On Wed, Aug 20, 2003 at 10:17:41AM -0400, Jeff Kinz wrote:
> On Wed, Aug 20, 2003 at 12:08:04AM -0400, J. Hunter Heinlen wrote:
> > > Trojan - any program described to be benign or beneficial but actually
> > > a worm or virus in disguise.  See "Trojan Wars".
>
> > Er....  Not quite my understanding.  A trojan program is any program
[SNIP]
> None of the specifics you give here conflict with the general definition
> I gave above.

From a purely semantic perspective, it does.  You state that a trojan
is a worm or virus in disguise.  This is false.  In order to be a
virus, the program must have some means of replicating itself.  In
order to be a worm, the program must actively seek entrance to other
computers via some security hole.  A trojan may well do neither of
these, and in fact may have no malicious effect whatever.  It need
only purport to do one thing, and secretly do another.  Thus your
definition isn't quite right.

From a practical perspective, it's close enough.

One issue here is, who gets to define these terms?  The technical
definitions of these various forms of attack comes to us by way of
those who created them, but the meanings become interpreted over time
throught the use and misuse of them by the general public.  Words mean
what you use them to mean.  Whose definition is authoritative?

FWIW, here are the definitions as I have come to know them:

Virus: 	any program capable of replicating itself in some manner.

Worm: 	any program which automatically seeks to gain entrance to remote
	systems, and which when it succeeds, starts a new instance of
	itself on the new host

Trojan: any program which secretly does something other than what it
        purports to do

Backdoor: any program used to provide a non-conventional means of
	remotely accessing a system

Bot:	any program which automatically intercepts events and acts on
	them on behalf of its user

So then, a worm is a specific kind of virus, because it
self-replicates.  Many of the other definitions of these terms I've
seen place arbitrary restrictions on them, such as "it propogates by
e-mail" or "it contains X form of malware" -- in general, these
additional restrictions are artificial, deriving from more common
examples of such malware, and from more common usages in modern
language.  These classifications are intented to be a bit more general
than that.

It is also worth noting that it is possible to have examples of all of
these which are not malicious in intent, though you may have to use
your imagination to come up with useful examples...  I leave that as
an exercise for the reader.  :)

-- 
Derek D. Martin
http://www.pizzashack.org/
GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address.
Replying to it will result in undeliverable mail.
Sorry for the inconvenience.  Thank the spammers.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.blu.org/pipermail/discuss/attachments/20030820/454137b9/attachment.sig>

More information about the Discuss mailing list