Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Wanet Telecoms Ltd on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Virus, worm, trojan horse, et cetera ad nauseaum 2
- Thread starter Dimandja
- Start date
-
2
- #2
craigsboyd
IS-IT--Management
Good question Dimandja. I am going to take the lazy man's way out of this though and post a link to what I believe to be one of the better pages at describing these various terms:
In an effort to redeem myself...
The largest confusion for me (and most) is the difference between a "Virus" and a "Worm". "Trojan Horse" is easy in that it doesn't replicate itself and it is usually passed of as some kind of program that is either harmless or useful in some way, but is designed to do something completely different and usually malicious. "Virus Hoax" is also easy in that whatever file is being deemed a virus is not a virus at all, and more often than not it is a critical system file that the hoaxer is trying to get you to delete or otherwise destroy.
So what is the difference between a "Virus" and a "Worm"? While Symantec does a pretty good job of trying to explain the differences, it is still a little muddled for my taste. You kind of have to read between the lines on what they said. For me it is like this:
Worms propagate themselves from machine to machine. Traditionally worms did not destroy or otherwise damage files or harddrives (though many have since begun to carry payloads) on the user's machine/server and would delete itself from the previous hosts as it moved from system to system (which is very much like a worm moving through the ground or an apple). They (worms) would just eat up system/network resources as it looked for other systems to move to (there again, this was before these nasty little buggers started carrying payloads). They can and most of the time do reside completely in memory.
Viruses (virii if you prefer) on the other hand are designed to infect files and harddrives on the machine where they reside. They do not move from machine to machine without some human intervention. They instead move (on their own) from file to file or drive to drive within the host machine. Viruses also carry a malicious payload. The two litmus tests that all programs must pass to be considered a virus are: it must execute itself and it must replicate. Now, the "execute itself" part is often done by inserting itself into a host file/process so that when the file/process gets executed so does the virus code.
So what was Symantec trying to say in that link I posted above... when they were talking about the "host file" as a significant difference between viruses and worms? Well, a virus attaches itself to/infects another process/program/file while a worm is the process/program/file (even if a worm resides within a document, the entire file is to be considered the worm as the document was created for the express purpose of hosting the worm).
So why do the lines between the terms Trojan Horse, Virus, and Worm get so muddled? Well consider the following:
A virus that spreads itself via email without actually delivering the payload. It is spreading across a network and is not infecting files or drives of the host system (yet) but is indeed moving from machine to machine, so it's a worm. Now let's take that a step further in saying that the email has line in it that says "open the attachment to receive the newest patch for Windows Media player" and the attachment is really the means by which this virus (err... worm) is moving from machine to machine. Now we have a Trojan Horse... because it says it is a good patch that we need and yet does something entirely different than what we expect. So now we have a virus, that is really a worm that is also a Trojan Horse and once it executes itself, delivers the payload, and begins to replicate on a user's machine it is a no longer a worm or a Trojan Horse, it is a virus.
So, I give up!![[smile]](/data/assets/smilies/smile.gif "[smile] [smile]")
In an effort to redeem myself...
The largest confusion for me (and most) is the difference between a "Virus" and a "Worm". "Trojan Horse" is easy in that it doesn't replicate itself and it is usually passed of as some kind of program that is either harmless or useful in some way, but is designed to do something completely different and usually malicious. "Virus Hoax" is also easy in that whatever file is being deemed a virus is not a virus at all, and more often than not it is a critical system file that the hoaxer is trying to get you to delete or otherwise destroy.
So what is the difference between a "Virus" and a "Worm"? While Symantec does a pretty good job of trying to explain the differences, it is still a little muddled for my taste. You kind of have to read between the lines on what they said. For me it is like this:
Worms propagate themselves from machine to machine. Traditionally worms did not destroy or otherwise damage files or harddrives (though many have since begun to carry payloads) on the user's machine/server and would delete itself from the previous hosts as it moved from system to system (which is very much like a worm moving through the ground or an apple). They (worms) would just eat up system/network resources as it looked for other systems to move to (there again, this was before these nasty little buggers started carrying payloads). They can and most of the time do reside completely in memory.
Viruses (virii if you prefer) on the other hand are designed to infect files and harddrives on the machine where they reside. They do not move from machine to machine without some human intervention. They instead move (on their own) from file to file or drive to drive within the host machine. Viruses also carry a malicious payload. The two litmus tests that all programs must pass to be considered a virus are: it must execute itself and it must replicate. Now, the "execute itself" part is often done by inserting itself into a host file/process so that when the file/process gets executed so does the virus code.
So what was Symantec trying to say in that link I posted above... when they were talking about the "host file" as a significant difference between viruses and worms? Well, a virus attaches itself to/infects another process/program/file while a worm is the process/program/file (even if a worm resides within a document, the entire file is to be considered the worm as the document was created for the express purpose of hosting the worm).
So why do the lines between the terms Trojan Horse, Virus, and Worm get so muddled? Well consider the following:
A virus that spreads itself via email without actually delivering the payload. It is spreading across a network and is not infecting files or drives of the host system (yet) but is indeed moving from machine to machine, so it's a worm. Now let's take that a step further in saying that the email has line in it that says "open the attachment to receive the newest patch for Windows Media player" and the attachment is really the means by which this virus (err... worm) is moving from machine to machine. Now we have a Trojan Horse... because it says it is a good patch that we need and yet does something entirely different than what we expect. So now we have a virus, that is really a worm that is also a Trojan Horse and once it executes itself, delivers the payload, and begins to replicate on a user's machine it is a no longer a worm or a Trojan Horse, it is a virus.
So, I give up!
- Status