Virus or Worm ??
John Carroll
question - what is the differnce between a virus and a worm [besides
you can't fish with a virus :-)].
My 6 year old kid has been asked to explauin this for homework - I'm
afraid I don't have a notion.
Pleae could you explain it in very basic layman's terms......
Many thanks
BananaPannaPoe-
A program or piece of code that is loaded onto your computer without your
knowledge and runs against your wishes. Viruses can also replicate
themselves. All computer viruses are manmade. A simple virus that can make a
copy of itself over and over again is relatively easy to produce. Even such
a simple virus is dangerous because it will quickly use all available memory
and bring the system to a halt. An even more dangerous type of virus is one
capable of transmitting itself across networks and bypassing security
systems.
WORM:
(1) A program or algorithm that replicates itself over a computer network
and usually performs malicious actions, such as using up the computer's
resources and possibly shutting the system down. Also see virus.
"John Carroll" <'DeletethisBit'CAR...@BTINTERNET.COM> wrote in message
news:tkm9lv0al4eh7h92a...@4ax.com...
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.514 / Virus Database: 312 - Release Date: 8/28/2003
Charles
Probably one of many posts your will see. There is allot of reading
out there, and some well known names that frequent this newsgroup.
Sources:
http://www.trendmicro.com/en/security/general/virus/overview.htm
http://us.mcafee.com/virusInfo/default.asp?id=glossary
http://www.sophos.com/virusinfo/
http://www.nai.com/us/security/vil.htm
... these are a few commercial ones, there are many more out there.
Charles
Ed Wurster
"John Carroll" <'DeletethisBit'CAR...@BTINTERNET.COM> wrote in message
news:tkm9lv0al4eh7h92a...@4ax.com...
A virus attaches to a program, and then causes damage.
A worm makes copies of itself, and places these in other parts of the
network. It uses up the computer's memory to perform malicious acts.
A trojan horse pretends to be something useful or funny, but in fact causes
damage when you open it.
I created these brief summaries from:
http://www.ciol.com/content/home/techie/100072501.asp
I would use the real-life objects that these are named from, and use that in
the explanation to 6-year olds.
Ed
John Carroll
Thanks everybody - your comments were very useful - In particular, I
found the link that Ed posted very informative
OK - One thing that really has me puzzled is the mode of transmission
of these furry creatures. Am I right in saying that a virus or trojan
horse can only infect my PC if I actually run an executable program
such as from a floppy or email attachment. Receiving an email per se
cannot infect my system, nor can visiting a particular web site. On
the other hand, a worm can be acquired passively if I have an open
port and no firewall in operation - yes??
Thanks once again,
John
kurt wismer
depends on the definitions... some would say that viruses are a subset
of worms (worms = self-replicating programs, viruses = self-replicating
programs that attach themselves to other programs {otherwise known as
infecting other programs}), others would say that worms are a subset of
viruses (viruses = self-replicating programs, worms = self-replicating
programs that *don't* attach themselves to other programs)...
and still others might simply tell you that viruses infect while worms
infest...
--
"hungry people don't stay hungry for long
they get hope from fire and smoke as the weak grow strong
hungry people don't stay hungry for long
they get hope from fire and smoke as they reach for the dawn"
FromTheRafters
"John Carroll" <'DeletethisBit'CAR...@BTINTERNET.COM> wrote in message news:tkm9lv0al4eh7h92a...@4ax.com...
Haha...this should be good. ;o)
You will probably get a wide variety of different answers,
I did when I asked this same question some time ago.
Worms don't need to "infect" program files or other
programmed instruction units in order to be executed.
By "programmed instruction units" I refer to boot sector
code, volume boot code ~ programs not stored in files.
Viruses always rely on the execution or attempted execution
of a program (or list of programmed instructions) to execute.
Pure worms won't even need to write anything to persistant
storage, and are strictly a network entity. Other worms that
are less pure (but still not viruses) can use persistant storage
and can rely on the OS or the user to execute them.
It should be noted that individual malware programs can have
aspects of worm/virus/trojan all rolled into one ~ and that the
terms are by no means mutually exclusive. For instance Klez.h
could be considered a trojan as an e-mail attachment purporting
to be something else ~ when executed it "infects" files as a virus
*and* installs itself like a worm.
FromTheRafters
"Michael Cecil" <mac...@comcast.net> wrote in message news:din9lv09t29tc8gti...@4ax.com...
> and a computer worm?
Six year olds are more intelligent than they were when we were
that age.
He's probably preparing for some Canadian college course....
FromTheRafters
"John Carroll" <'DeletethisBit'CAR...@BTINTERNET.COM> wrote in message news:pkcalvgc9l3ivvqqm...@4ax.com...
> Thanks everybody - your comments were very useful - In particular, I
> found the link that Ed posted very informative
>
> OK - One thing that really has me puzzled is the mode of transmission
> of these furry creatures. Am I right in saying that a virus or trojan
> horse can only infect my PC if I actually run an executable program
> such as from a floppy or email attachment.
As for trojan, I would say that the answer is yes. The "trojan"
aspect is an attempt to fool the recipient into executing the
malware. As for the others, there are many ways to have
malware execute on your computer, and not all of them will
require your aid. For example Blaster was downloaded and
executed by way of a vulnerability exploit, that same exploit
could have easily been used for a virus or any othe malware
type. The variant created by Teekid also included a "backdoor"
which would likely be detected as a "trojan" even though it
didn't get installed by trojianic means in this case.
> Receiving an email per se
> cannot infect my system, nor can visiting a particular web site.
This depends on the applications used to perform those
acts, and the OS supplied code used with them. Most
people will call a thing a worm if it causes itself to travel
across a network somehow. A malware that copies itself
to a shared KaZaA folder becomes wormlike due to its
being shared.
> On the other hand, a worm can be acquired passively if I have an open
> port and no firewall in operation - yes??
No, any executable can be acquired by those means, and any
executable can have any combinations of those traits which are
attributable to worms/viruses/trojans etc...
Hey, there is no easy answer here ~ and I am surprised
if a teacher really expected a definitive answer to this
question. It seems more like an exercise in futility. ;o)
Al.Kaseltzer
> VIRUS
> A program or piece of code that is loaded onto your computer without
> your knowledge and runs against your wishes. Viruses can also
not necessarily to both points there
> replicate themselves. All computer viruses are manmade. A simple
> virus that can make a copy of itself over and over again is
> relatively easy to produce. Even such a simple virus is dangerous
> because it will quickly use all available memory and bring the system
> to a halt. An even more dangerous type of virus is one capable of
remarkably few of them do that.
> transmitting itself across networks and bypassing security systems.
and that's not an essential feature of a virus
Virus: self-replicating program which is parasitic on some other computer
code (program file, active document, boot sector, etc)
>
> WORM:
> (1) A program or algorithm that replicates itself over a computer
> network and usually performs malicious actions, such as using up the
> computer's resources and possibly shutting the system down. Also see
> virus.
Stop at the word network, you've got the definition of a worm.
Ed Wurster
"FromTheRafters" <!00...@nomad.fake> wrote in message
news:vlao2fd...@corp.supernews.com...
>
> "John Carroll" <'DeletethisBit'CAR...@BTINTERNET.COM> wrote in message
news:pkcalvgc9l3ivvqqm...@4ax.com...
>
> if a teacher really expected a definitive answer to this
> question. It seems more like an exercise in futility. ;o)
>
I think the teacher has asked a question that is difficult for kids so young
to fully understand, and answer. Some kids will understand, others will not.
There are a few bright kids who understand it now, but that is because of
their unique experience at home. In the classroom it will be very difficult
to explain since most of the kids are at the age where they are BEGINNING to
abstract. I think that if the explanation is accompanied with real-life
examples, then more than a few will "get it."
For instance, the trojan horse classical story is obvious. I'm not sure what
story or example could be used with virus or worm.
Great topic.
Ed
FromTheRafters
"Ed Wurster" <ea_wu...@comcast.net> wrote in message news:h9adnfQ_sM8...@comcast.com...
Indeed. However, even the *Trojan Horse* story doesn't really
reflect the usage of *trojan* with regard to malware. The closest
thing in malware that approximates the big wooden horse is now
called a "dropper", and the greek soldiers being dropped are the
approximation of what is now referred to as *trojan*. Now, if the
*dropper* makes a pretense of being something other than what
it is, it itself is a trojan in the traditional sense.
Take for instance an e-mail with an attachment called spiderman.exe
which purports to be a screensaver featuring "Spidey" from comic
book fame. When run it installs Spiderman.scr and sets it up as a
screensaver just as it promised it would ~ but also installs another
program called backdoor_server.exe. Spiderman.exe, as it turns
out, is a traditional trojan horse because it had a hidden agenda,
when it functioned as a *dropper* for backdoor_server.exe ~ and
backdoor_server.exe would be called a trojan even though it
doesn't purport to be anything other than what it is.
If Spiderman.exe had been named backdoor_dropper.exe
and been run anyway, then the traditional wooden horse
would be called a *dropper* and the backdoor a *trojan*
even though no pretense was made with either.
Confused yet?
Actually, the definition of "trojan", that is, *the working
definition*, has yet to be arrived at. It has been suggested
that a hidden agenda is all that is required for a thing to
be a trojan, but many believe that to be an unsatisfactory
*working* definition. A legitimate "Remote Administration
Tool" (or RAT) could be used as a trojan (remote access).
Jim Butterfield
<'DeletethisBit'CAR...@BTINTERNET.COM> wrote:
>Apologies to all you learned folk out there for this very simplistic
>question - what is the differnce between a virus and a worm [besides
>you can't fish with a virus :-)].
Maybe too late for your kid's homework assignment, but this
interesting bit comes from documentation in the F-Prot virus package.
Oddly, it does not reference the term "worm", which I would informally
describe as "a virus that enters your system without requiring any
action on your part". Apart from turning the computer on, of course.
=======================
Well, the best definition we have been able to come up with is the
following:
#1 A virus is a program that is able to replicate, that is create
(possibly modified) copies of itself.
#2 The replication is intentional, not just a side-effect.
#3 At least some of replicants in turn are also viruses by the same
definition.
#4 A virus has to attach itself to a "host", in the sense that
execution of the host implies execution of the virus.
#1 distinguishes viruses from non-replicating malware, such as ANSI
bombs.
#2 distinguishes between viruses and programs such as DISKCOPY.COM
that can replicate.
#3 is needed to exclude certain "intended viruses", that attempt to
replicate, but fail - they simply do not qualify as "real" viruses.
#4 is necessary to distinguish between viruses and worms, which do not
require a host.
A Trojan is a program that pretends to do something useful (or at
least
interesting), but when it is run, it may have some harmful effect,
like
scrambling your FAT (File Allocation Table), formatting the hard disk
or
releasing a virus.
Viruses and Trojans may contain a "time-bomb", intended to destroy
programs or data on a specific date or when some condition has been
fulfilled.
A time bomb is often designed to be harmful, maybe doing something
like
formatting the hard disk. Sometimes it is relatively harmless,
perhaps
slowing the computer down every Friday or making a ball bounce around
the
screen. However, there is really no such thing as a harmless virus.
Even if
a virus has been intended to cause no damage, it may do so in certain
cases,
often due to the incompetence of the virus writer or unexpected
hardware
or software revisions.
<snip>
The major groups of viruses on PCs are boot sector viruses (BSV),
program
viruses and application viruses.
A BSV infects boot sectors on diskettes and/or hard disks. On
diskettes,
the boot sector normally contains code to load the operating system
files.
The BSV replaces the original boot sector with itself and stores the
original boot sector somewhere else on the diskette or simply replaces
it
totally. When a computer is then later booted from this diskette, the
virus takes control and hides in RAM. It will then load and execute
the
original boot sector, and from then on everything will be as usual.
Except, of course, that every diskette inserted in the computer will
be
infected with the virus, unless it is write-protected.
A BSV will usually hide at the top of memory, reducing the amount of
memory that the DOS sees. For example, a computer with 640K might
appear
to have only 639K.
Most BSVs are also able to infect hard disks, where the process is
similar
to that described above, although they usually infect the master boot
record instead of the DOS boot record.
Program viruses, the second type of computer viruses, infect
executable
programs, usually .COM and .EXE files, but they sometimes also infect
overlay files, device drivers or even object files.
<snip>
The third type of viruses are application viruses, which do not infect
normal programs, but instead spread as "macros" in various types of
files,
typically word-processor documents or spreadsheets. This type of
viruses
can easily spread through E-mail, when users unknowingly exchange
infected
documents.
In general, viruses are just program - rather unusual programs
perhaps,
but written just like any other program. It does not take a genius to
write one - many ten year old kids can easily create viruses.
============================
--Jim
-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----== Over 100,000 Newsgroups - 19 Different Servers! =-----
Nigel Blatheringstock
<f...@pathcom.com> wrote in part:
> On Tue, 2 Sep 2003 18:04:28 +0000 (UTC), John Carroll
> <'DeletethisBit'CAR...@BTINTERNET.COM> wrote:
>
> >Apologies to all you learned folk out there for this very simplistic
> >question - what is the differnce between a virus and a worm [besides
> >you can't fish with a virus :-)].
>
> Maybe too late for your kid's homework assignment, but this
> interesting bit comes from documentation in the F-Prot virus package.
> ...
>
> --Jim
All right, Jim, I must enquire.
I became a computer hardware & software specialist in 1959. Over the
ensuing years I learned to pay particular attention to the work of a
prolific, articulate and inventive contributor named Jim Butterfield.
If you are that Jim Butterfield -- if you remember names like David
Ahl, Carl Helmers, Chuck Peddle, Portia Isaacson and Hal Chamberlin; if
terms like Fall Joint, Spring Joint, PET and KIM-1 bring a grin; if you
too hoard your back issues of Compute!, Byte, Kilobaud and Creative
Computing -- then your reply to John's question has afforded me a
chance to repay a debt:
Thank you, Jim Butterfield, for making an affirmative difference in my
life and career.
OTOH, if you are not that Jim Butterfield, I suspect you'd enjoy
researching your namesake's milestones along the road to now.
With warm regards either way,
Nigel
--
Nigel
cquirke
>>Apologies to all you learned folk out there for this very simplistic
>>question - what is the differnce between a virus and a worm [besides
>>you can't fish with a virus :-)].
The first point to make is that these terms are no longer useful as
generic hand-basket nouns, though still relevant as adjectives. The
reason is that modern malware written in higher-level languages
typically combine multiple penetrative behaviours.
See http://users.iafrica.com/c/cq/cquirke/malware.htm and
http://users.iafrica.com/c/cq/cquirke/safe2000.htm for coverage of
these.
All code is interpreted, whether it be raw code, scripts, or "safe"
data that happens to break through an "unchecked buffer". Raw code
that is interpreted in hardware is generally referred to as being
executed. In each case, the interpreter is the (initial) environment
that the code runs in, and places limits on what the code can do -
limits that can often be escaped either through flaws in the
interpreter, or as a series of escalation strategies that fall within
the intended design (if not intention) of the interpreter.
Viral behavior involves infecting an existing structure with the
malware code, so that the structure becomes a stealth vehicle for the
propagation of the malware. File viruses infect files, be they raw
code, macro-capable "documents" (Office, HTML), or email messages
enjoying similar exploitability thanks to running of scripts. Boot
viruses infect pre-file-system boot code and spread via disks.
Infoshphere viruses infect components of the infosphere such as
individual PCs (e.g. Kazaa shared directories).
Worms don't just sit inside objects and wait to be carried when the
object is transported - they initiate their transmission directly.
The purest worms may never exist as files at all, merely flitting
across the infosphere as a series on in-RAM tasks that spread through
broken network code to other systems in the network.
Trojans appear to be useful or desirable and are either downloaded on
that basis. Various Kazaa bait, the famous old PKZIP300.EXE and
others, and incoming emaul attackments purporting to be MS security
patches or kewl screensavers are using the trojan concept as Social
Engineering (SE) to encourage spread, while most malware that exist as
pure malware files (as opposed to in-memory worm processes or viral
code embedded in "real" files) try to masquerade as files that should
be there, with names like WinSys32.exe and so on.
Many modern malware do all of these things. Melissa could be called a
virus because if infects Word documents and thus spreads with "real"
files that cannot be spotted through out-guessing attempts at SE.
Melissa could be called a worm because it initiates spread by
automating Outbreak to send itself out.
Most modern malware aren't really viruses in the sense that they
infect existing files; rather, they worm themselves out as pure
malware files, relying on trojan SE to gain acceptance (or breaking
through software defects without the need for user to be SE'd). But
they may use multiple propagation strategies; p2p networks, chat,
email, etc. so that it's better to use "malware" as a generic term.
>--------------- ----- ---- --- -- - - -
Error Messages Are Your Friends
>--------------- ----- ---- --- -- - - -
KP KP
David W. Hodgins
> On Monday, September 8, 2003 at 2:27:19 AM UTC-7, cquirke wrote:
>> >On Tue, 2 Sep 2003 18:04:28 +0000 (UTC), John Carroll
Any particular reason for replying to a message from 19 years ago?
Regards, Dave Hodgins
David Brooks
https://www.ipaddress.com/ipv4/209.52.142.120
(See KPs message header for detail)
KP KP
Sorry. Just getting the hang of this groups thing. Didn't realize I posted.
David Brooks
KP KP
Lol.
David Brooks
> On Monday, August 8, 2022 at 4:03:11 AM UTC-7, David Brooks wrote:
>> On 08/08/2022 00:43, KP KP wrote:
>>> On Saturday, August 6, 2022 at 3:09:45 PM UTC-7, David W. Hodgins wrote:
>>>> On Sat, 06 Aug 2022 17:33:57 -0400, KP KP <jungl...@outlook.com> wrote:
>>>>> On Monday, September 8, 2003 at 2:27:19 AM UTC-7, cquirke wrote:
>>>>>>> On Tue, 2 Sep 2003 18:04:28 +0000 (UTC), John Carroll
>>>>> nice
>>>>
>>>> Any particular reason for replying to a message from 19 years ago?
>>>>
>>>> Regards, Dave Hodgins
>>>
>>>
>>> Lol,
>>>
>>> Sorry. Just getting the hang of this groups thing. Didn't realize I posted.
>> You may ask for help, here:-
>>
>> https://tekrider.net/pages/tekkcontact.php
>>
>> Good luck! 🙂
The public IP address 209.52.142.120 is located in Surrey, British
Columbia, Canada. It is assigned to the ISP Telus Communications. The
address belongs to ASN 852 which is delegated to TELUS Communications.
HTH
--
Kind regards,
David B.
