From: Bruce Satow (satow@ssl.berkeley.edu)
Date: Thu Nov 07 2002 - 15:34:58 PST
Hi Aron,
Yeah, that site is overly specific. I just wanted to point out to
people the fact that even though you may have an anti-virus program
installed, it doesn't mean that you are safe from being compromised via
trojan or worm.
Also check out http://www.grc.com and look at the leak detector. Some
trojans are 'one-way' doors just sending out information to some
location....
-Bruce
Aron Roberts wrote:
>
> At 13:21 -0800 2002-11-07, Bruce Satow wrote:
> >This page is quite informative.
> >
> >http://www.anti-trojan.net/en/home.aspx
>
> Thanks, Bruce, for this reference!
>
> A minor nit: this page page claims that trojans "... or often
> called backdoors ... run every time you boot up your machine" and
> "open... a port (channel) ... which can be used by an attacker to
> connect to your computer."
>
> That's overly specific. Not all trojans set up 'backdoors,' run at
> every boot, or offer a mechanism for outsiders to connect to, or
> control, your computer over a network.
>
> The 'classic' definition of a trojan is much broader: a computer
> program that pretends to be something that it is not. Typically,
> trojans masquerade as system utilities, file viewers, games, or some
> other type of useful or fun program, but also (or instead) perform
> some non-stated action(s). Often these actions are destructive, but
> some trojans perform actions which are merely annoying ... or even
> inconsequential.
>
> The following is a set of definitions for the term "trojan horse"
> gathered from a variety of sources by "Google Glossary," an
> automated, experimental service on the "Labs" site of the Google
> search engine. See also the 'related phrases' at the top of this
> page:
>
> http://labs.google.com/glossary?q=trojan+horse
>
> The following is my idiosyncratic, high level summary of the
> differences between "viruses," "worms," and "trojans":
>
> - A "virus" is a piece of computer code that replicates by attaching
> itself to other code.
>
> Viruses typically attach themselves to code in existing files, on
> boot sectors of volumes, and the like. They intercept calls to
> legitimate functions performed by such code and run their own code
> to replicate themselves or carry out their other actions, destructive
> or otherwise. They may then allow the original code to continue
> executing.
>
> - A "worm" is a piece of computer code that replicates by
> copying itself to other computers over a network, but without
> specifically attaching itself to other code.
>
> Worms typically copy one or more whole files from one computer
> to another. Once copied to a new computer, they may then perform
> various actions, destructive or otherwise.
>
> - A "trojan" (aka "trojan horse") is a piece of computer code that
> purports to carry out one or more stated purposes, but also -- or
> instead -- performs one or more different, unstated actions.
>
> Just to clarify further: viruses, worms, and trojans might be, or
> might not be, destructive, whether intentionally or unintentionally.
> (Some which were intended by their authors to be benign -- perhaps
> intended just to replicate, and perhaps display "I was here"-type
> messages -- were badly programmed and thus inadvertently have caused
> harm, while others which were intended to be malicious have turned
> out to have had few deleterious effects, again due to programmer
> error.)
>
> Furthermore, viruses and trojans might, or might not, directly use
> network services. Worms almost always do so.
>
> Finally, some miscreants can combine features of one, two, or all
> three of these types. For instance, some trojans have been used as a
> means of spreading viruses, worms, or both. As another, more
> concrete example, some Microsoft Word "macro" viruses are written
> simply to spread from document to document on a single computer, and
> are only inadvertently propagated to other computers when they are
> sent as e-mail attachments or saved on network-mounted volumes. Some
> other Word macro viruses not only attach themselves to other
> documents, but may also contain 'worm' code which allows them to
> control other applications (such as Microsoft Outlook) to actively
> send themselves to other users via e-mail.
>
> Aron Roberts
> Workstation Software Support Group
>
> ------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> For information about Micronet, including subscribing to
> or unsubscribing from its mailing list and finding out
> about upcoming meetings, please visit the Micronet Web site:
> <http://micronet.berkeley.edu/>.
-- Bruce Satow Programmer/Analyst Space Physics Research Group Space Sciences Laboratory University of California Berkeley, California 94720-7450 USAemail: satow@ssl.berkeley.edu voice: (510) 643-2348 fax: (510) 643-8302 URL: http://sprg.ssl.berkeley.edu/~satow
"Kindness is not a sign of weakness"
------------------------------------------------------------------------ The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to or unsubscribing from its mailing list and finding out about upcoming meetings, please visit the Micronet Web site: <http://micronet.berkeley.edu/>.
This archive was generated by hypermail 2b29 : Thu Nov 07 2002 - 15:39:43 PST