|
|
| Home > Software > computer-virus > |
VIRUS-L/comp.virus Frequently Asked Questions (FAQ) v2.00 |
Section 1 of 6 - Prev - Next
All sections - 1 - 2 - 3 - 4 - 5 - 6
Archive-name: computer-virus/faq
Last-modified: 9 October 1995, 11:00 AM NZD
-----BEGIN PGP SIGNED MESSAGE-----
Frequently Asked Questions on Virus-L/comp.virus
Release 2.00
Last Updated: 9 October 1995, 11:00 AM NZD
=========================
= Using this FAQ sheet: =
=========================
This document is intended to answer some Frequently Asked Questions
(FAQs) about computer viruses. This FAQ sheet has been compiled by some
of the main contributors to the Virus-L mailing list and its USENET news
fan-out, comp.virus. The Preface Section (below) explains the multi-
part nature of the FAQ sheet and how to ensure you have "the genuine
article", and gives details on version numbers and contacting the
authors with questions and suggestions. If you are seeking help after
discovering what you suspect is a virus on your computer, read the
Preface Section, skim through Sections A and B for the essential jargon,
then concentrate on Section C.
If you feel that you may have found a new virus, or are not quite sure
if some file or boot sector is infected, please refer to Section F
Question #4 (F4) before posting a request for assistance. The answer to
this question has been developed to ensure new readers of Virus-L/
comp.virus understand the protocol for raising such questions and to
help them avoid asking questions that can be answered in this document.
If you are looking for help in designing and implementing an antivirus
policy or system, read all of Sections B through F inclusive, paying
particular attention to Section D.
Please read the full list of questions carefully--as with most complex
topics, dozens of different virus-related questions turn out to be about
similar phenomena. If you don't find your exact question here, look
closely at the ones that seem vaguely similar.
Above all, remember that the time to really worry about viruses is
*before* your computer gets one!
====================
= Preface Section: =
====================
The Virus-L/comp.virus FAQ sheet is normally posted to on-line services
and sent via e-mail in one of two forms: As a single, large (>160KB)
file, or in four separate pieces. Either or both of these forms may be
available for download from FTP sites and BBSes.
The one-piece FAQ sheet should be available in a file called
vlfaqxyy.txt, where "xyy" is the current version number (starting from
200 in mid-1995 for version 2.00). The multi-part version is created by
splitting the main FAQ sheet into four pieces as follows:
Filename Contains
FAQ Sections
==============================
vlfxyy-1.txt A & B
vlfxyy-2.txt C & D
vlfxyy-3.txt E & F
vlfxyy-4.txt G
(with "xyy" again representing the current version number). Please do
not make your own multi-part FAQ, as each of the parts in the "official"
multi-part version include additional preface information.
Either or both versions may also be available in some form of compressed
archive--in this case the "name part" of the filename should be the same
as the original file with the extension being replaced (or appended) as
appropriate for the archiving method used. Please *do not* repackage
the multi-part FAQ into one large archive file, as this defeats the sole
purpose for creating it--to ensure that the FAQ sheet is "officially"
available in a readable form that will pass unmolested through most
e-mail gateways.
All the files in either version of the FAQ sheet are signed with Nick
FitzGerald's PGP key. Nick's public key can be retrieved from the main
PGP key servers. If you do not know what PGP is, but wish to validate
your copy of the FAQ sheet, you should read the USENET newsgroup
alt.security.pgp [please do *not* e-mail me, as I am not a PGP expert--
FAQ maintainer].
The FAQ sheet is a dynamic document, changing as people's questions
change. The version number also changes as *any* changes are made.
Version numbers containing a "d" are drafts and should *not* be made
publicly available, nor distributed. We ask for your cooperation in
deleting and not further distributing "d" versions of the FAQ sheet. If
you have any questions or contributions, please e-mail them to the FAQ
sheet maintainer, Nick FitzGerald, at:
n.fitzgerald@csc.canterbury.ac.nz
The most recent copy of the FAQ sheet will always be available on the
Virus-L/comp.virus archives, including by anonymous FTP on corsa.ucr.edu
(IP = 138.23.166.133) in the directory pub/virus-l.
A WWW version of the FAQ sheet, with cross-references and file links is
currently under development, as is a WinHelp version with cross-
references (if you would like to assist with these efforts, or to port
one of these formats to another popular hypertext help format, please
contact the FAQ sheet maintainer so we can better coordinate this work).
In various places the FAQ sheet mentions products by name. This is
usually only for illustrative purposes. Such references should *not* be
taken to imply that all, some, or any of the contributors to this FAQ
sheet endorse any such product for any purpose or that such products are
the *best* examples of what is being discussed. Such refernces are
usually because the products named were the first to implement a
particular feature or function. Further, that a given product is *not*
mentioned in the FAQ should not be taken as an indication of its quality
or suitability for any task.
Various brand and product names are used throughout the FAQ sheet--these
remain trademarks or registered trademarks of their respective holders.
Unless indicated otherwise, prices are given in US dollars and should be
taken as guides only. Telephone numbers include an indication of the
time-zone relative to GMT--some of these are very approximate, but
should be close enough to save you ringing in the middle of the
receiver's night!
Nick FitzGerald, Virus-L/comp.virus FAQ sheet maintainer.
================================================
= Primary contributors (in alphabetical order) =
================================================
The following people have provided significant content and/or editorial
input to this FAQ sheet:
Mark Aitchison
Vaughan Bell
Claude Bersano-Hayes
Matt Bishop
Vesselin Bontchev
Bruce Burrell
David Chess
John-David Childs
Olivier M. J. Crepin-Leblond
Nick FitzGerald
Richard Ford
Alan Glover
Sarah Gordon
Yaron Y. Goland
Mikko Hypponen
John Kida
Kevin Marcus
Anthony Naggs
Donald G. Peters
A. Padgett Peterson
Y. Radai
Brian Seborg
Fridrik Skulason
Rob Slade or
Gene Spafford
Otto Stolz
Ken van Wyk
====================
Questions answered in this document
Section A: Sources of Information and Antivirus Software
(Where can I find HELP?!!)
A1) What is Virus-L/comp.virus?
A2) What is the difference between Virus-L and comp.virus?
A3) How do I get onto or off Virus-L/comp.virus?
A4) What are the guidelines for Virus-L?
A5) How can I get back-issues of Virus-L?
A6) What are the known viruses, their names, major symptoms and
possible cures?
A7) Where can I get free or shareware antivirus programs?
A8) Where can I get more information on viruses, etc?
A9) Why is so much of the discussion in Virus-L/comp.virus about PCs
and DOS? Is this forum only for the PC world?
Section B: Definitions
(What is ...?)
B1) What are computer viruses (and why should I worry about them)?
B2) What is a Worm?
B3) What is a Trojan Horse?
B4) What are the main types of PC viruses?
B5) What is a stealth virus?
B6) What is a polymorphic virus?
B7) What are "fast" and "slow" infectors?
B8) What is a sparse infector?
B9) What is a companion virus?
B10) What is an armored virus?
B11) What is a cavity virus?
B12) What is a tunnelling virus?
B13) What is a dropper?
B14) What is an ANSI bomb?
B15) Miscellaneous Jargon and Abbreviations
Section C: Virus Detection
(Is my computer infected? What do I do?)
C1) What are the symptoms and indications of a virus infection?
C2) What steps should be taken in diagnosing and identifying viruses?
C3) What is the best way to remove a virus?
C4) What does the virus do?
C5) What are "false positives" and "false negatives"?
C6) Can an antivirus program itself be infected?
C7) Where can I get a virus scanner for my Unix system?
C8) Why does my scanner report an infection only sometimes?
C9) I think I have detected a new virus; what do I do?
C10) CHKDSK reports 639K (or less) total memory on my system; am I
infected?
C11) I have an infinite loop of sub-directories on my hard drive; am I
infected?
C12) Can a PC not running DOS be infected with a common DOS virus?
C13) My hard-disk's file system has been garbled: Do I have a virus?
Section D: Protection Plans
(What should I do to prepare against viruses?)
D1) What is the best antivirus program?
D2) Is it possible to protect a computer system with only software?
D3) Is it possible to write-protect the hard disk with software only?
D4) What can be done with hardware protection?
D5) Does setting a file's attributes to READ ONLY protect it from
viruses?
D6) Do password/access control systems protect my files from viruses?
D7) Do the protection systems in DR DOS work against viruses?
D8) Does a write-protect tab on a floppy disk stop viruses?
D9) Do local area networks (LANs) help to stop viruses or do they
facilitate their spread?
D10) What is the proper way to make backups?
Section E: Facts and Fibs About Computer Viruses
(Can a virus...?)
E1) Can boot sector viruses infect non-bootable DOS floppy disks?
E2) Can a virus hide in a PC's CMOS memory?
E3) Can a PC virus hide in Extended or in Expanded RAM in a PC?
E4) Can a virus hide in a PC's Upper Memory or its High Memory Area?
E5) Can a virus infect data files?
E6) Can viruses spread from one type of computer to another?
E7) Are mainframe computers susceptible to computer viruses?
E8) Some people say that disinfecting files is a bad idea. Is that
true?
E9) Can I avoid viruses by avoiding shareware, free software or games?
E10) Can I contract a virus on my PC by performing a "DIR" of an
infected floppy disk?
E11) Is there any risk in copying data files from an infected floppy
disk to a clean PC's hard disk?
E12) Can a DOS virus survive and spread on an OS/2 system using the
HPFS file system?
E13) Under OS/2 2.0+, could a virus infected DOS session infect another
DOS session?
E14) Can normal DOS viruses work under MS Windows?
E15) Can I get a virus from reading e-mail, BBS message forums or
USENET News?
E16) Can a virus "hide" in a GIF or JPEG file?
Section F: Miscellaneous Questions
(I have heard... I was just wondering...)
F1) How many viruses are there?
F2) How do viruses spread so quickly?
F3) What is the correct plural of "virus"? "Viruses" or "viri" or
"virii" or "vira" or...
F4) When reporting a virus infection (and looking for assistance), what
information should be included?
F5) How often should we upgrade our antivirus tools to minimize
software and labor costs and maximize our protection?
F6) What are "virus simulators" and what use are they?
F7) I've heard talk of "good viruses". Is it really possible to use a
computer virus for something useful?
F8) Wouldn't adding self-checking code to your programs be a good idea?
Section G: Specific Virus and Antivirus Software Questions...
G1) I was infected by the Jerusalem virus and disinfected the infected
files with my favorite antivirus program. However, WordPerfect
and some other programs still refuse to work. Why?
G2) Is my disk infected with the Stoned virus?
G3) I was told that the Stoned virus displays the text "Your PC is now
Stoned" at boot time. I have been infected by this virus several
times, but have never seen the message. Why?
G4) I was infected by both Stoned and Michelangelo. Why has my
computer become unbootable? And why, each time I run my favorite
scanner, does it find one of the viruses and say that it is
removed, but when I run it again, it says that the virus is still
there?
G5) My scanner finds the Filler and/or Israeli Boot virus in memory,
but after I boot from a clean floppy it reports no viruses. Am I
infected?
G6) I was infected with Flip and now a large part of my hard disk
seems to have disappeared. What has happened?
G7) What does the GenB and/or the GenP virus do?
G8) How do I "boot from a clean floppy"?
G9) My PC diagnostic utility lists "Cascade" amongst the hardware
interrupts (IRQs). Does this mean I have the Cascade virus?
G10) Occasionally the text "welcome datacomp" appears in my Mac
documents without me typing it. Is this a virus?
G11) How good are the antivirus tools included with MS-DOS 6?
G12) When I do a "DIR | MORE", I see two files with random names that
are not there when I just use "DIR". On my friends's system they
cannot be seen. Do I have a virus?
G13) What is the ChipAway virus? (Or ChipAwayVirus?)
===============================================================
= Section A. Sources of Information and Antivirus Software. =
===============================================================
A1) What is Virus-L/comp.virus?
Virus-L and comp.virus are discussion forums which focus on computer
virus issues. More specifically, Virus-L is an electronic mailing list
and comp.virus is a USENET newsgroup. Both groups are moderated; all
submissions are sent to the moderator who decides if a submission should
be distributed to the groups. For more information, including a copy of
the posting guidelines, see the file virus-l.README, available by
anonymous FTP on corsa.ucr.edu in the pub/virus-l directory.
A2) What is the difference between Virus-L and comp.virus?
Virus-L is a mailing list while comp.virus is a newsgroup. Virus-L is
distributed in "digest" format (with multiple e-mail postings in one
large digest) and comp.virus is distributed as individual news postings.
However, the content of the two groups is identical.
A3) How do I get onto or off Virus-L/comp.virus?
To subscribe to Virus-L, send e-mail to LISTSERV@LEHIGH.EDU saying "SUB
VIRUS-L your-name". For example:
SUB VIRUS-L Jane Doe
To be removed from the Virus-L mailing list, send a message to
LISTSERV@LEHIGH.EDU saying "SIGNOFF VIRUS-L".
To "subscribe" to comp.virus, simply use your favorite USENET news
reader to read the group.
A4) What are the guidelines for Virus-L?
The posting guidelines are available by anonymous FTP on corsa.ucr.edu.
Retrieve the file pub/virus-l/virus-l.README for the most recent copy.
In general, however, the moderator requires discussions to be polite and
non-commercial. Objective postings of product availability, product
reviews, etc, are fine, but commercial advertisements are not. Requests
for virus samples (binary or disassembly) are forbidden. Technical
discussions are strongly encouraged, however, within reason.
A5) How can I get back-issues of Virus-L?
Back-issues of Virus-L/comp.virus date back to the group's inception, on
21 April, 1988. The anonymous FTP archive at cs.ucr.edu carries all of
the Virus-L back issues. Retrieve the file pub/virus-l/README for more
information on the Virus-L/comp.virus archives.
A6) What are the known viruses, their names, major symptoms and
possible cures?
The reader should be aware that there is no universally accepted naming
convention for viruses, nor is there any standard means of testing. As
a consequence nearly *all* virus information is highly subjective and
open to interpretation and dispute.
There are several major sources of information on specific viruses.
Probably the largest one is Patricia Hoffman's hypertext VSUM. While
VSUM is quite complete it only covers PC viruses and it is regarded by
many in the antivirus field as being inaccurate, so we advise you not to
rely solely on it. It can be downloaded from most major archive sites.
A more precise source of information is the Computer Virus Catalog,
published by the Virus Test Center in Hamburg. It contains highly
technical descriptions of computer viruses for several platforms: DOS,
Mac, Amiga, Atari ST and Unix. Unfortunately, the DOS section is quite
incomplete. The CVC is available by anonymous FTP from
ftp.informatik.uni-hamburg.de (IP = 134.100.4.42), directory
pub/virus/texts/catalog. (A copy of the CVC is also available by
anonymous FTP on corsa.ucr.edu in the directory pub/virus-l/docs/vtc.)
Another small collection of good technical descriptions of PC viruses,
called CARObase is also available from ftp.informatik.uni-hamburg.de, in
the directory /pub/virus/texts/carobase.
A fourth source of information is the monthly Virus Bulletin, published
in the UK. Among other things, it gives detailed technical information
on viruses (see A8); a one year subscription, however, costs $395. US
subscriptions can be ordered by calling (203) 431 8720 (GMT-5/-4) or
writing to 590 Danbury Road, Ridgefield, CT 06877; for European
subscriptions, the number is +44 1235 555139 (GMT+0/-1) and the address
is: 21 The Quadrant, Abingdon, OXON, OX14 3YS, ENGLAND. General
enquiries can be sent to virusbtn@vax.ox.ac.uk.
Another source of information is the book "Virus Encyclopedia" which is
part of the printed documentation of Dr. Solomon's AntiVirus ToolKit (a
commercial DOS antivirus program). It is more complete than the CVC
list and just as accurate; however it lists only DOS viruses. This book
may be available separately
The on-line help system of the shareware antivirus product Anti-Virus
Pro contains a large and relatively exact collection of virus
descriptions and even includes demonstrations of several of the audio
and visual effects produced by some viruses. However the text can be
difficult to read because English is not the author's native tongue.
The WWW site www.datafellows.fi has an on-line, cross-referenced
database containing descriptions of about 1500 PC viruses, with an
emphasis on viruses "in the wild". Another network-accessible source of
information pertaining to viruses is provided by IBM AntiVirus, at
http://www.brs.ibm.com/ibmav.html or via gopher at the site
index.almaden.ibm.com (choose "IBM Computer Virus Information Center"
from the main menu).
An excellent source of information regarding Apple Macintosh viruses is
the on-line documentation in the freeware Disinfectant program by John
Norstad of Northwestern University. This is available at most Mac
archive sites.
A7) Where can I get free or shareware antivirus programs?
The Virus-L/comp.virus archive sites carry publicly distributable
antivirus software products. Up-to-date listings of these antivirus
archive sites are posted monthly to Virus-L/comp.virus (see A5 for
details).
Many freeware/shareware DOS antivirus programs are available from the
SimTel Software Repository. This collection of software is available
via anonymous FTP from ftp.coast.net (IP = 141.210.10.117), with
antivirus software in the directory /SimTel/msdos/virus. Note that the
SimTel archive is "mirrored" at many anonymous FTP sites, including
wuarchive.wustl.edu (IP = 128.252.135.4, /systems/ibmpc/simtel/virus),
and nic.funet.fi (IP = 128.214.248.6, /pub/msdos/SimTel/virus). Most of
this software can also be obtained via e-mail in uuencoded form from
various TRICKLE sites, especially in Europe.
Likewise, Macintosh antivirus programs can be found in /pub/tools/mac at
coast.cs.purdue.edu.
A list of many antivirus programs, including commercial products and one
person's rating of them, can be obtained by anonymous ftp from
corsa.ucr.edu (IP = 138.23.166.33) in pub/virus-l/docs/reviews in the
file slade.quickref.rvw. This directory also contains detailed product
reviews of many products.
A8) Where can I get more information on viruses, etc?
Five very good books on computer viruses that cover most of the
introductory and technical questions you might have are:
"Computers Under Attack: Intruders, Worms and Viruses" edited by
Peter J. Denning, ACM Press/Addison-Wesley, 1990. This is a
book of collected readings that discuss computer viruses,
computer worms, break-ins, and social aspects, and many other
items related to computer security and malicious software. A
very solid, readable collection that doesn't require a highly-
technical background. Price: $20.50.
"Rogue Programs: Viruses, Worms and Trojan Horses" edited by Lance
J. Hoffman, Van Nostrand Reinhold, 1990. This is a book of
collected readings describing in detail how viruses work,
where they come from, what they do, etc. It also has
material on worms, Trojan Horse programs, and other malicious
software programs. This book focuses more on mechanism and
relatively less on social aspects than does the Denning book;
however, there is an excellent piece by Anne Branscomb that
covers legal aspects. Price: $32.95.
"A Pathology of Computer Viruses" by David Ferbrache, Springer-
Verlag, 1992. This is an in-depth book on the history,
operation, and effects of computer viruses. It is one of the
most complete books on the subject, with an extensive history
section, a section on Macintosh viruses, network worms, and
Unix viruses. Price $49.00.
"A Short Course on Computer Viruses", 2nd edition, by Dr. Fred B.
Cohen, Wiley, 1994. This book is by a well-known pioneer in
virus research, who has also written dozens of technical
papers on the subject. Price: $35.00 ($45.00 with
accompanying diskette).
"Robert Slade's Guide to Computer Viruses", by Robert Slade,
Springer-Verlag, 1994. This book is a comprehensive
introduction to computer viruses, written in a clear and easy
style for non-experts. Price $29.00.
A somewhat dated, but still useful, high-level description of viruses,
suitable for a complete novice with little computer background is
"Computer Viruses: Dealing with Electronic Vandalism and Programmed
Threats" by Eugene H. Spafford, Kathleen A. Heaphy, and David J.
Ferbrache, ITAA (Arlington, VA), 1989. ITAA (Information Technology
Association of America) is a computer industry service organization and
not a publisher. While many people have indicated they find this a very
understandable reference it is now out of print, but portions of it have
been reprinted in many other places, including Denning and Hoffman's
books (above).
It is also worth consulting various publications such as _Computers &
Security_ and _SECURE Computing_ (both of which, while not limited to
viruses, contain many relevant papers) and the _Virus Bulletin_
(published in the UK, it contains many technical articles).
A9) Why is so much of the discussion in Virus-L/comp.virus about PCs
and DOS? Is this forum only for the PC world?
No--neither the problem nor this discussion relate only to PCs. Viral
programs are a property of general-purpose computers, and therefore are,
and will be, a problem for any computer system. We *are* aware of the
lopsided coverage and welcome the submission of material relevant to
other systems.
There are several reasons for the apparent imbalance. One very general
reason is that users of DOS heavily outnumber the users of other
operating systems. The discussion in Virus-L/comp.virus therefore tends
to have a preponderance of questions and chat about DOS specific
infections and problems. We welcome questions, comments and reports
from users of other operating systems and platforms. If you use a
computer of another type, please do contribute to the discussion. Just
because the majority are talking about DOS does *not* mean that your
contribution is not welcome. It may be important precisely because you
have a different perspective.
Therefore, let us assure you there is no deliberate attempt being made
to exclude Amiga, Atari, Macintosh, OS/2, UNIX, VMS, Windows (NT, '95 or
any other flavor) or any other platform or operating system from the
discussion or the FAQ sheet. If you feel that there *is* too much PC
bias, please don't complain about it--tell us something about the virus
situation on *your* system.
====================================================
= Section B. Definitions and General Information =
====================================================
B1) What are computer viruses (and why should I worry about them)?
Fred Cohen "wrote the book" on computer viruses, through his Ph.D.
research, dissertation and various related scholarly publications. He
developed a theoretical, mathematical model of computer virus behaviour,
and used this to test various hypotheses about virus spread. Cohen's
formal definition (model) of a virus does not easily translate into
"human language", but his own, well-known, informal definition is "a
computer virus is a computer program that can infect other computer
programs by modifying them in such a way as to include a (possibly
evolved) copy of itself". Note that a program does not have to perform
outright damage (such as deleting or corrupting files) in order to be
classified as a "virus" by this definition.
The problem with Cohen's human language definition is that it doesn't
capture many of the subtleties of his mathematical model--as indeed, few
informal definitions do--and questions arise that can only be answered
by checking his formal model. Using his formal definitions, Cohen
classifies some things as viruses that most readers of Virus-L/
comp.virus (and many experts) would not consider viruses. For example,
given certain circumstances on an IBM PC running DOS, the DISKCOPY
program is classified as a virus by Cohen's formalisms.
This has led to some tension between what Cohen considers a "virus" and
what is usually discussed on Virus-L. Several other definitions of
"virus" have been proposed, but it is probably fair to say that most of
us are concerned about things that are viruses by the following
definition:
A computer virus is a self-replicating program containing code that
explicitly copies itself and that can "infect" other programs by
modifying them or their environment such that a call to an infected
program implies a call to a possibly evolved copy of the virus.
Probably the major distinction between Cohen's definition and "viruses"
as we tend to use the word is that we see them as deliberately designed
to replicate (although there is some debate over this too). Cohen's
definition does *not* require this (and this would be difficult to build
into his formal model).
Note that many people use the term "virus" loosely to cover any sort of
program that tries to hide its possibly malicious function and\or tries
to spread onto as many computers as possible, though some of these
programs may more correctly be called "worms" (see B2) or "Trojan
Horses" (see B3). Also be aware that what constitutes a "program" for a
virus to infect may include a lot more than is at first obvious--don't
assume too much about what a virus can or can't do!
These software "pranks" are very serious; they are spreading faster than
they are being stopped, and even the least harmful of viruses could be
life-threatening. For example, in the context of a hospital life-
support system, a virus that "simply" stops a computer and displays a
message until a key is pressed, could be fatal. Further, those who
create viruses can not halt their spread, even if they wanted to. It
requires a concerted effort from computer users to be "virus-aware",
rather than continuing the ambivalence that has allowed computer viruses
to become such a problem.
Computer viruses are actually a special case of something known as
"malicious logic" or "malware", and other forms of malicious logic are
also discussed in Virus-L/comp.virus. It can be important to understand
the distinctions between viruses and these other forms of malware.
B2) What is a Worm?
A computer WORM is a self-contained program (or set of programs), that
is able to spread functional copies of itself or its segments to other
computer systems (usually via network connections).
Note that unlike viruses, worms do not need to attach themselves to a
host program. There are two types of worms--host computer worms and
network worms.
Host computer worms are entirely contained in the computer they run on
and use network connections only to copy themselves to other computers.
Host computer worms where the original terminates itself after launching
a copy on another host (so there is only one copy of the worm running
somewhere on the network at any given moment), are sometimes called
"rabbits."
Network worms consist of multiple parts (called "segments"), each
running on different machines (and possibly performing different
actions) and using the network for several communication purposes.
Propagating a segment from one machine to another is only one of those
purposes. Network worms that have one main segment which coordinates
the work of the other segments are sometimes called "octopuses."
The infamous Internet Worm (perhaps covered best in "The Internet Worm
Program: An Analysis," Eugene H. Spafford, Purdue Technical Report CSD-
TR-823) was a host computer worm, while the Xerox PARC worms were
network worms (a good starting point for these is "The Worm Programs--
Early Experience with a Distributed Computation," Communications of the
ACM, 25, no.3, March 1982, pp. 172-180).
B3) What is a Trojan Horse?
A TROJAN HORSE is a program that does something undocumented that the
programmer intended, but that some users would not approve of if they
knew about it. According to some people, a virus is a particular case
of a Trojan Horse, namely one which is able to spread to other programs
(i.e., it turns them into Trojans too). According to others, a virus
that does not do any deliberate damage (other than merely replicating)
Section 1 of 6 - Prev - Next
All sections - 1 - 2 - 3 - 4 - 5 - 6
| Back to category computer-virus - Use Smart Search |
| Home - Smart Search - About the project - Feedback |
© allanswers.org | Terms of use