On Tue, 2 Sep 2003 18:04:28 +0000 (UTC), John Carroll
Post by John CarrollApologies to all you learned folk out there for this very simplistic
question - what is the differnce between a virus and a worm [besides
you can't fish with a virus :-)].
Maybe too late for your kid's homework assignment, but this
interesting bit comes from documentation in the F-Prot virus package.
Oddly, it does not reference the term "worm", which I would informally
describe as "a virus that enters your system without requiring any
action on your part". Apart from turning the computer on, of course.
=======================
Well, the best definition we have been able to come up with is the
following:
#1 A virus is a program that is able to replicate, that is create
(possibly modified) copies of itself.
#2 The replication is intentional, not just a side-effect.
#3 At least some of replicants in turn are also viruses by the same
definition.
#4 A virus has to attach itself to a "host", in the sense that
execution of the host implies execution of the virus.
#1 distinguishes viruses from non-replicating malware, such as ANSI
bombs.
#2 distinguishes between viruses and programs such as DISKCOPY.COM
that can replicate.
#3 is needed to exclude certain "intended viruses", that attempt to
replicate, but fail - they simply do not qualify as "real" viruses.
#4 is necessary to distinguish between viruses and worms, which do not
require a host.
A Trojan is a program that pretends to do something useful (or at
least
interesting), but when it is run, it may have some harmful effect,
like
scrambling your FAT (File Allocation Table), formatting the hard disk
or
releasing a virus.
Viruses and Trojans may contain a "time-bomb", intended to destroy
programs or data on a specific date or when some condition has been
fulfilled.
A time bomb is often designed to be harmful, maybe doing something
like
formatting the hard disk. Sometimes it is relatively harmless,
perhaps
slowing the computer down every Friday or making a ball bounce around
the
screen. However, there is really no such thing as a harmless virus.
Even if
a virus has been intended to cause no damage, it may do so in certain
cases,
often due to the incompetence of the virus writer or unexpected
hardware
or software revisions.
<snip>
The major groups of viruses on PCs are boot sector viruses (BSV),
program
viruses and application viruses.
A BSV infects boot sectors on diskettes and/or hard disks. On
diskettes,
the boot sector normally contains code to load the operating system
files.
The BSV replaces the original boot sector with itself and stores the
original boot sector somewhere else on the diskette or simply replaces
it
totally. When a computer is then later booted from this diskette, the
virus takes control and hides in RAM. It will then load and execute
the
original boot sector, and from then on everything will be as usual.
Except, of course, that every diskette inserted in the computer will
be
infected with the virus, unless it is write-protected.
A BSV will usually hide at the top of memory, reducing the amount of
memory that the DOS sees. For example, a computer with 640K might
appear
to have only 639K.
Most BSVs are also able to infect hard disks, where the process is
similar
to that described above, although they usually infect the master boot
record instead of the DOS boot record.
Program viruses, the second type of computer viruses, infect
executable
programs, usually .COM and .EXE files, but they sometimes also infect
overlay files, device drivers or even object files.
<snip>
The third type of viruses are application viruses, which do not infect
normal programs, but instead spread as "macros" in various types of
files,
typically word-processor documents or spreadsheets. This type of
viruses
can easily spread through E-mail, when users unknowingly exchange
infected
documents.
In general, viruses are just program - rather unusual programs
perhaps,
but written just like any other program. It does not take a genius to
write one - many ten year old kids can easily create viruses.
============================
--Jim
-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----== Over 100,000 Newsgroups - 19 Different Servers! =-----