[Dshield] Economic statistics

John Hardin johnh at aproposretail.com
Wed Oct 1 16:54:46 GMT 2003

On Tue, 2003-09-30 at 12:23, Andrew.Patrick at kemperservices.com wrote:
> >the difference between a virus and a worm lies
> >with the mode of replication, does it not? I once
> >had this down pat, but lack of discussion has
> >made my memory foggy.
> Actually, I believe that, technically, worms are a subset of viruses (i.e.
> all worms are also viruses, but not all viruses are worms).

Huh? Since when do worms spread by infecting other programs?

> The defining characteristic of a worm, as opposed to other types of
> viruses, is that a worm does not require any human action to
> spread....

Really? Lots of viruses spread without human interaction.

How about this:

A virus is program code that spreads by attaching itself to other,
legitimate program or document files. It must have write access to files
in order to spread. If those programs or documents are transmitted to
other computers, or are on shared storage, it will be able to spread to
other computers when the infected file is accessed. This may or may not
require user action depending on the nature of the infected file
(consider, for example, an infected file that is called from your
network-wide user login script).

A worm is program code that spreads by directly attacking remote
systems, either through a flaw in a network service that allows the worm
to inject its code into the new system, or through a flaw in some user
tool that a user uses to process the file when it's received. This
divides worms into two categories: autonomous, which directly attack
publicly visible system services without human intervention, and ... uh
... (somebody suggest a better name than non-autonomous) that require
the user to interact (if only to the extent of starting Outlook to
retrieve messages). 

Perhaps: viruses attack files, worms attack services?

John Hardin  KA7OHZ                           
Internal Systems Administrator                    voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
  There is no problem that cannot be solved by the appropriate
  application of high explosives.
 35 days until Matrix Revolutions

More information about the list mailing list