> David> <pedant> Actually, none of these are defining characteristics
> David> of a virus. All a virus has to do to -be- a virus is
> David> replicate. </pedant>
>
> Uh, not quite.
This discussion seems to be getting somewhat metaphysical and
off-topic. Perhaps follow-ups would be more appropriate via
e-mail.
>
> A "virus" is so named because of its resemblance to its biological
> namesake: it attaches itself to something that's already there.
I have to quibble with this, at least in the absence of a definition
of 'attach', since it appears to exclude some boot sector viruses
(notably those which don't preserve a copy of the original boot sector).
and viruses which -replace- an existing file rather than append, prepend,
or overwrite -part- of the target file.
An adequate definition of attach would also have to cover spawning
viruses, and viruses which modify the FAT rather than the target file.
> A worm also replicates itself, but it does not attach itself to
> something that's already there: it is, itself, a standalone program.
>
That's a different debate. I'd probably accept your definition,
personally, but the argument is not as cut and dried as you imply.
Fred Cohen, for instance, has stated that a worm is a special case
of a virus. ["A short course in computer viruses" - Wiley]
Either way, I don't see its relevance to the original
posting or my follow-up. I didn't state that replication was
a defining characteristic -only- of viruses.
> The mainstream media has completely blurred the distinction between
> the two. Let's not allow "their" confusion to cause misunderstandings
> among "us," eh?
>
I didn't think anyone had mentioned worms up to now. My point was
actually that the original post implied that the secondary
characteristics of -some- viruses, e.g. covert operation, were
primary characteristics, without mentioning replication at all.
I think you'd find it difficult to find a competent virus
specialist who was prepared to risk a definition of the term
virus which didn't incorporate the concept of replication.
I resent your implying that I derived my assertion from the
mainstream media. What knowledge and opinions I may have
are derived from much more rigorous sources. B-)
I enclose the following extract from the alt.comp.virus not
as support for my own stance (that would be inappropriate,
since I wrote it, apart from the quotation from Fridrik Skulason),
but because if you're going to attack my stance, you might as
well know what it is. I haven't cut it, since part of it relates
to the original post as well as the squelch to which I'm replying.
----------------------include-------------------------
(3) What is a virus (and what are Trojans and Worms)?
=====================================================
A (computer) virus is a program (a block of executable code) which
attaches itself to, overwrites or otherwise replaces another program
in order to reproduce itself without the knowledge of the PC user.
Most viruses are comparatively harmless, and may be present for
years with no noticeable effect: some, however, may cause random
damage to data files (sometimes insidiously, over a long period)
or attempt to destroy files and disks. Others cause unintended
damage. Even benign viruses (apparently non-destructive viruses)
cause significant damage by occupying disk space and/or main
memory, by using up CPU processing time, and by the time and expense
wasted in detecting and removing them.
A Trojan Horse is a program intended to perform some covert
and usually malicious act which the victim did not expect or want.
It differs from a destructive virus in that it doesn't reproduce,
(though this distinction is by no means universally accepted).
A dropper is a program which installs a virus or Trojan, often
covertly.
A worm is a program which spreads (usually) over network
connections. Unlike a virus, it does not attach itself to a
host program. In practice, worms are not normally associated
with personal computer systems. There is an excellent
and considerably longer definition in the Mk. 2 version of the
Virus-L FAQ.
(The following is a slightly academic diversion)
A lot of bandwidth is spent on precise definitions of some of
the terms above. I have Fridrik Skulason's permission to include
the following definition of a virus, which I like because it
demonstrates most of the relevant issues.
" #1 A virus is a program that is able to replicate - that is, create
(possibly modified) copies of itself.
#2 The replication is intentional, not just a side-effect.
#3 At least some of the replicants are also viruses, by this
definition.
#4 A virus has to attach itself to a host, in the sense that execution
of the host implies execution of the virus.
--
#1 is the main definition, which distinguishes between viruses and Trojans
and other non-replicating malware.
#2 is necessary to exclude for example a disk-copying program copying a
disk, which contains a copy of itself.
#3 is necessary to exclude "intended" not-quite-viruses.
#4 is necessary to exclude "worms", but at the same time it has to be broad
enough to include companion viruses and .DOC viruses. "
---------------------------outclude-------------------------------------
--
David Harley \ | / alt.comp.virus FAQ
D .
Harley @
icrf .
icnet .
uk \ | / & Anti-Virus Web Page
Support & Security Analyst \ | / Folk London On-Line gig-list
Imperial Cancer Research Fund ____\|/____ http://webworlds.co.uk/dharley/
References:
|
|
