zweig@p.cs.uiuc.edu (11/22/88)
There have been a number of not-always-consistent schemes for talking about nasty things on both the InterNet and on PC's and Mac's and stuff floating around the net and the news media these past few weeks. Perhaps the TCP-IP group can come up with a definitive nomenclature. Here is an off the cuff reading of what I can remember/surmise from what's been floating around: VIRUS -- a program which replicates itself and causes damage; so-called because of similatrites to viruses which make people/animals sick. WORM -- a program which copies itself to other systems over a network. Sometimes it seems to be taken for granted that worms are nasty, others it seems necessary to add modifiers to that effect. TROJAN HORSE -- a program which sits on a system until someone runs it; then it attacks the system using the priviledges of whoever activated it. Since this term is taken from Greek mythology, a TH is always nasty (the image is something that you let into your address-space/file system and something leaps out of it and kills you). MOLE -- a program which sneaks into systems via a method not normally known/allowed. I think -- there seem to be other conflicting usages out there. LOGIC BOMB -- a program/process which causes havoc ("explodes") when a certain logical criterion is met -- usually when a certain time has elapsed. I have heard these called "sleepers" since a LB sleeps until it is supposed to go off. HACKER -- a person who maliciously breaks into systems. I hate this term, since I call myself a hacker pretty often. CRACKER is a better term, much more widely used in Europe I am told ("crackers are" in British slang). Hacker originally referred to someone who could look at 10,000+ lines of assembly code and figure out the 6 bytes that needed to be changed (a "hack" at the giant block of code) to fix the thing. It is supposed to be a term of some reverence indicating someone who both fervently and successfully pursues a given discipline. Thus terms like "UNIX hacker", "AI hacker", "Network hacker" and "cracker hacker." HOLE -- an aspect of a program which allows unauthorized/unexpected use. (Other, of course, than mere existence which has also been cited as a widely-exploited security loophole in much software.) Not all of these terms are mutually exclusive: the Morris worm can be viewed as a virus as well as a mole, given the above definitions. I'd appreciate postings/e-mail of other terms/usages people have seen and/or are using. Maybe we could get UPI to broadcast a list so the news media will start calling a spade a spade, a hacker a hacker, a worm a worm and so forth.... Johnny Zweig University of Illinois at Urbana-Champaign Department of Computer Science --------------------------------Disclaimer:------------------------------------ Rule 1: Don't believe everything you read. Rule 2: Don't believe anything you read. Rule 3: There is no Rule 3. -------------------------------------------------------------------------------
david@ms.uky.edu (David Herron -- One of the vertebrae) (11/24/88)
In article <93400013@p.cs.uiuc.edu> zweig@p.cs.uiuc.edu writes: There was an etymology of software (something like that -- that is, a list much like this one) published in the immediately previous issue of Whole Earth Review. That list might or might not be complete but would definitely lead you to other sources.. One of my professors has some minor points on a couple of these definitions. I'll do my best to repeat them to you guys. >VIRUS -- a program which replicates itself and causes damage; so-called > because of similatrites to viruses which make people/animals sick. One feature of a virus is that it cannot live on it's own, that is it must be part of another creature to live. The same should be true of computer viruses, and is true of many of them. The Amiga boot block virus is an example. >WORM -- a program which copies itself to other systems over a network. > Sometimes it seems to be taken for granted that worms are nasty, others > it seems necessary to add modifiers to that effect. One feature of a worm is that it has many segments, and so should a software worm. That is, it should have a lot of segments, one in each host machine that it's inhabiting, etc. That paper from a long time ago about the experiments at Xerox give good examples of what I mean. >TROJAN HORSE -- a program which sits on a system until someone runs it; > then it attacks the system using the priviledges of whoever activated > it. Since this term is taken from Greek mythology, a TH is always nasty > (the image is something that you let into your address-space/file system > and something leaps out of it and kills you). I think a better way to put this is that it looks perfectly normal from the outside. But once accepted it then makes its attack. It wouldn't necessarily have to be *on* the system to begin with but could possibly be brought in from outside somehow (remember, the historical trojan horse was brought in from outside too) before being run. -- <-- David Herron; an MMDF guy <david@ms.uky.edu> <-- ska: David le casse\*' {rutgers,uunet}!ukma!david, david@UKMA.BITNET <-- <-- Controlled anarchy -- the essence of the net.
jat@hpsemc.HP.COM (Joe Talmadge) (11/24/88)
Here are my definitions: >VIRUS -- a program which replicates itself and causes damage; so-called > because of similatrites to viruses which make people/animals sick. A program which attaches itself to a "host" program. When the host program is executed, the virus does its dirty deeds, typically consisting of a) attaching itself to other hosts, and b) doing some kind of diddling in the system. A virus cannot execute itself, but is only executed when the host is executed. >WORM -- a program which copies itself to other systems over a network. > Sometimes it seems to be taken for granted that worms are nasty, others > it seems necessary to add modifiers to that effect. A program which "worms" its way through a system or a network, and does some dirty deeds. A worm is a running process, or at least has a way of running itself. >TROJAN HORSE -- a program which sits on a system until someone runs it; > then it attacks the system using the priviledges of whoever activated > it. Since this term is taken from Greek mythology, a TH is always nasty > (the image is something that you let into your address-space/file system > and something leaps out of it and kills you). A program which makes believe it is something else, then does its dirty deeds when an unsuspecting user executes a supposedly benign program. >HACKER -- a person who maliciously breaks into systems. I hate this term, > since I call myself a hacker pretty often. CRACKER is a better term, > much more widely used in Europe I am told ("crackers are" in British > slang). Hacker originally referred to someone who could look at > 10,000+ lines of assembly code and figure out the 6 bytes that needed > to be changed (a "hack" at the giant block of code) to fix the thing. > It is supposed to be a term of some reverence indicating someone who > both fervently and successfully pursues a given discipline. Thus terms > like "UNIX hacker", "AI hacker", "Network hacker" and "cracker hacker." I still use "hacker" to mean someone who is very good at computer programming, and enjoys doing it. I call people who maliciously break into other people's systems "pricks", a term I would like to introduce into the language. Joe Talmadge Trust me. I know what I'm doing. hplabs!hpda!hpsemc!jat jat%hpsemc@hplabs.HP.COM