June 17, 2001

In this discussion I would like to explain the difference between the three different types of infection it is possible to get in your computer. There are differences between viruses, Trojan horses, and worms, both in what they do to your computer and in how they spread, but the thing all three have in common is you don't want them on your system.   You want to be protected against them, and you want to be able to eliminate them if they try to infect your system.

At the time this discussion was written, there are almost 50,000 different infections which the antivirus programs attempt to locate.  A virus commonly inserts itself into other program files, in the same manner that a virus in nature takes over the apparatus of normal cells.  When the infected program runs, the virus code gets a chance to inspect its environment and look for and infect new carriers in the form of other program files.  If a user transmits an infected file to another user, or if infected storage media such as floppy disks, ZIP disks, etc. move from one machine to another, the virus may spread rapidly. 

Until a few years ago, data files, such as word processor documents, and spreadsheet files were not a problem as far as virus infections were concerned.  When macro capabilities in software suites like Microsoft's Office were added to give greater flexibility in automating the programs, this allowed the hackers to attach viruses to these files and also use the files to spread the viruses throughout the other data files and also to other computers when people share the data files. 

Protection against a viral attack depends on recognizing attempts to alter existing program files, or detecting such changes by comparison to a trusted database.  Document-based virus attacks can be blocked by disabling active-content facilities, such as Word macros or live HTML-page messages that bear potentially malicious ActiveX controls. 

The most elementary form of malicious code is the Trojan horse.  This kind of program appears to do something useful, or at least entertaining, such as putting up an attractive screen saver.  Like its legendary namesake, however, a Trojan horse program conceals a destructive purpose: While running, such a program may destroy files or create a "back door" entry point that enables an intruder to access your system.  A Trojan horse program does not propagate itself from one computer to another. 

Self-replication is the hallmark of the other two major families of malicious code, the worm and the virus.  A worm, as defined by some authorities, is a self-replicating program that does not alter files but resides in active memory and duplicates itself by means of computer networks.  Worms use facilities of an operating system that are meant to be automatic and invisible to the user.  It is common for worms to be noticed only when their uncontrolled replication consumes system resources, slowing or halting other tasks.  A new class of worm, such as Worm.ExploreZip, resides in your system's memory and self-replicates, but also contains a malicious payload.  Protection against a worm is like protection against other network faults, depending on intelligent recognition of suspicious patterns of events before a problem can interfere with essential functions. 

The end result of viruses, Trojan horses, and worms can range from minor annoyances to a computer system which is rendered useless.  I can not over stress the importance of antivirus programs and backing up your data.  Once you get bit you will have learned the lesson too late.

If you have any questions or comments, click