Now blogging at diego's weblog. See you over there!

redefining the term "computer virus"


In a comment to my previous entry on linux/unix viruses, Jim said:

Well that's what you get for mixing up your terminology. It used to be that "computer virus" referred to something that spread due to user action (as opposed to "worm" which does not require human intervention). Now it's just a catch-all for anything nasty that happens to a computer.

A virus, in the classic sense, cannot affect unix-like systems very well, since it's extremely rare for executables to be writable by normal users or transmitted between machines.

Worms, on the other hand, are typically spread through network services, and are not bound by normal restrictions or usual use patterns of users.

Yes, it's possible to create ELF viruses. No, it's not a problem in practice. It's valid to say that unix-like systems are resistant to viruses in the extreme, whilst acknowledging that they are still susceptible to worms. Anybody who conflates the two issues, as the author of this article did, needs to learn a thing or two.

I realized that I should clarify when I wrote the post; that is, that I think that what we call "computer virus" has evolved--then I simply forgot. Well, now it deserves its own entry. :)

Jim is technically correct as far as current terminology is concerned, but in practice I disagree: the differences we used to give to "worms", "trojans", and "viruses" no longer apply. They're all viruses. Let me explain.

I was thinking of "viruses" as the word is used in biology. Quite simply, any organism that can self-replicate, but that requires a host (host in the biological sense) to survive (as well some "function" of the host to self-replicate). The fact that we called viruses those that self-replicated through (say) EXE infection and that we call worms those that self-replicate through, say, an Apache bug, is simply a historical quirk. Mostly, in general terms, we were making the distinction between infection that required humans (ie., X sending Y an infected file, Y executing the file and thus infecting the system) from infection that didn't (like most internet worms these days, e.g., SQL Slammer). Probably one problem is that we tend to associate virus with sickness (and worms have been so far bothersome but not overly destructive), but not all viruses create problems, and in fact it's been speculated that they are an important element in allowing information flow within the gene pool of a species, and even cross-species. (Not that computer viruses are useful for this too, but wouldn't that be nice... :))

In reality, if we are going to borrow the term virus from biology, it's the worms that should be called viruses, since they can self-replicate across hosts, and in any case most if not all viruses these days have "worm" qualities mixed in. A good example are outlook viruses: they can transfer autonomously, but require human activation (running the executable file).

Probably the article's author should have made this clarification, but I think that it's about time we put the all these different categories together.

So, in my opinion: worms, viruses, trojans... They're all computer viruses, if we understand viruses as akin to their biological cousins. Some are more effective than others at self-replicating and transfer across hosts. But they all belong to the same "family" of "organisms". :)

Categories: technology
Posted by diego on July 9 2003 at 11:46 AM

Copyright © Diego Doval 2002-2011.
Powered by
Movable Type 4.37