Classroom 101

Discussion in 'malware problems & news' started by trjam, Jun 23, 2009.

Thread Status:
Not open for further replies.
  1. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Forgive my stupidity, but I really dont know and would like to.

    Just what is the difference in a virus, trojan, worm, rootkit. and spyware.
     
  2. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
  3. Einsturzende

    Einsturzende Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    390
    Location:
    neubauten
    OMG, what are you doing at this forum? you should ask such question around Aug 2006...4,815 posts earlier...
    unforgivable :isay: :thumbd:
     
    Last edited: Jun 23, 2009
  4. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    i understand trajam cause malware also get updated they(cyber crimanals)they also have databases for malware every often so they are plenty of different type of malware for example a spyware can be clasify as keyloggers too cause they spy(main purpose)trojan horses(keyloggers and rootkits)most dangerous,viruses are diferent:)some thing like that viruses spread fast,then you have adware very diferent:) rouges etc etc they change from time to time,for example what the heck is a bot i dont know but for it sounds like a worm which i dint know like 5 years ago for instant;)
     
  5. kwismer

    kwismer Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    240
  6. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    Since you're currently using the KL logo as your avatar, here's some info provided by them:

    Viruses: http://www.viruslist.com/en/virusesdescribed?chapter=152540474
    Trojans: http://www.viruslist.com/en/virusesdescribed?chapter=152540521
    Worms: http://www.viruslist.com/en/virusesdescribed?chapter=152540408
    Rootkits: http://www.viruslist.com/en/virusesdescribed?chapter=152540521#rootkit
    Spyware: http://www.viruslist.com/en/viruses/glossary?glossid=189275468

    I'd like to add the Viruslist Glossary is a useful starting point for many other terms in use.
     
  7. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Do you think that it is important that the average user in the general population understand the technical differences in these terms?

    rich
     
    Last edited: Jun 24, 2009
  8. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Actually, it is useless to know that there viruses, spyware, trojan horses, worms, etc.

    There's only one thing to know - there is malware, and users must know they need to protect themselves, how to do it, and be careful with what they do. That's all.

    I don't really think that more than 96% users knowing all the different terms will help them out.

    Do I know all illnesses that exist that could harm me? No.
     
  9. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Agreed. :thumb:
     
  10. kwismer

    kwismer Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    240
    actually i vehemently disagree with this. if you have malware, it's important to know what that malware does in order to know all the steps you need to take to recover (because some malware does more than just affect the host machine). knowing what the various terms mean gives you a great deal of that information.

    you're looking at it from the perspective of prevention, but prevention inevitably fails and once you have a problem, the more information you have the better off you are. there are decisions that need to be made when trying to solve a problem and informed decisions are better than uninformed ones, but informed decisions require information/knowledge.
     
  11. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I agree with you... It is important to know what XYZ piece of malware is. Now, the question by Rmus was
    The general population, won't be removing malware, and simply because they don't know what will screw with what...

    So, the general population needs to know one thing: There is malware, which is malicious software, including also rogue software.

    Based on this, they need to bet on prevention. Prevent something to be installed without them knowing. If they decide to install something, know more about that piece of software, and not install something, blindly, after just making a search on Google, etc for an application they are needing to do something.

    I agree... But, if you feel you're ill, you won't be treating yourself, will you? No, you'll be going to the family doctor or hospital.

    So, I don't need to know what exactly the flu virus does to my body... I need to react as soon as I feel ill, and go to the doctor.
     
  12. kwismer

    kwismer Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    240
    i suppose this is the root of our disagreement. i feel they should be removing their own malware, that they should be protecting themselves rather than relying on a product to do the job for them and hoping for the best (because hope is not a strategy).

    to that end i feel it's important to elevate the common user, to raise them out of the muck of their own ignorance and not settle for the status quo.

    <snip>
    umm, actually, i only do that when it's something i've never faced before or something i don't resources to deal with myself (ie. when prescription medication is absolutely required).

    react quickly? yes. go to the doctor? you perhaps, but not me. at least not unless my own attempts to knock it out fail.
     
  13. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Right... Tell to the more than 96% users (it can't be far from that %) that work hard, some have 2 jobs, get kids at school, help them with school work, etc., to lose time having to deal with what each individual piece of malware is, etc., how the operating system really works...

    You're out of reality. One thing is what would be best, and there I agree with you. One other thing is reality. Reality is that, unless part of their job, they won't get into it. Lack of interest (smaller %)... Lack of time (bigger %).

    Of course it is. But, to expect them to know all what happens within the system, etc., is just not reality.
    <snip>

    I see... You know... some people start sneezing... they believe is just a small flu... It happens some people die, because all it happened is that they started sneezing and believe was a simple flu.

    So, if your very own attempts to treat cancer, hepatis, etc fail... then... only then you'll go to see a doctor? (OK)
     
  14. Eice

    Eice Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    1,413
    Do you never go to the mechanic, but do all your car maintenance and repairs by yourself? Do you never call for the plumber to deal with plumbing problems? Do you never go to the doctor when you're ill, but diagnose your symptoms yourself, and then ask for medication from the pharmacist without needing to ask for his opinion? Have you never engaged the services of an accountant, lawyer, banker, etc. because you should be doing things on your own instead of relying on someone else?

    You see, the problem with your logic is that it leaves very, very large holes for hypocrisy. Do you really feel justified in demanding everyone become proficient with computers, just because YOU are?
     
  15. sded

    sded Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    512
    Location:
    San Diego CA
    For probably more than you will ever want to know if you read very far, the book "The Art of Computer Virus Research and Defense" by Peter Szor is available online for free in html format at ~Link removed~ among other locations. Good thing to keep around for reference.
     
    Last edited by a moderator: Jun 24, 2009
  16. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    I think its good to know what malware aims to do in general
    rather than what category a specific malware i.e XYZ , fits into .

    So its good to know that malware can aims to do different things

    1) trick users in buying security software
    2) steal money from a user
    3) gather internet usage info from a user.
    4) steal identity info from a user
    5) steal identity info from a user with aim of stealing money
    6) corrupt users system
    7) use system and conceal this use from user.
    [noparse]:cool:[/noparse] target advertising at user ( not 100% sure on this :))


    So then instead of having a general fear of "viruses" , someone can consider , in the light of their own circumstances , are any of these things a big deal.

    And if they are they can then look at ways to deal with each threat.
     
  17. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Most of the people I've dealt with probably have never heard of a rootkit. To them, everything bad is a "virus" and so I normally use that term with them. Does it matter?

    Take conficker, as an example.

    Quick: which of the descriptions in the first post apply to conficker? I took these from my notes -- take your pick!

    From my perspective, the most important information about conficker was:

    • The first variant of conficker infected through Ports 445 and 139

    • A later variant of conficker infected through USB via a specially crafted autorun.inf file

    Since everyone I worked with was already protected on both of those fronts, as far as I was concerned, conficker was a No-threat.

    Now, it certainly was a threat to those who were not protected, so naturally, the thing to do was to get the word out to as many people as possible.

    It was interesting to read the analyses of the inner workings of conficker, for it certainly is a very sophisticated piece of malware, whether security analysts say it's just a worm, or contains code that includes characteristics of rootkits and keyloggers. But I don't think knowing those specifics would have added anything to help those out there in the general population.

    Conficker needed to be avoided like the plague, no matter what its name was.

    ----
    rich
     
  18. Windchild

    Windchild Registered Member

    Joined:
    Jun 16, 2009
    Posts:
    571
    Good point! No, it does not matter, in the sense that a user can be pretty darn safe even if he doesn't know exactly what the difference between a rootkit and a virus is. As long as he knows both are bad, and how to avoid them, the scientific details and the semantics are meaningless.
     
  19. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    You know, I would going let this lie, but after stewing on it for 2 days, well, get your ass ready. I asked because I do know and dont know, and there are new people all the time coming here. And they may not know. We get so far ahead in this game that we forget, that like us, there are new members just starting out.

    And if posting something gets them started, then isnt that why Wilders is really here. Duh!!

    Now for me. Enough with potshots, ok. If you really want to know how I feel or what I use then PM me. Folks do. I do use FD-ISR and have every shot filled with a different product and that my friend, yeah right, is how I learn. Today it may be A, tommorow it may be D, but it is my choice. So the old man you think is nuts, trust me, my nuts are still on the tree, ripening.;)
     
  20. kwismer

    kwismer Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    240
    learning how to prevent problems, and how to deal with problems that tend to recur ultimately saves time in the long run.

    there's a notion that being actively involved in the protection of one's system (rather than installing and forgetting software) takes up time that users could be spending doing other more productive things - that notion is a popular myth, an old wives tale. i am very active in the protection of my system, i use many tools, many techniques, etc, but i do not spend much of my time doing it because it simply does not take that much time.

    now you're just constructing straw men.

    don't have a car.

    i do some plumbing myself, but anything that requires a blowtorch or turning off the water outside the house i leave to the professionals.

    i rarely go to the doctor (i've already described this), and whenever possible i take the non-pharmalogical option.

    seems to be verging on straw man territory here too - relying on a product and relying on a person are 2 entirely different things. i should hope that would be obvious. (though i don't engage the services of any of those professionals either)

    demanding? no. assisting? yes. i feel justified in assisting everyone in becoming proficient (or at least more proficient than they are now) with computers.
     
  21. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    @ kwismer

    I'll give you a few real examples:

    All my family members systems are protected with security measures I implemented. Which ones, are of no discussion here. They're simple, effective, and they still get to do their daily tasks, without being bothered by them.

    One of the security measures, is that browsers are set not to allow javascript, etc, by default, for every site. Only those they trust, like bank, and alike services.

    Do I need to tell them what javascript, java, etc is? No. All they need to know (and not because I think they're stupid, on the contrary, but, sometimes giving a lot of info, will cause confusion to the casual computer user) is that javascript, java, flash, are technologies which browsers make use of, and in case of entering a malicious domain while searching google, for example (of course, not knowing that is), or being redirected to one, if they need one those technologies to attack the system, and if they aren't active for them (the domains), then they won't attack the system (through exploits).

    So, they only allow those to trusted domains.

    Do I need to know what happens within my organism, after eating junk food, like McDonald's? No. All I need to know is that is bad for my health, and so I won't eat it. I don't need to know if it will make my bowels into some sort of matter, and how it will make it like that. I don't need all the details, just the enough to know is bad news.

    Hey, but if you feel different and have the time, then help those who are your friends, and your family, knowing each detail of what happens within the Operating System, etc.

    I guess everyone finds their own way, at the end of the day. All roads lead to Rome, right?
     
  22. Judge Dee

    Judge Dee Guest

    Top notch comment, mOOnblOOd. :thumb:
    Everyone has different ideas as to what they want to do with their computer. If someone wants to know everything, more power to them.
    And for those who don't, more power to them.

    Regards,
     
Thread Status:
Not open for further replies.