Saturday, January 28, 2006

what is a worm?

a worm is a self-replicating program that is able to make (possibly evolved) copies of itself that are not attached to (via infection) other host programs...

that is not to say that worms can't infect host programs, there are already many examples of virus/worm hybrids that are able to self-replicate using both strategies - later variants of klez, for example... there are also examples of virus/worm hybrids that must infect a host program in order to self-replicate (like w32/ska, which needs to infect wsock32.dll in order to email itself*)...

also since it must self-replicate, a worm meets the requirements of the mathematical definition of virus and can therefore be thought of a kind of virus, but only in more academic/scientific contexts...

while there are schools of thought that would include such further constraints as being able to spread over a network or even being network-aware, these constraints are arbitrary and in some cases just wrongheaded... for example - a program that copies itself to all logical drives provided by the operating system is actually still able to spread over implicit networks like sneakernet, as well as being able to spread over more conventional windows networks in the presence of mapped drives... the requirement for network-awareness, on the other hand, is actually an attempt to narrow the network spreading constraint by introducing intent into the equation (network-awareness becomes an indicator of intent to spread over networks and thereby weed out the supposed accidental network spreading in the previous example) while completely ignoring the fact that intent is an entirely subjective quantity (especially when judging it from code) and causes the definition to no longer be functional for no apparent reason or benefit...

(* thanks to peter szor's book for reminding me of that)
back to index

0 comments: