What's the difference between a 'Trojan Horse,'
A 'Worm' and a 'Virus'?

by Leo A. Notenboom

Learn the difference between a trojan horse, worm, and virus.

Seems like there's no shortage of confusing terminology in the computer biz. With the advent of computer viruses over recent years, we've spawned even more terminology that often seems only to make things less clear.

And then recently it looks like we can't even spell! I mean, really ... "phishing"? What's that all about?

The good news is that it's not really that difficult. Let's run down the terms.

Virus: we've all heard this one too often lately. In a sense, "virus" is the root definition of the things we'll talk about here.

A virus in the human body is an organism that replicates (makes copied of) itself and overwhelms the body's own defenses making it sick. Human borne viruses can spread in several ways from person-to-person. Depending on the type of virus it catching it could be as simple as breathing the same air as an infected person. It might require direct contact, or it might require an even more direct transfer of, say, blood.

The term "virus" when applied to computers sounds very similar. A computer virus:

  • is a program - really, that's all any of this is. A virus is just a computer program. It's written by some individual or individuals, presumably with the intent of spreading and causing grief.
  • makes the infected computer "sick" - in the computer sense, "sick" can mean poor performance, crashes, lost files and data, or more.
  • replicates itself - just like you can copy a file from one disk to another, and now have copies on both disks, a computer virus is in part defined by its ability to make copies of itself. Typically the copies aren't on the infected computer, but rather on other computers, which leads us to the last characteristic...
  • infects other computers - exactly how depends on the virus, of course, but another key defining point for a computer virus is that it can spread, on its own.

Worm: technically, a worm is a virus that does no direct damage to the computer it's infected. In reality, worms can cause a great deal of trouble merely by getting passed from one computer to many others, and can clog up a network very quickly.

Unfortunately there isn't necessarily agreement on that definition. At least one other resource I've seen states that a) a Worm does cause damage to the infected system, and b) worms and viruses differ from how they are transmitted: a worm is a stand-alone program, while a virus propagates by attaching itself to another program.

Trojan Horse: a program that claims to be one thing, but is, in fact, another. A trojan horse is not a virus, per se, but may carry them. For example many people consider Kazaa, the music sharing software, a trojan horse because it carries with it a bunch of spyware. There are trojans that claim to be patches for a problem, often arriving in email, that are in fact spyware and virus installers.

Phishing: I think of phishing as a kind of email trojan horse. It's email that looks like it comes from some official site such as your bank, Paypal or eBay, but in fact it comes from someone pretending to be them. They'll ask you to go visit a site, or provide some information, looking very official and proper, except that the site is not what you think, and the information you give them allows them to steal your credit card or identity.

The bottom line, of course is that we all need to keep aware of these issues and act accordingly. We shouldn't have to, of course; hackers shouldn't exist and operating systems and other software should simply protect us. But the pragmatic reality of the situation is that we do need to keep our guard up.

What does that mean? How should you protect yourself? As outlined in my earlier article How do I keep my computer safe on the internet? is boils down to common sense, a firewall, and running up-to-date anti-virus, anti-spyware tools regularly.

Leo A. Notenboom is a software engineer and entrepreneur who worked for Microsoft for many years, either developing some of the company's best known software or managing other engineers who did. When he left he started his own software engineering company and consulting firm, Pudget Sound Software. In addition to the services offered through http://pugetsoundsoftware.com, Leo runs the the popular Ask Leo! technical support site (http://www.ask-leo.com). Leo can be reached at [email protected]

Free small business newsletter
Get great business ideas and advice like this sent to you in email twice a week.
Subscribe to the free Business Know-How newsletter. 
Enter your primary email address below


Follow Us and Share