JRHelgeson's Journal: Viruses vs. Worms -- What's the difference?

It seems there is confusion as to what makes a virus, and what makes a worm, what distinguishes the two and why any of this matters. There is a very clear and simple distinction between the two, and it astonishes me that 'industry experts' continually fail to properly distinguish them.

Simply stated: Viruses require user interaction to spread whereas worms exploit vulnerabilities in operating systems to spread and do not require any user interaction.

Put in its most simplistic terms:
To protect yourself from a virus, do nothing. To become infected by a worm, do nothing.

Allow me to explain.

Viruses require user interaction to spread. A virus can infect a file, being parasitic in nature, or it can be a free standing application. If it is a free standing application it is most commonly a Trojan horse - a malicious application whose true purpose is disguised until the user has been tricked into launching the application. Trojan horses are often used to install backdoors on machines, but all of these are clearly viruses.

The way to defend yourself from viruses is to either use an anti-virus program, or remain alert to the various malicious programs that exist out there and DONT CLICK ON THEM.

I currently have several hundred viruses, Trojan horses and backdoors on my computer. They are all there for research purposes. I know they're there, I don't click on them, and I am not infected by any of them.

Similar to the researchers at the Center for Disease Control (CDC) in Atlanta; They work with the Ebola virus every day, does that mean they're infected with it? Of course not! They know the danger of the substances with which they work on a daily basis, and so do I.

A worm is a much different animal. The way you protect yourself from a worm is to patch the holes in your operating system. If you do nothing, and you remain connected to other computers on a network, you will become infected. Worms spread through vulnerabilities that exist in operating systems. If you patch your system, you have essentially become inoculated against the worm.

Folks are labeling the Swen virus as being a worm. While Swen does have some characteristics of a worm, its primary method of spreading is by user interaction, thereby making it a virus.

If you have failed to patch yourself against the MS01-020 vulnerability, then the Swen virus will spread simply by viewing the email. The user interaction here is the viewing of the message. The MS01-020 vulnerability was discovered in 2001. Personally, if you haven't patched your computer since then, you've earned that victim status.

Original Discussion