mailing list archives
Re: Re: Microsoft AntiSpyware falling further behind
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Sun, 30 Oct 2005 09:46:48 +1300
Valdis Kletnieks wrote:
No, because they're different.
Trojan horses (a) get installed under pretense of being something wanted
or beneficial ("Hey, I'm a neat fun codec that lets you view these movies...")
and (b) once there, gives the attacker a "back door" into the system, to
do unspecified things (run commands, launch DDoS attacks, send spam, scan
for other vulnerable software, upload plugins to extend the Trojan's functionality,
In the late 1990s, a particular form of Trojan Horse program -- remote
access Trojans or RATs -- became very popular with a certain element of
computer users. Things like Netbus and BackOrifice became all the rage
and "hacking" others' computers by SE'ing them into installing your
preferred RAT was considered de rigeur by what would generally be
called the kiddies.
Anyway, an upshot of this was that a certain element (and I'd never
have picked Valdis K as being one of these!) started using the word
"Trojan" or the phrase "Trojan Horse" for the first time _for them_ in
reference to computer software, _AND_ they were using it specifically
(though few probably even realized this) as a shorthand for "remote
This is a Johnny come lately perversion of the real meaning of Trojan
Horse in reference to software. Trojan Horse, or simply Trojan,
software has always meant, and still does to anyone with a vague hint
of historical awareness, software that gets installed under the
pretense of being something desirable or beneficial but that actually
has deliberately (on the part of its designer/developer) undesirable
effects that are (at least initially) hidden or not obvious to the
intended user(s) of the software.
This whole issue of the late-90s/early-00s attempt to redefine "Trojan"
was hashed out here a month two back -- how quickly we forget...
Anyway, given the correct definition of Trojan Horse software, much
spyware actually already falls under the definition of Trojan Horse
software, not necessarily because of its outright design, but because a
sizable chunk of its installations are deliberately surreptitious, with
the presence and purpose of the software being kept from the user. Of
course, many of the makers of such spyware counter that their software
is not supposed to be installed surreptitiously and that to the extent
this happens with their software it is indicative of "bad affiliates"
and not their own intentions. This latter issue was, at least until
recently, quite a sticking point for a lot of traditional antivirus
developers detecting such wares, especially given the litigious nature
of the US, where many of the spyware developers are based.
Spyware, on the other hand (a) *may* be installed via Trojan Horse means, but may
also be forcibly inserted on a system via a software vulnerability, or added
in via the above-mentioned plugin method by an already-present Trojan, and (b) is
software that monitors system activity (keystrokes, screen pixmaps, etc) in an
effort to acquire credentials or other sensitive information.
The ASC says "spyware and other potentially unwanted technologies" are:
Technologies deployed without appropriate user consent and/or
implemented in ways that impair user control over:
* Material changes that affect their user experience, privacy, or
* Use of their system resources, including what programs are
installed on their computers; and/or
* Collection, use, and distribution of their personal or other
Not exactly rocket science, nor earth-shattering news to anyone here, I
suspect, but I guess the hope is this "definition" will be used to
inform various legal initiatives that are currently considering dealing
with "the spyware problem"...
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/