This document discusses computer viruses and how they differ from trojans, worms, and hoaxes.
The term virus is often used as a generic reference to any malicious code that is not, in fact, a true computer virus. This document discusses viruses, Trojans, worms, and hoaxes and ways to prevent them.
What is a virus?
A computer virus is a small program written to alter the way a computer operates, without the permission or knowledge of the user. A virus must meet two criteria:
Some viruses are programmed to damage the computer by damaging programs, deleting files, or reformatting the hard disk. Others are not designed to do any damage, but simply to replicate themselves and make their presence known by presenting text, video, and audio messages. Even these benign viruses can create problems for the computer user. They typically take up computer memory used by legitimate programs. As a result, they often cause erratic behavior and can result in system crashes. In addition, many viruses are bug-ridden, and these bugs may lead to system crashes and data loss.
There are five recognized types of viruses:
What is a Trojan horse?
Trojan horses are impostors--files that claim to be something desirable but, in fact, are malicious. A very important distinction from true viruses is that they do not replicate themselves, as viruses do. Trojans contain malicious code, that, when triggered, cause loss, or even theft, of data. In order for a Trojan horse to spread, you must, in effect, invite these programs onto your computers--for example, by opening an email attachment. The PWSteal.Trojan is a Trojan.
What is a worm?
Worms are programs that replicate themselves from system to system without the use of a host file. This is in contrast to viruses, which requires the spreading of an infected host file. Although worms generally exist inside of other files, often Word or Excel documents, there is a difference between how worms and viruses use the host file. Usually the worm will release a document that already has the "worm" macro inside the document. The entire document will travel from computer to computer, so the entire document should be considered the worm. PrettyPark.Worm is a particularly prevalent example.
What is a blended threat?
Blended threats combine the characteristics of viruses, worms, Trojan horses, and malicious code with server and Internet vulnerabilities to initiate, transmit, and spread an attack. By using multiple methods and techniques, blended threats can rapidly spread and cause widespread damage. Characteristics of blended threats include the following:
Effective protection from blended threats requires a comprehensive security solution that contains multiple layers of defense and response mechanisms.
What is an expanded threat?
An expanded threat is an application or software-based executable that is either independent or interdependent on another software program, and meets one or more of the following criteria:
For information about expanded threat categories, read the Symantec Security Response Web site.
What is a virus hoax?
Virus hoaxes are messages, almost always sent by email, that amount to little more than chain letters. Some of the common phrases used in these hoaxes are:
Most virus hoax warnings do not deviate far from this pattern. If you are unsure whether a virus warning is legitimate or a hoax, additional information is available at the Symantec Security Response hoaxes site.
What is not a virus?
Because of the publicity that viruses have received, it is easy to blame any computer problem on a virus. The following are not likely to be caused by a virus or other malicious code:
What is safe computing?
With all the hype, it is easy to believe that viruses lurk in every file, every email, every Web site. However, a few basic precautions can minimize your risk of infection. Practice safe computing and encourage everyone you know to do so as well.
Specific to Symantec Endpoint Protection
For the most up-to-date information on viruses, visit the Symantec Security Response Web site.
To submit a file you suspect may be malicious or a threat, see How to collect and submit to Symantec Security Response suspicious files found by the SymHelp utility.
Login to Subscribe
Please login to set up your subscription.
Get support for your product, with downloads, knowledge base articles, documentation, and more.
Maximize your product competency and validate technical knowledge to gain the most benefit from your IT investments.
Set default language
Do you wish to save this as your future site?