Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Malware Triangle

Reply
Thread Tools

Malware Triangle

 
 
--Mike
Guest
Posts: n/a
 
      11-21-2004

"Roger Wilco" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> "kurt wismer" <(E-Mail Removed)> wrote in message

news:5AAnd.36628$(E-Mail Removed). ..
>
> > the relationship between worms and viruses is another misfire as one is
> > generally considered to be a subset of the other (though which is the
> > subset and which is the superset is debatable)... worms are definitely
> > not viruses + spam... there's even a good argument to be made for virus
> > = worm...

>
> People have been equating virus to spam for some time now because of the

e-mail vector worms they have to filter out
> of their e-mail stream. Both the spam and the worms share in the flooding

effect although the filtering for each may be
> different. Its egocentric, but who can blame them for seeing these things

only as they affect them.
>


A Worm is not really a class of malware or threat. It suggests a type of
behavior: self replicating/self e-mailing. Worm-type behavior can be a
characteristic of almost any threat, whether it's a virus, trojan horse,
spyware, adware, zombie, etc.

--Mike


 
Reply With Quote
 
 
 
 
Roger Wilco
Guest
Posts: n/a
 
      11-21-2004

"--Mike" <(E-Mail Removed)> wrote in message news:zQ5od.253$%(E-Mail Removed)-kc.rr.com...
>
> "Roger Wilco" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> >
> > "kurt wismer" <(E-Mail Removed)> wrote in message

> news:5AAnd.36628$(E-Mail Removed). ..
> >
> > > the relationship between worms and viruses is another misfire as one is
> > > generally considered to be a subset of the other (though which is the
> > > subset and which is the superset is debatable)... worms are definitely
> > > not viruses + spam... there's even a good argument to be made for virus
> > > = worm...

> >
> > People have been equating virus to spam for some time now because of the

> e-mail vector worms they have to filter out
> > of their e-mail stream. Both the spam and the worms share in the flooding

> effect although the filtering for each may be
> > different. Its egocentric, but who can blame them for seeing these things

> only as they affect them.
> >

>
> A Worm is not really a class of malware or threat. It suggests a type of
> behavior: self replicating/self e-mailing. Worm-type behavior can be a
> characteristic of almost any threat, whether it's a virus, trojan horse,
> spyware, adware, zombie, etc.


If the program self-replicates, it will be considered malware until someone actually does find the elusive "good virus" or
"beneficial worm" program. Also bear in mind that the "benjamin" worm didn't send itself to other hosts, it only made itself
highly available in shared infospace. Right on about worm being behavioral - and it is not always behavior that can be seen
in the program code itself.


 
Reply With Quote
 
 
 
 
kurt wismer
Guest
Posts: n/a
 
      11-22-2004
Jack wrote:
> kurt wismer wrote:
>
>> all malware is software (that's where the 'ware' part of malware
>> comes from), spam is not software, therefor spam is not malware...

>
> That is arguable. HTML spam contains HTML, which is a language, and
> therefore it could be said to be software.


english is a language, does that make the words coming out of my mouth
software? no...

html is a markup language, not a programming language...

[snip]
> But I don't personally see the 'triangle' as a particularly useful way
> of modelling internet threats; I can't see what new insights it throws up.


that much we agree on...

--
"maxwell can tell he's in hell
just wants you to visit him there
same old game that he's playin'
his rules are never fair"
 
Reply With Quote
 
Jack
Guest
Posts: n/a
 
      11-22-2004
kurt wismer wrote:
> Jack wrote:
>
>> kurt wismer wrote:
>>
>>> all malware is software (that's where the 'ware' part of malware
>>> comes from), spam is not software, therefor spam is not malware...

>>
>>
>> That is arguable. HTML spam contains HTML, which is a language, and
>> therefore it could be said to be software.

>
>
> english is a language, does that make the words coming out of my mouth
> software? no...
>
> html is a markup language, not a programming language...


HTML can download and execute code. HTML can contain Javascript. HTML
can be used to do things like hijacking your browser and installing
trojans. English can't. HTML is much more like a programming language
than English; and anyway, as far as discussion of malware is concerned,
HTML spam can and does get used to access the victim's computer without
authorisation.

--
Jack.
 
Reply With Quote
 
Richard S. Westmoreland
Guest
Posts: n/a
 
      11-22-2004
"kurt wismer" <(E-Mail Removed)> wrote in message
news:5AAnd.36628$(E-Mail Removed). ..
> for example, spam doesn't belong anywhere near a malware diagram... it
> is not a threat to anything other than your time and/or your pocketbook
> (if you happen to get suckered into buying something)... in the grander
> sense i suppose it's also a threat to the usefulness of email in
> general, but it's no more a threat than being exposed to advertising on
> tv or in a magazine or on the side of the highway...


A threat to your time/pocketbook; your bandwidth, your storage space,
difficultuly of regulation compliance - all a disruption to Availability.
If you work in a corporate environment that has to deal with this, it is a
costly annoyance. Spam is malicious, and electronic, so I very well can
classify it as malware.

The definition of malware is still a relatively new term in our language, I
don't have a problem with extending it's definition to meet the needs of
now. Malware is a compound of Malicious Software, and the definition of
Software is:

Computer instructions or data. Anything that can be stored electronically is
software.
http://www.webopedia.com/TERM/s/software.html

Rick


 
Reply With Quote
 
Bart Bailey
Guest
Posts: n/a
 
      11-22-2004
In Message-ID:<cnsklj$nhv$1$(E-Mail Removed)> posted on Mon, 22
Nov 2004 12:05:06 +0000, Jack wrote: Begin

>HTML can download and execute code. HTML can contain Javascript. HTML
>can be used to do things like hijacking your browser and installing
>trojans. English can't. HTML is much more like a programming language
>than English; and anyway, as far as discussion of malware is concerned,
>HTML spam can and does get used to access the victim's computer without
>authorisation.


Isn't the critical difference, if it is a difference, the fact that
classic programming languages get interpreted by your command
interpreter, whereas HTM languages get pre-interpreted by your browser?

--

Bart
 
Reply With Quote
 
Ant
Guest
Posts: n/a
 
      11-23-2004
"Bart Bailey" wrote:

> Isn't the critical difference, if it is a difference, the fact that
> classic programming languages get interpreted by your command
> interpreter, whereas HTM languages get pre-interpreted by your browser?


From my viewpoint, as a programmer, "programming languages" come in
two flavours; those which are compiled into executable files, and
those which are interpreted and executed on the fly.

The pre-compiled files contain a memory image, or images, of machine
instructions. The loader (which may be invoked from a command
interpreter when you type the file name) places this code in memory,
sets the CPU instruction pointer to the start address, and the
processor is off and running it.

The interpreted ones include languages like Java, and many versions of
Basic. They have access to a library of pre-compiled routines which
they will load and execute as the interpreter parses the source.
Scripting languages like Javascript, DOS batch files, and Unix shell
scripts are also interpreted.

While HTML is not a programming language, for the purpose of this
discussion it should be considered as such. It can contain scripts,
and interpreting it in a browser could have the same effect as running
a compiled executable file.


 
Reply With Quote
 
kurt wismer
Guest
Posts: n/a
 
      11-23-2004
Jack wrote:
> kurt wismer wrote:
>> Jack wrote:
>>> kurt wismer wrote:
>>>
>>>> all malware is software (that's where the 'ware' part of malware
>>>> comes from), spam is not software, therefor spam is not malware...
>>>
>>> That is arguable. HTML spam contains HTML, which is a language, and
>>> therefore it could be said to be software.

>>
>> english is a language, does that make the words coming out of my mouth
>> software? no...
>>
>> html is a markup language, not a programming language...

>
>
> HTML can download and execute code.


no it can't, you're thinking of scripts...

> HTML can contain Javascript.


yes, html can be a container for (actual) programs written in other
(actual programming) languages like java, javascript, etc...

zip files can be containers for programs to, does that make zip files
programs? no...

> HTML
> can be used to do things like hijacking your browser and installing
> trojans.


no, it can't... again, you're thinking of scripts and various other
forms active content (activex for example)...

> English can't. HTML is much more like a programming language
> than English;


oh, i agree that html is much more *like* a programming language than
english, but it still remains a non-programming language...

> and anyway, as far as discussion of malware is concerned,
> HTML spam can and does get used to access the victim's computer without
> authorisation.


html itself is not a threat...the scripts that html documents can
contain can be a threat but they can also be ignored by properly
hardening your browser settings...

feel free to blame the worlds biggest browser vendor for making the
default action 'run everything we encounter'... notice how the same
vendor has produced an operating system that treats CDs exactly the
same way...

--
"maxwell can tell he's in hell
just wants you to visit him there
same old game that he's playin'
his rules are never fair"
 
Reply With Quote
 
kurt wismer
Guest
Posts: n/a
 
      11-23-2004
Bart Bailey wrote:
> In Message-ID:<cnsklj$nhv$1$(E-Mail Removed)> posted on Mon, 22
> Nov 2004 12:05:06 +0000, Jack wrote: Begin
>
>>HTML can download and execute code. HTML can contain Javascript. HTML
>>can be used to do things like hijacking your browser and installing
>>trojans. English can't. HTML is much more like a programming language
>>than English; and anyway, as far as discussion of malware is concerned,
>>HTML spam can and does get used to access the victim's computer without
>>authorisation.

>
> Isn't the critical difference, if it is a difference, the fact that
> classic programming languages get interpreted by your command
> interpreter, whereas HTM languages get pre-interpreted by your browser?


HTM languages?

anyways, activex controls are native code... java is interpreted by the
java virtual machine (and i don't know any browser that has a jvm built
into it)...

none of them bear any relation to html, nor are they a part of html...
they are something that clever (and sometimes not so clever - activex,
'nuff said) people figured out how to sneak into html containers...

--
"maxwell can tell he's in hell
just wants you to visit him there
same old game that he's playin'
his rules are never fair"
 
Reply With Quote
 
kurt wismer
Guest
Posts: n/a
 
      11-23-2004
Ant wrote:
[snip]
> While HTML is not a programming language, for the purpose of this
> discussion it should be considered as such. It can contain scripts,
> and interpreting it in a browser could have the same effect as running
> a compiled executable file.


shame on you... if you can't make a program with it, it's not a
programming language... period...

an html document can act as a container, so can a zip file... that
doesn't make html a programming language anymore than it makes winzip a
compiler...

--
"maxwell can tell he's in hell
just wants you to visit him there
same old game that he's playin'
his rules are never fair"
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
cisco 1721 triangle whit 2 cisco 800 over isdn 128k Himselff Cisco 4 06-27-2005 12:42 PM
Load balancing over WAN triangle Will Cisco 3 02-22-2005 07:00 PM
Button Click events going into Bermuda Triangle, news at 10 Michael Johnson Jr. ASP .Net 2 12-11-2003 07:36 AM
2x2950 + 3745 in triangle Bartek Cisco 1 11-01-2003 08:07 PM
Sample config. for 827 on Sympatico HighSpeed or Golden Triangle? Brad Cisco 0 07-11-2003 03:44 AM



Advertisments