A rogue code by any name still smells as foul.
Does it matter whether the malicious attacker invading your system is labeled a "Trojan horse," "worm" or "virus"? The label does matter, for the same reason that people distinguish between viral and bacterial diseasesdifferent causes call for different remedies.
Definition of a Trojan Horse
The most elementary form of malicious code is the Trojan horse. This kind of program appears to do something useful, or at least entertaining, such as putting up an attractive screen saver. Like its legendary namesake, however, a Trojan horse program conceals a destructive purpose: While running, such a program may destroy files or create a "back door" entry point that enables an intruder to access your system.
A Trojan horse program does not propagate itself from one computer to another. Self-replication is the hallmark of the other two major families of malicious code, the worm and the virus.
Definition of a Virus
A virus commonly inserts itself into other program files, in the same manner that a virus in nature takes over the apparatus of normal cells. When the infected program runs, the virus code gets a chance to inspect its environment and look for and infect new carriers in the form of other program files. If a user transmits an infected file to another user, or if infected storage media moves from one machine to another, the virus may spread rapidly.
Until recently, one could say that data files, such as word processor documents, were inherently unable to engage in viral mischief. But macro capabilities in software suites like Microsoft's Office have forever blurred this distinction.
Protection against a viral attack depends on recognizing attempts to alter existing program files, or detecting such changes by comparison to a trusted database. Document-based virus attacks can be blocked by disabling active-content facilities, such as Word macros or live HTML-page messages that bear potentially malicious ActiveX controls.
Definition of a Worm
A worm, as defined by some authorities, is a self-replicating program that does not alter files but resides in active memory and duplicates itself by means of computer networks. Worms use facilities of an operating system that are meant to be automatic and invisible to the user. It is common for worms to be noticed only when their uncontrolled replication consumes system resources, slowing or halting other tasks. A new class of worm, such as Worm.ExploreZip, resides in your system's memory and self-replicates, but also contains a malicious payload.
Protection against a worm is like protection against other network faults, depending on intelligent recognition of suspicious patterns of events before a problem can interfere with essential functions.
So, How Do You Protect Your System?
With a Trojan horse, users must be appropriately suspicious of executable files whose function is not known. With a virus, users must depend on system protection utilities to detect alterations to files that aren't in normal user-file directories. With a worm, network managers must detect suspicious traffic and take appropriate action before whole groups of users can be harmed.