What's worse, a virus or a worm?

What's worse, a virus or a worm?

What's worse, a virus or a worm?

Answers to your questions about the news.
May 20 2003 6:58 PM

What's Worse, a Virus or a Worm?

"Palyh," the latest Internet contagion, masquerades as an e-mail from Microsoft technical support. Some writers term Palyh a virus, others a worm. What's the difference?


It's all about reproduction. Like their parasitic namesakes, computer viruses need to attach to "hosts" in order to survive. A virus latches onto a program like Word or Excel, modifying the host (by inserting its code into the application's code) and replicating itself when the host program is active. A virus can thus spread all over a single user's machine but needs help to infect other computers. Unwitting humans can do the trick with an infected floppy disk, but the more common approach is for a virus to spread through a "Trojan Horse."

As the Iliad-derived name suggests, a Trojan is a delivery program that appears benign but actually carries a virus-filled payload. In the case of Palyh, the executable attachment masquerading as a Microsoft patch is a textbook Trojan. Opening the file will not update your operating system, but rather infect your computer with Palyh while sending additional Palyh-laden Trojans to the e-mail addresses stored on your computer. Like many other Trojan-borne viruses, Palyh has an expiration date—it will no longer be active after May 31.

Worms are a smaller subset of viruses. They can also propagate via Trojans, but once a worm infects your computer, it acts as a stand-alone program and does not require a host in order to survive and reproduce, seeking instead to copy itself without your help. Worms can do this because they are generally "network aware"—that is, they automatically seek network connections over which to spread, searching for security holes and other weaknesses. These pests are considered more loathsome than viruses, especially in networked environments. If one doofus worker clicks on an infected attachment, every machine in the company may soon be tainted. If that same doofus clicks on a traditional virus, his or her co-workers may still need to open the resulting Trojan-bearing e-mails for the virus to spread. According to anti-virus vendor Symantec, Palyh looks for shared folders to infect and thus deserves the worm appellation.

These definitions aren't written in stone, and hybrids are common. Also up for debate is the origin of the term "worm." One school of thought holds that it dates back to the 1960s, when computer code ran on reel-to-reel tapes. This ostensibly gave rise to "tapeworm," later shortened to its current length. The other theory is that the word comes from the 1975 John Brunner novel The Shockwave Rider, a proto-cyberpunk classic. As for "virus," it's pretty much agreed that the term's father is computer scientist Fred Cohen, author of the landmark 1984 paper "Computer Viruses: Theory and Experiments."

Explainer thanks William Knowles of c4i.org.