Talk:Trojan horse (computing)

From Wikipedia, the free encyclopedia

This article is part of WikiProject Malware, an attempt to better organise information in articles related to Malware. If you would like to participate, you can edit the article attached to this page, or visit the project page, where you can join the project and/or contribute to the discussion.

this needs disambiguous attention. Kingturtle 17:51 Apr 12, 2003 (UTC)

---

At present, this article is conceptually confusing (and confused). It gives as Trojan examples things which are more properly viruses, defines Trojans as not propagating but gives examples of malware doing so, etc. Needs work. And some conceptual clarity. ww 16:22, 7 May 2004 (UTC)

I tried to improve on it; comments or suggestions for further improvement are welcome. Sietse 19:47, 16 Sep 2004 (UTC)

---

Some Trojans do not infect other programs and are usually easily deleted, but others are much more dangerous. The MyDoom epidemic in early 2004 was spread by using Trojan-horse attachments in email with a terse message saying that the attachment could not be delivered, making users curious to open it and see what it was. (MyDoom is technically a worm, since it spreads itself to other computers by sending infected email attachments, but it depends on users double-clicking on the attachments to actually infect their computers—a Trojan-like property.)

I have removed this paragraph. In my opinion, it is confusing to illustrate the idea of a trojan horse with an example of another type of malware, i.c. a virus. I think the other examples in the article suffice for explaining what a trojan horse is. Sietse 19:47, 16 Sep 2004 (UTC)

---

An early Trojan horse was the 1975 ANIMAL program, a game to identify an animal but which also spread itself to other users on UNIVAC Exec computers[1].

I removed this paragraph too. In the modern sense of the word, a Trojan is a harmful program. ANIMAL and PERVADE were harmless however. Additionally, the combination of ANIMAL and PERVADE was able to spread itself, which trojan horse programs cannot do. Sietse 19:47, 16 Sep 2004 (UTC)

Contents 1 Needs to say how you can delete trojan horses 2 Well-known trojan horses section 3 Bias 4 It's nonsense 5 Broad edits with no discussion 6 Major Trolling 7 Cleanup 8 Road Apple 9 Time bombs and logic bombs 10 Nonsense 11 Vandalism 12 Perspective of Malicious Intent 13 Etymology

[edit] Needs to say how you can delete trojan horses

I found this article confusing since it does not say how you can get rid of one if you are infected. It also only tells of common errors, for lack of a better word. There are bound to be some obscure errors that occur if you are infected.

I wonder is a "how to remove a trojan" section really fitting for here since all Trojans do different things and therefore are removed in different ways. Perhaps there could be a link to, say, the Symantec website where the information for each virus(etc) is posted, including removal instructions/tools. Darryl L James 01:31, 5 April 2007 (UTC)

I agree, a "how to remove" section seems out of place. Every infection is different, and generalizing the process could further confuse readers. —Preceding unsigned comment added by Jrg7891 (talk • contribs) 02:38, 6 November 2007 (UTC)

do Trojan slow down your pc? AKA do trojan take up all the RAM space? >x<ino 21:01, 4 November 2005 (UTC)

Trojans don't specifically fill up your RAM etc; it depends on how they are programmed. Darryl L James 01:31, 5 April 2007 (UTC)

[edit] Well-known trojan horses section

Most of the software mentioned are Greek armies that can inside some Trojan horse be sent into cities (computers) that are to be infiltrated. So they are not Trojan horses. They can only become Trojan horses, if they are combined with Horse software and distributed as such. So can every other piece of software. Even, if some of them have been used as armies inside such computer infiltrating horses, there are still big mistakes in the list I think. I have never heard of a single computer that would have had Back Orifice 2000 installed by a Trojan horse. Could you please point me a references to such cases? --Easyas12c 19:58, 4 April 2006 (UTC)

Any of those programs can be sent with a deceptive name, and has been done many times. Once run they require no additional input so no additional program is required to install them. --RainR 20:39, 4 April 2006 (UTC)

The discussion of Trojan horse here ignores the history it cites. "Trojan horse" was first used to describe programs that were not what they seemed -- whether they were "replacements" for legitimate programs or programs that included unadvertised/hidden (and possibly malicious) functions -- in the early 1970s. Second, it has never been a requirement that a virus install itself: That assertion is simply ridiculous on its face - look at the original works on computer viruses (Fred Cohen's dissertation and early articles). Just what is meant by "operate automonously," anyway? Third, triggers are not peculiar to trojans: Subroutines in Fred Cohens's original viruses were named "trigger-pulled," and he discussed using date and time as a trigger to "do-damage." He even specifically addressed whether a virus source program needed to be a Trojan horse. Third, Trojan horse, virus and worm are not mutually exclusive terms, which this article implies, yet refutes with its own examples. --70.171.196.171 09:24, 30 June 2006 (UTC)

Added a method of deletion. Might need better editing but the information is correct.Warrush 23:18, 24 January 2007 (UTC)

[edit] Bias

Email: If you use Microsoft Outlook, you're vulnerable to many of the same problems that Internet Explorer has, 
even if you don't use IE directly. Email viruses will often send copies of themselves to people in the infected 
user's address book

This is blatently written by someone who loves firefox and is very bias, true or not. This whole article isn't written in an encyclopedic manner, so I'll tag it. Neverender 899 17:30, 5 March 2007 (UTC)

I've removed this section. I noticed it myself as I read through the page and thought the exact same thing. Darryl L James 01:28, 5 April 2007 (UTC)

[edit] It's nonsense

The references to Greek armies throughout do not fit into an encyclopedic format. They are out of place and are not required to understand the article, so they seem unnecessary. I know nothing about Wikipedia or encyclopedic format, or about Trojan horses (computing), but I did notice that these references came off as written by a person, where the format of an encyclopedia article is generally quite mechanical and doesn't include any sort of comments or off-topic references. What I am saying is that these references needn't be made more than once, which is in the initial definition of the article.209.247.22.36 04:08, 20 March 2007 (UTC)

I agree that it is nonsense, many of the definitions are plain wrong (evidently some people need to look up the differences between trojan horses, viruses, worms etc. For example a trojan does not need to be malicious, though the vast majority are) and some sections completely contradict others. —Preceding unsigned comment added by 81.107.18.16 (talk) 19:27, 25 September 2007 (UTC)

[edit] Broad edits with no discussion

I agree that this article is pretty jacked up, however the broad edits that have been attempted are even worse - making it sound like instructions on how to get rid of some virus on a Windows box.

This article should define what a Trojan Horse is. That's it! You don't have to re-hash malware or ancient history, just objectively describe the concept. 76.80.22.42 06:37, 25 April 2007 (UTC)

[edit] Major Trolling

This article has been extremely damaged by trolls, and a revert would be in order if anyone would like to do one. Blademaster313 16:54, 29 May 2007 (UTC)

Did it myself Blademaster313 21:43, 30 May 2007 (UTC)

[edit] Cleanup

I did my best to clean up the distinction between a Trojan and virus. I also removed the following section, as open ports are more of a virus issue. Trojans propagate through user action, not through open ports. --bcrom, 8 June 2007

Computers running their own servers (HTTP, FTP, or SMTP, for example), allowing Windows file sharing, or running programs that provide filesharing capabilities such as Instant Messengers (AOL's AIM, MSN Messenger, etc.) may have vulnerabilities similar to those described above. These programs and services may open a network port giving attackers a means for interacting with these programs from anywhere on the Internet. Vulnerabilities allowing unauthorized remote entry are regularly found in such programs, so they should be avoided or properly secured.

A firewall may be used to limit access to open ports. Firewalls are widely used in practice, and they help to mitigate the problem of remote trojan insertion via open ports, but they are not a totally impenetrable solution, either.

Some modern trojans that come through important looking messages, containing executable files that look similar to system files, for example "Svchost32.exe", resembling 'Svchost.exe'.

---

[edit] Road Apple

I cleaned up the road apple section slightly and made a wikilink to temporary internet files. I also got rid of the second mention to the ancient Greeks. I felt that the first mention did the job of explaining the name of the malware. The second reference was not necessary and seemed awkward. Lenore Schwartz 00:58, 19 August 2007 (UTC)

[edit] Time bombs and logic bombs

I removed the "Time bombs and logic bombs" section because its premise is completely untrue.

"Time bombs" and "logic bombs" are types of Trojan horses.

See logic bomb. This made the other, statement in the section irrelevant:

"Time bombs" activate on particular dates and/or times. "Logic bombs" activate on certain conditions met by the computer.

—One-dimensional Tangent (Talk) 21:09, 29 September 2007 (UTC)

[edit] Nonsense

Deleted much nonsense about Ken Thompson's classic backdoor being a trojan and other such conceptual mistakes. The whole thing still needs thorough cleanup and clarifications, but I have not the time. —Preceding unsigned comment added by 217.156.83.1 (talk) 10:31, 9 November 2007 (UTC)

[edit] Vandalism

Under section "Example" it states " trojan is also a type of condom," this should be removed —Preceding unsigned comment added by 20.132.68.134 (talk) 19:48, 6 December 2007 (UTC)

http://en.wikipedia.org/wiki/Trojan_horse_%28computing%29#Methods_of_deletion The whole section is vandalized! —Preceding unsigned comment added by 217.224.175.49 (talk) 21:12, 21 February 2008 (UTC)

[edit] Perspective of Malicious Intent

Non-malicious Trojan Horse programs are used for managing and forensics.

This statement depends on the author's point of view. Of course the actions of these trojans are also malicious, as most others. It just depends whether you're the forensic detective or the victim. --  J7n (talk) 08:42, 26 May 2008 (UTC)

[edit] Etymology

WTF is this? Etymology would be "oh tro- means this and -jan means that." Origin of the term would be a better headline. Theman98 (talk) 21:52, 28 May 2008 (UTC)