Re: Re: Help put a stop to incompetent computer forensics

[Jason Coombs <jasonc () science org>]

Thierry Zoller wrote:
> JC> Because Trojan horses often have
> JC> these harmful functions, there often arises the misunderstanding that
>     ^^^^^                                           ^^^^^^^^^^^^^^^^
> JC> such functions define a Trojan Horse.
>
> Please read what you just posted, it directly contradicts what
> that wikipedia author wrote 2 lines above that. That wikipedia
> article can be trashed.

It is not a misunderstanding. The definition of Trojan has very clearly 
been relegated to the malware that forces open a means of unauthorized 
or hidden access or remote control, i.e. a backdoor. I understand your 
point that Trojan had a broader definition in the past, but that is in 
the past. Archaic. The Wikipedia entry is instructive to illustrate that 
there is so often a "misunderstanding" in present usage that the older 
definition is no longer correct.

We won't succeed in attempts to convince millions of people that a 
Trojan Horse is also a gift that contains a nuclear bomb inside that 
will nuke your house after you accept it. That's not a Trojan, that's a 
bomb, even if it is a Greek wooden horse. It just doesn't matter that in 
the past the industry had not yet come to realize that it needed a 
different term for spyware. We have it now, so there's no looking back.

Thanks for helping me understand your viewpoint. I've never met anyone 
who thinks of a Trojan the way that you do, and the common usage even by 
infosec industry professionals clouded my brain so badly that at no time 
did I perceive the classic definitions you and others have cited to 
imply anything other than the context in which the term is used today. 
The bad acts that the Trojan performs, in my mind, must be in connection 
with some attempt to give the Trojan author further, future access to 
systems or to the data they contain.

I'm not saying that you're wrong. I'm saying you have far too much 
experience and expertise, and all that knowledge is causing you to fail 
to see the forest for the trees. Common people's common sense has 
changed the definition of Trojan, pure and simple.

Nobody today would avoid using the term spyware just because the term 
Trojan was the way in which that malware would have been labeled in the 
past. As I said, everyone I know understands what a Trojan is, and their 
understanding is not what you suggest it should be.

Sincerely,

Jason Coombs
jasonc () science org
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/