Full Disclosure mailing list archives
Re: Re: Help put a stop to incompetent computerforensics
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Fri, 12 Aug 2005 16:37:37 +1200
Jason Coombs to J.A. Terranson:
The simple fact of the matter is that "what matters" *IS* the definition, and you full well know it. What happened here is you slipped and fell, and rather than admitting it you're crying foul - shame on you!I didn't disagree that the broader definition of Trojan was completely unknown to me. How did I miss it? Was it me who slipped and fell, because I was being careless, or is there more to the story... This was and is a good question.
It may seem like a "good question" to you, but to anyone who has been around for more than a couple of years, it is an utterly dull question with a terribly obvious answer...
In my entire life I have not encountered a real-world use of the term Trojan where the software at issue did not grant remote access to an attacker after the Trojan infection occurred.
Then you simply have not been around long enough _for your opinion to matter_. As others have already explained, there was a time when "Trojan" was used but could not mean or imply "allows unauthorized access" because the vast bulk of machines that could be victims to the (common) Trojan Horse programs of those days were not (and, generally COULD NOT BE) networked. Look up "the dirty dozen list" -- I'm sure you'll find a few old copies of it archived around the net. It was jam-packed full of things that claimed to be the newest, or cracked-so-no-registration- required-yet-full-function, versions of all manner of (then) popular software, and otherwise useful-sounding gizmos, but which are described in the DD list in terms of "formats your hard drive" and similar data- destruction payloads.
Now we use other terms like spyware to classify what I have recently learned used to be called Trojans.
No. Simple data-trashing Trojans are not spyware and still exist. Even more controversially, it can be argued that a great deal of so- called "spyware" does not and never did meet the classic definition of "Trojan Horse program" (that's not to say that all spyware is not Trojanic, but there is certainly some that is not). Much as I am not an apologist for the great swathes of scumware that fall into this category, but there is clearly some "spyware" that does not hide its "true" purpose. True, most "typical users" are far too lazy and stupid to read the full documentation and EULA of most software they ever install, and just click the OK/Next/etc buttons, BUT abject laziness on the part of end-users does not turn "honest spyware" into a trojan any more than your laziness and lack of historical knowledge makes "Trojan" a term that necessarily means something like "software that allows unauthorized access to the host computer"....
My conclusion is that I slipped and fell because the definition has changed and computer dictionaries haven't caught up yet.
No, the definition never changed, at least not amongst "computer security professionals". Vulgar, common usage may have changed, in that, vulgar, common users started using the term "Trojan" to describe some or class(es) of software where they previously used no special words or terms for those classes of software, but that does not mean the that technical meaning of the term, as used by astute comp-sec professionals changed at all. You seem to love looking tyhings up in dictionaries (or at least, quoting the ones you looked up that provide a definition that matches your personally warped and weirdly biased view of this issue, but you have missed a VERY IMPORTANT point about words and dictionaries. Words often have multiple meanings (or shades and connotations of related meanings) _at the same point in history_ but among different groups and specialities. If you look at all closely, you will find "common words" listed in dictionaries with "odd" meanings attributed to them, BUT these will be noted as "Engr.", or "Astr." or "Med.", etc, etc. That simply means that that "odd", possibly highly specialized meaning is peculiarly used, if not limited to, Engineers, or Astronomers or members of the medical profession, etc, etc. Bearing that in mind, as this is a list (presumably) mainly of interest to "computer security professionals", please don't consider it odd or unusual of us to use "our own special words and terms" in their own special way here. As it is now apparent that you did not know the comp- sec meaning of "Trojan", please now just shut the f*ck up and sit quietly down the back until you have learned enough to participate like a grown up comp-sec person... <<snip drivel>>
We're all familiar with, and have experienced, the broadening of the meaning of familiar terminology. However, the narrowing of the meaning of familiar terminology can and does also occur. I conclude, and it is my opinion, that just such a narrowing has occurred and is occurring with respect to Trojan as the term is applied and used in computing.
Such narrowing is not occurring in informed, technical comp-sec circles. You are simply dragging a "popular street use" into a technical forum and trying to justify your laziness and lack of appropriate technical grounding. If you really did not ever strike the real technical comp-sec meaning of "Trojan" until now, you should take that up with your educators, as they obviously were in the vast minority and have short-changed you in this regard (and, one has to be left wondering, probably in many others!).. Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Re: Help put a stop to incompetent computerforensics Jason Coombs (Aug 10)
- Re: Re: Help put a stop to incompetent computerforensics ASB (Aug 11)
- Re: Re: Help put a stop to incompetent computerforensics Brian Anderson (Aug 11)
- Re: Re: Help put a stop to incompetent computerforensics J.A. Terranson (Aug 11)
- <Possible follow-ups>
- Re: Re: Help put a stop to incompetent computerforensics Jason Coombs (Aug 11)
- Re: Re: Help put a stop to incompetent computerforensics Valdis . Kletnieks (Aug 11)
- Re: Re: Help put a stop to incompetent computerforensics Erik Kamerling (Aug 11)
- Re: Re: Help put a stop to incompetent computerforensics Nick FitzGerald (Aug 11)
- Re: Re: Help put a stop to incompetent computerforensics Jason Coombs (Aug 12)
- Re: Re: Help put a stop to incompetent computerforensics Steve Friedl (Aug 12)
- [OT] (was Re: Re: Help put a stop to incompetent computerforensics) J.A. Terranson (Aug 12)
- Re: Re: Help put a stop to incompetent computerforensics Steve Friedl (Aug 12)