Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: [Full-disclosure] Re: Help put a stop to incompetent computerforensics
From: Nick FitzGerald (nickvirus-l.demon.co.uk)
Date: Thu Aug 11 2005 - 23:37:37 CDT
Jason Coombs to J.A. Terranson:
> > The simple fact of the matter is that
> > "what matters" *IS* the definition,
> > and you full well know it. What
> > happened here is you slipped and
> > fell, and rather than admitting it
> > you're crying foul - shame on you!
> I didn't disagree that the broader definition of Trojan was
> completely unknown to me. How did I miss it? Was it me who slipped
> and fell, because I was being careless, or is there more to the
> story... This was and is a good question.
It may seem like a "good question" to you, but to anyone who has been
around for more than a couple of years, it is an utterly dull question
with a terribly obvious answer...
> In my entire life I have not encountered a real-world use of the
> term Trojan where the software at issue did not grant remote access
> to an attacker after the Trojan infection occurred.
Then you simply have not been around long enough _for your opinion to
As others have already explained, there was a time when "Trojan" was
used but could not mean or imply "allows unauthorized access" because
the vast bulk of machines that could be victims to the (common) Trojan
Horse programs of those days were not (and, generally COULD NOT BE)
networked. Look up "the dirty dozen list" -- I'm sure you'll find a
few old copies of it archived around the net. It was jam-packed full
of things that claimed to be the newest, or cracked-so-no-registration-
required-yet-full-function, versions of all manner of (then) popular
software, and otherwise useful-sounding gizmos, but which are described
in the DD list in terms of "formats your hard drive" and similar data-
> Now we use other terms like spyware to classify what I have recently
> learned used to be called Trojans.
No. Simple data-trashing Trojans are not spyware and still exist.
Even more controversially, it can be argued that a great deal of so-
called "spyware" does not and never did meet the classic definition of
"Trojan Horse program" (that's not to say that all spyware is not
Trojanic, but there is certainly some that is not). Much as I am not
an apologist for the great swathes of scumware that fall into this
category, but there is clearly some "spyware" that does not hide its
"true" purpose. True, most "typical users" are far too lazy and stupid
to read the full documentation and EULA of most software they ever
install, and just click the OK/Next/etc buttons, BUT abject laziness on
the part of end-users does not turn "honest spyware" into a trojan any
more than your laziness and lack of historical knowledge makes "Trojan"
a term that necessarily means something like "software that allows
unauthorized access to the host computer"....
> My conclusion is that I slipped and fell because the definition has
> changed and computer dictionaries haven't caught up yet.
No, the definition never changed, at least not amongst "computer
Vulgar, common usage may have changed, in that, vulgar, common users
started using the term "Trojan" to describe some or class(es) of
software where they previously used no special words or terms for those
classes of software, but that does not mean the that technical meaning
of the term, as used by astute comp-sec professionals changed at all.
You seem to love looking tyhings up in dictionaries (or at least,
quoting the ones you looked up that provide a definition that matches
your personally warped and weirdly biased view of this issue, but you
have missed a VERY IMPORTANT point about words and dictionaries. Words
often have multiple meanings (or shades and connotations of related
meanings) _at the same point in history_ but among different groups and
specialities. If you look at all closely, you will find "common words"
listed in dictionaries with "odd" meanings attributed to them, BUT
these will be noted as "Engr.", or "Astr." or "Med.", etc, etc. That
simply means that that "odd", possibly highly specialized meaning is
peculiarly used, if not limited to, Engineers, or Astronomers or
members of the medical profession, etc, etc.
Bearing that in mind, as this is a list (presumably) mainly of interest
to "computer security professionals", please don't consider it odd or
unusual of us to use "our own special words and terms" in their own
special way here. As it is now apparent that you did not know the comp-
sec meaning of "Trojan", please now just shut the f*ck up and sit
quietly down the back until you have learned enough to participate like
a grown up comp-sec person...
> We're all familiar with, and have experienced, the broadening of the
> meaning of familiar terminology. However, the narrowing of the
> meaning of familiar terminology can and does also occur. I conclude,
> and it is my opinion, that just such a narrowing has occurred and is
> occurring with respect to Trojan as the term is applied and used in
Such narrowing is not occurring in informed, technical comp-sec
circles. You are simply dragging a "popular street use" into a
technical forum and trying to justify your laziness and lack of
appropriate technical grounding. If you really did not ever strike the
real technical comp-sec meaning of "Trojan" until now, you should take
that up with your educators, as they obviously were in the vast
minority and have short-changed you in this regard (and, one has to be
left wondering, probably in many others!)..
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/