lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun Oct 30 14:44:39 2005
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: Re: Microsoft AntiSpyware falling further
	behind 

On Sun, 30 Oct 2005 09:46:48 +1300, Nick FitzGerald said:

> This is a Johnny come lately perversion of the real meaning of Trojan 
> Horse in reference to software.  Trojan Horse, or simply Trojan, 
> software has always meant, and still does to anyone with a vague hint 
> of historical awareness, software that gets installed under the 
> pretense of being something desirable or beneficial but that actually 
> has deliberately (on the part of its designer/developer) undesirable 
> effects that are (at least initially) hidden or not obvious to the 
> intended user(s) of the software.

Which is particularly amusing, given that the Trojan Horse written about by Homer
was quite specifically a 'remote access Trojan' - a very small number of soldiers
were hidden inside to open the gates for the main forces.  If anything, the
use of the term to mean "remote access Trojan" is getting back in line with the
*actual* historical meaning - uses of "Trojan" for non-remote-access back doors
were in fact not strictly historically correct...

You'll also notice that I *did* say:

> and (b) once there, gives the attacker a "back door" into the system, to
> do unspecified things (run commands, launch DDoS attacks, send spam, scan
     ^^^^^^^^^^^^^^^^^^
> for other vulnerable software, upload plugins to extend the Trojan's functionality,
> or whatever).
     ^^^^^^^^

So I *was*, in fact, covering the 0.001% of trojans in use today that aren't
strictly a remote-access variant.  Meanwhile, the *old* name for what Nick
wants to call a 'Trojan Horse' was 'trap door' (see Karger&Schell's 1974 paper
on Multics security - in fact, section 3.4.5.1 of that paper discusses the
theoretical possibility of a 'compiler trap door', subsequently actually
implemented by Ken Thompson as discussed in his 1984  Turing Award Lecture "On
Trusting Trust".

Interestingly enough, Ken calls his implementation a Trojan Horse:

  "Figure 6 shows a simple modification to the compiler that will deliberately
  miscompile source whenever a particular pattern is matched. If this were not
  deliberate, it would be called a compiler "bug." Since it is deliberate, it
  should be called a "Trojan horse.""

Additionally, he goes on:

  "The final step is represented in Figure 7. This simply adds a second Trojan
  horse to the one that already exists. The second pattern is aimed at the C
  compiler. The replacement code is a Stage I self-reproducing program that
  inserts both Trojan horses into the compiler. "

Notice that the second pattern is specifically *not* allowing any remote access,
but propogating the first pattern.  Yet Thompson calls it a Trojan as well.

Forget it, Nick.  You're fighting a battle already lost in 1984. ;)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051030/de46d628/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ