More than a few IT people have thoroughly confused non-techie folks when explaining the nuances between viruses, worms and Trojan horses.
For the general public, "virus" has become a catchall term for any unwanted program that spreads from computer-to-computer. Even the media has gotten in on the act. In September, CNN repeatedly referred to the "Bugbear virus" though it's technically a worm.
Recently SearchSecurity.com asked subscribers about the use of "virus" as a catchall phrase for viruses, worms and Trojan horses. More than 25 people shared their thoughts and more than 100 voted in an online poll.
Most said virus was OK as a general term for a general audience. "Talk to some business people and the correctly 'precise' term causes confusion," said Martin Hawkins, global technology security manager at Clifford Chance Limited Liability Partnership. "They don't care whether it's a virus or a worm and probably think that a worm lives in the garden anyway."
A recent SearchSecurity.com poll asked members what they thought of the question of virus as a catchall term. About 44% of respondents said people know what you mean when you say virus. Yet 31% rejected the usage citing the distinct technical differences between worms and Trojans.
Twenty percent said "malicious code" was the phrase to use. About 5% said "malware" was the way to go.
While malicious code seems to be winning out, neither term has filtered down to the general
As the poll implies, there are two kinds of people out there. The first camp believes technical (and linguistic) precision should be paramount. Few would deny there is a difference between a virus and worm. Just because the general public uses virus incorrectly, doesn't mean technical people should follow suit.
The other group of people is a little less strict. To them, virus has a broader definition. Though it may not be the most technically precise, it conveys the right message.
Explaining the subtle differences between worms and viruses would probably not mean much to most non-technical people. All they need to know is such things should be avoided. "To my users, rural Kentuckians, worms are not scary in any way and I probably can't convince them otherwise. Worms equal fishing," said Thomas Carter, a network administrator at a large plastic company in the Midwest.
There are alternatives to virus or malware or malicious code.
Jerry Berkowitz, director of marketing for West Palm Beach, Fla.-based Securit-e-Doc, Inc., suggests "pernicious code."
"I agree, we need a term that covers the full gamut of malicious code," said Michael Buckley, IT project leader at Eufaula, Ala.-based Cooper Lighting. "How about VEXware or VEXcode?"
Others wouldn't stop at calling worms and Trojan horses viruses. They would expand the definition to include pop-up ads, spam and even faulty device drivers.
"I think that any form of code that an individual or group compiles that has an adverse or undesirable effect on a user's system and was consciously designed to produce that effect should be considered, first, as a virus," said Rich Davidson, who owns a small VAR/Integration business in Medford, Ore. "Code designed out of stupidity or poor testing should be classified as malware, or 'badware', or maybe 'stupidware.' "
On the other hand, using a word to describe what a virus is may be misguided. Instead of referring to viruses, perhaps focusing on what they do would be better, said Nick Whyte, a software developer with 25 years experience, who works at a major software firm.
"The perspective change is instead of focusing on the mechanism of attack, focus on the consequences to the user and the way a user must respond," Whyte said. "From a user perspective, something has infected their system and they need to 'treat' their system in order to remove the infection."
In a similar vein, Terry Bainter, who works for a major health care system, suggests "electronic vandalism" as an alternative to virus. "It provides a reference to which they can easily relate and draw parallels," Bainter said.