Most press reports concerning software security problems these days concern several categories of malware: worms, viruses and Trojan horses.

The worm is a signal that comes to your computer most likely thru the Internet. Standard Unix and Windows configurations have many different programs listening on diverse standard port numbers ready to interpret messages in some protocol depending on the port number. These programs are called “deamons” in the case of Unix. Most deamons were originally written without attention to the possibility of incoming hostilely crafted messages. Hostile malformed messages trick the deamon into executing a portion of the message as code. This is usually via buffer overrun. This code is malicious and runs with the daemon’s authority. It may among other mischief propagate the messages to other computers.

The virus, as it has come to be known, arrives in a message to the computer in the form of e-mail or response to a web request. If the message is in the form that includes a program, which is a frequently useful pattern, the user of contemporary systems has little alternative but either launch the program with his total authority or to discard the program. Neither alternative is practical.

The Trojan horse is a program explicitly invited by the user with expectation that it will do some known useful function. It probably does this function but has additional agenda unknown to the user. Spyware and adware often come in this form. A license may come with the Trojan horse which spells out the extra function but the license is seldom read.

A capability based platform mostly solves these problems by limiting programs to the authority they need to do their legitimate jobs. The worm is typically (mis-)obeyed by some program that needs little authority to do its job. Classic OSes run most such gullible programs with infinite authority which the worm then abuses.

In the case of the virus the user may grant to the new program whatever authority is deemed necessary for the presumed task of that program. Such authority is unlikely to include the ability to erase the disk.

The Trojan horse may abuse the authority it needs for its advertised task. This can be greatly limited by making authority narrow.

The main difference between the worm and the rest is that the work spreads exponentially without human actions in the loop. Some worms have done great damage within 10 minutes of release. The virus comes unbidden to the computer with an enticement to run the program, which may not be viewed as a program by the recipient. The Trojan horse is an application that the user selected with misplaced trust that it would behave.