Virus vs. Worm: What's The Difference?

Understanding the difference will help you protect yourself

Do you know the difference between a virus and a worm? Before you can protect yourself from these forms of malware, it's important to know the difference. Both viruses and worms are a form of malware. Malware is a term used for all types of software that infects and adversely affects computer systems. A worm is a type of virus, but it behaves differently than a standard virus.

Virus vs Worm

What is a Computer Virus?

What It Can Do
  • Run from a link, email, or malicious application.

  • Access and manipulate the key workings of a computer.

  • Collect information and send it back to a hacker.

What It Can't Do
  • Infect your computer without your action.

  • Automatically infect a computer over a network.

The main difference between a standard virus and a computer worm is how the software replicates to additional computers.

A computer virus is an application that needs to be downloaded or transferred to the host computer before the infection can take place. Usually, this requires executing the program before the infection can happen.

The most common source of computer viruses like this include:

  • Clicking an email attachment, downloading the file, and opening it.
  • Downloading and running files from a malicious web page or FTP link.
  • Running a file received in a random IM from a stranger.
  • Streaming and opening files from a peer-to-peer tool like Torrent.
  • Clicking a malicious social media ad and downloading a host file.

In all these cases, the infection only occurs when you open the file. This makes standard viruses less dangerous than a computer worm.

What Is a Computer Worm?

What It Can Do
  • Spread automatically across a computer network.

  • Run malicious code on a computer to modify it.

  • Send information to a hacker or other infected computers.

What It Can't Do
  • Get through properly secured network shares.

  • Beat a well-configured firewall.

  • Spread without a network connection.

A computer worm is especially dangerous because it doesn't require any action from the user to infect a system.

A computer worm is an application that accesses a computer over a network. That network could be an internal corporate network or the internet. It doesn't require the user to download or open any host application.

The most common method computer worms use to infect computers include:

  • Connecting to a network that has an infected computer with a computer that has minimum security settings.
  • Sharing a drive or folder to a network or the internet without security permissions.
  • Connecting to a peer-to-peer network with P2P software that doesn't have appropriate security protection.
  • Connecting to any network with a computer that isn't properly updated with the latest security patches.

A computer worm typically takes advantage of computers on a network that run outdated operating systems, antivirus software that hasn't been updated, or have open ports or network protocols (like SMB network shares) that are unpatched.

The source of worm infections is other computers on the internet or a network. Worms constantly scan all devices connected to a network to identify a vulnerable system. It then invades the system using the following steps:

  1. It accesses the drive or folder that lacks security protections.
  2. It installs a backdoor code, usually inside the system folder, where a user will have difficulty locating it.
  3. The backdoor code downloads the rest of the worm code and executes it on the system.

A computer worm can sometimes run in the background on a computer without the user ever realizing it's there. Such computers are called bots since these are like robots that do the bidding of remote hackers.

Both viruses and worms are extremely dangerous. At best, both can destroy computer performance. At worst, they can spy on your computer activities, capture images from your webcam, turn your computer into a relay for spammers to send spam emails, or destroy system files and make your computer unusable.

How to Protect Yourself From a Virus or Worm

Protecting yourself from a standard virus is easier than preventing a computer worm infection.

Most importantly, follow all guidelines for safe computing. This means not clicking attachments in emails, not downloading free software from unknown sources, and not using peer-to-peer file-sharing networks.

The following steps will protect you from both viruses and worms.

  1. If you aren't running antivirus software, there are several high-quality free antivirus programs. Install one, make sure the virus definitions are updated, and run a full system scan. If you have a virus or a worm, this identifies it and removes it from your system.

  2. Removing the virus is important, but keeping new viruses from infecting your system is just as important. Go to the settings of your antivirus software, then make sure that all security protections that are available in the free version are enabled.

  3. The primary method that computer worms use to infect computers is through open ports. Run a port scan tool on your computer to identify any open ports. DNSTools offers an online scanner that runs on your computer to check for open ports. If you find any open ports and don't have software that needs those ports open, close the ports to protect your system.

  4. To close individual ports:

    1. Select the Start menu, type Windows Firewall, and select Windows Defender Firewall.
    2. Select Advanced Settings from the left menu, then select New Rule on the Advanced Security window.
    3. In the Rule Wizard, select Port, then select Ports and type the port number in the Specific local ports field.
    4. Select Next, then select Block the connection.
    5. Complete the Wizard to close that port.
  5. Another security vulnerability that can let computer worms get into a home network from the internet is when port forwarding is enabled in the router. To check this, log into your home router as an administrator. Port forwarding is usually under the Advanced menu. If port forwarding is enabled, disable it unless it's necessary for software on your network to work.

The only protection from a computer worm is blocking it from accessing your network in the first place. And if you connect to a public network, your only protection from other infected computers is running good security software and enabling Windows firewall so that no computer work can make its way onto your system.