Security fundamentals: What are Trojan-Horse programs in the context of computer security?

Introduction / Context:
A Trojan horse is a classic category of malware that masquerades as a useful or legitimate program while secretly performing malicious actions. Understanding how Trojans work helps users avoid social-engineering traps and administrators harden systems.

Given Data / Assumptions:

• The program appears legitimate or desirable to the user.
• Hidden payload executes without the user’s informed consent.
• Goal can include creating backdoors, data theft, or privilege escalation.

Concept / Approach:

The defining feature of a Trojan is deception: it gets installed and run because it looks benign (e.g., a utility, game, or installer). Once executed, it may install backdoors, change security settings, or open command-and-control channels, thereby allowing unauthorized access or control.

Step-by-Step Solution:

Verification / Alternative check:

Security glossaries define Trojans as deceptive software delivering a hidden payload; antivirus vendors categorize them distinctly from worms (self-replicating) and viruses (code-injecting into other files).

Why Other Options Are Wrong:

• Do not usually work: untrue; many Trojans are effective precisely because they work.
• Hidden programs that do not show up: partial and vague; Trojans can show as normal apps.
• Immediately discovered: incorrect; Trojans aim to evade detection.

Common Pitfalls:

Confusing Trojans with viruses or worms; assuming code must be invisible to qualify as a Trojan; ignoring that user consent is manipulated via deception.

Final Answer:

are legitimate programs that allow unauthorized access