Trojan Horse: A Trojan horse is a malicious program disguised as legitimate software. It relies on social engineering to trick users into executing it.

• Propagation: Requires user interaction (e.g., downloading and running an infected file). It does not self-replicate.
• Objectives: Often used to create backdoors, steal data (passwords, financial information), or provide remote access to the attacker. It can also perform other malicious actions depending on its design.
• Impact: Typically affects individual systems. The damage is usually limited to the compromised machine, although it can be used as a launching point for further attacks.

Worm: A worm is a self-replicating malware program that spreads across networks without requiring user interaction.

• Propagation: Exploits vulnerabilities in operating systems or applications to spread automatically. It can propagate through networks, email, or removable media.
• Objectives: Can cause network congestion by consuming bandwidth, disrupt system operations, steal data, or create backdoors.
• Impact: Can have a widespread impact, affecting multiple systems within a network. Worms can cause significant disruption and data loss.

Key Difference: The primary difference lies in propagation. Trojans require user action, while worms are self-propagating. Trojans rely on deception, while worms exploit vulnerabilities.

Cloud Computing Security Roles:

In a cloud computing environment, security is a shared responsibility between the cloud service provider (CSP) and the data controller. The CSP is responsible for the security of the cloud infrastructure, while the data controller is responsible for the security of the data stored in the cloud and for ensuring compliance with data protection laws.

Cloud Service Provider (CSP) Responsibilities & Measures:

• Infrastructure Security: Maintaining the physical and logical security of the cloud infrastructure (e.g., data centers, networks). Examples: physical security measures, network segmentation, DDoS protection.
• Data Encryption: Providing encryption services to protect data at rest and in transit. Examples: Key management services, encryption algorithms.
• Access Control: Implementing robust access control mechanisms to prevent unauthorised access to the cloud infrastructure and data. Examples: Multi-factor authentication, role-based access control.
• Compliance Certifications: Obtaining and maintaining relevant compliance certifications (e.g., ISO 27001, SOC 2) to demonstrate a commitment to security.

Data Controller (Organisation) Responsibilities & Measures:

• Data Encryption: Encrypting data before uploading it to the cloud. Examples: Using client-side encryption, ensuring encryption keys are securely managed.
• Access Management: Implementing strong access controls to limit access to data stored in the cloud. Examples: Using strong passwords, implementing multi-factor authentication.
• Data Loss Prevention (DLP): Implementing DLP solutions to prevent sensitive data from being inadvertently exposed in the cloud. Examples: Monitoring data transfers, blocking unauthorised file sharing.
• Contractual Agreements: Ensuring that the cloud service agreement clearly outlines the security responsibilities of the CSP and the data controller.
• Data Backup and Recovery: Implementing data backup and recovery procedures to ensure that data can be restored in the event of a disaster.

Signature-based detection relies on a database of known malware signatures. A signature is a unique pattern of code that identifies a specific malware variant. The antivirus software scans files and system memory, comparing their code against the signatures in its database.

• Example: An antivirus program has a signature for a specific virus strain like 'WannaCry'. If the virus's code matches the signature, it's flagged as malicious.
• Advantages: Highly accurate for known malware. Fast and efficient.
• Disadvantages: Ineffective against new or modified malware (zero-day exploits) that don't have a known signature.

Heuristic-based detection analyzes the behaviour of files and programs to identify suspicious activity. It looks for patterns that are commonly associated with malware, even if the malware doesn't have a known signature.

• Example: A program attempts to modify system files or inject code into other processes. This behaviour is flagged as suspicious, even if the program isn't in the signature database.
• Advantages: Can detect new and unknown malware. More effective against polymorphic malware.
• Disadvantages: Higher rate of false positives (legitimate programs are incorrectly flagged as malicious). Can be resource-intensive.