Identd is not a virus!

I have just been told that Norton Antivirus detects my program as a backdoor trojan virus. I do not have this program, however I can understand why it may be falsely detecting this.

There are at least two programs floating around on the internet, called Netbus and Back Orifice, and there are probably more. Once one of these programs is running on your computer, it will listen for instructions from the internet, and behave accordingly.

A cracker who wants to break into a computer would try to get one of these trojans running on that computer, and would then have complete control over it, remotely, over the internet.

When one of these programs is running, it must listen on a port on your computer for incoming connections from the internet. It seems that Norton Antivirus is detecting when this happens. This is normally a good thing.

However, there are also legitimate reasons for a program to listen for incoming connections. Any type of server would need to do this - for example, a web server or an email server, or even (surprise!) an ident server.

There are two main protocols with which such a connection is established, TCP and UDP. Each service listens on a port number for such services. For example, a web server listens on TCP port 80, and a mail server on TCP port 25. If you have a UNIX or UNIX-like system, you can see a list of the most common services in the file /etc/services. The ident server listens on TCP port 113.

For a normal client computer, it is not usually the case that any of these server programs would be running; except for identd - this is probably why Norton Antivirus is catching it. Unfortunately, I don't know what can be done about this problem.

Valid HTML 4.01! Sourceforge