chrisj@ut-emx.UUCP (Chris Johnson) (12/16/89)
For those of you who've encountered the message from Gatekeeper Aid:
"Gatekeeper Aid found an 'Implied Loader (ADBS)' virus in the file
'Desktop'...."
Don't worry about 'ADBS'. It's not a virus in this case. Basically,
there's a utility published by Adobe (I can't remember the name), that
uses ADBS as its creator code. Unfortunately, 'ADBS' is also a resource
type reserved by Apple for storing a certain kind of executable code.
Because every file creator code is represented in the Desktop file with a
resource of the same type, Gatekeeper Aid believes it has found an
executable resource where it shouldn't be and flags it as an Implied Loader
virus.
In fact it's just a very poorly chosen file creator code. I'm surprised
Apple approved it (assuming, of course, that they *did* approve it.)
Unfortunately, WDEF showed how extremely important it is to aggressively
search for and remove executable resources where they don't belong.
So, this isn't a new virus, and it isn't a bug in Gatekeeper Aid - it's
an unfortunate coincidence. In the name of making anti-virus systems more
effective I think Adobe should simply change the creator code for that
application -- they won't even have to recompile their program to make
this fix.
By the same token, early versions of the FKey Manager have a creator code
of 'FKEY' which is removed by Gatekeeper Aid. I'm told that the author
long ago changed his creator code to one that isn't reserved as an executable
code type.
The effects of the removal of these resources from the Desktop file will be
minimal as the Adobe utility doesn't create any data files that are meant
to be associated with it, and the FKey Manager has been supplanted by newer
versions which don't suffer from this problem.
I thought a lot of folks might be wondering...
----Chris (Johnson)
----Author of Gatekeeper
----chrisj@emx.utexas.edu
P.S. The ResEdit under MultiFinder disk-ejection bug that I documented in
the help file actually occurs in any utility that attempts to completely
eject a disk (placing it off-line AND unmounting it). I no longer
believe there is any problem with ResEdit, so I'm looking in other
directions for the explanation of the problem.