chrisj@ut-emx.UUCP (Chris Johnson) (12/16/89)
For those of you who've encountered the message from Gatekeeper Aid: "Gatekeeper Aid found an 'Implied Loader (ADBS)' virus in the file 'Desktop'...." Don't worry about 'ADBS'. It's not a virus in this case. Basically, there's a utility published by Adobe (I can't remember the name), that uses ADBS as its creator code. Unfortunately, 'ADBS' is also a resource type reserved by Apple for storing a certain kind of executable code. Because every file creator code is represented in the Desktop file with a resource of the same type, Gatekeeper Aid believes it has found an executable resource where it shouldn't be and flags it as an Implied Loader virus. In fact it's just a very poorly chosen file creator code. I'm surprised Apple approved it (assuming, of course, that they *did* approve it.) Unfortunately, WDEF showed how extremely important it is to aggressively search for and remove executable resources where they don't belong. So, this isn't a new virus, and it isn't a bug in Gatekeeper Aid - it's an unfortunate coincidence. In the name of making anti-virus systems more effective I think Adobe should simply change the creator code for that application -- they won't even have to recompile their program to make this fix. By the same token, early versions of the FKey Manager have a creator code of 'FKEY' which is removed by Gatekeeper Aid. I'm told that the author long ago changed his creator code to one that isn't reserved as an executable code type. The effects of the removal of these resources from the Desktop file will be minimal as the Adobe utility doesn't create any data files that are meant to be associated with it, and the FKey Manager has been supplanted by newer versions which don't suffer from this problem. I thought a lot of folks might be wondering... ----Chris (Johnson) ----Author of Gatekeeper ----chrisj@emx.utexas.edu P.S. The ResEdit under MultiFinder disk-ejection bug that I documented in the help file actually occurs in any utility that attempts to completely eject a disk (placing it off-line AND unmounting it). I no longer believe there is any problem with ResEdit, so I'm looking in other directions for the explanation of the problem.