jln@accuvax.nwu.edu (John Norstad) (11/29/89)
Disinfectant 1.3 Announcement ============================= November 29, 1989 Disinfectant 1.3 is a new release of the free Macintosh virus detection and repair utility. Version 1.3 recognizes the new "Jude" virus recently discovered at several universities in Switzerland. "Jude" is yet another simple clone of the nVIR B virus. The name was changed from "nVIR" to "Jude," but otherwise the two viruses are identical. Version 1.3 also deals with an important conflict between the Scores virus and Apple's system software 6.0.4 release. When Scores infects a 6.0.4 System file, it damages it in such a way that it cannot be repaired properly. When Disinfectant repairs such a System file, it deletes all traces of the virus, but the System file is still damaged and should not be used. Version 1.3 has a special check for this situation and issues an error message informing the user of the problem. (Symantec's SAM Virus Clinic 1.10 and HJC's Virex 2.12 have the same problem as Disinfectant 1.2 - they leave the System file damaged, and they do not issue any warning or error messages). People who have experienced Scores infections on 6.0.4 systems should be aware of this problem. They should replace their System file by a clean copy from an original Apple release disk, and then reinstall their fonts and desk accessories. Version 1.3 also fixes incompatibilites between Disinfectant and the Flex screen saver and the DaynaFile product. We recommend that all users upgrade to the new version 1.3. Internet users can obtain Disinfectant 1.3 via anonymous FTP from site acns.nwu.edu (129.105.49.1). It will also be available soon from most good user groups, bulletin boards, CompuServe, Genie, and other commercial online services, Internet archive sites, and comp.binaries.mac. The clone problem is serious. We are working on a new version of Disinfectant (version 2.0) which will automatically detect and repair simple clones like the many nVIR B clones that have appeared (Hpat, AIDS, MEV#, nFLU, and Jude). The new version should even be able to handle cases of multiple virus infections involving mixtures of clones and known viruses. In the future we will not have to release a new version for each new clone. We have tested several other virus fighting tools against the new Jude virus, with the following interesting results: Apple's Virus Rx 1.5 and Jeff Shulman's Virus Detective 3.1 both properly detect the virus, but they are not able to repair infected files. (Virus Rx and Virus Detective are detection-only tools, and they both have excellent clone detection capabilities. They do not attempt to repair infected files). CE Software's Vaccine 1.0.1 properly blocks attempts by Jude to infect a clean system. The system bombs or hangs when the attack is attempted, and the system is not infected. Chris Johnson's GateKeeper 1.1.1 partially blocks attempts by Jude to infect a clean system. The system file is partially infected, but not contagious. Symantec's SAM Virus Clinic 1.10 does not properly detect or repair infected files. Symantec's SAM Intercept 1.10 detects attempts by Jude to infect a clean system in standard, advanced, and custom protection modes, but not in basic protection mode. The auto-floppy scan option does not detect infected files. HJC's Virex 2.12 does not properly detect or repair infected application files. It issues a warning message for infected system files, and partially repairs them. The resulting repaired system file is partially infected, but not contagious. HJC's Virex INIT 1.12 properly detects attempts by Jude to infect a clean system. The auto-floppy scan option properly detects infected files. John Norstad Academic Computing and Network Services Northwestern University 2129 Sheridan Road Evanston, IL 60208 Internet: jln@acns.nwu.edu Bitnet: jln@nuacc CompuServe: 76666,573 AppleLink: A0173