pakman@scrolls.wharton.upenn.edu (David B. Pakman) (06/22/89)
I have heard that someone at the University of Michigan has created a version of Vaccine that is un-defeatable. Has anyone heard about such a utility? I am thinking in terms of public labs where we don't want users disabling the protection of Vaccine or overriding gatekeeper. Any info would be grately appreciated. Thanks, -David Pakman Apple Student Rep University of Pennsylvania ARPA: pakman@scrolls.wharton.upenn.edu AppleLink: ST0338
rubinoff@linc.cis.upenn.edu (Robert Rubinoff) (06/22/89)
In article <12270@netnews.upenn.edu> pakman@scrolls.wharton.upenn.edu (David B. Pakman) writes: >I have heard that someone at the University of Michigan has created >a version of Vaccine that is un-defeatable. Don't believe it. Any protection scheme can be defeated by a sufficiently clever and determined programmer. Now, if what you want is just a version that can't be turned off by the user, that can be done to varying levels of sophistication. All of these ideas can be undone by a determined student, but they'll prevent casual disabling: - change the file type from cdev to INIT, so it won't show up in the control panel. - make the file invisible, so the students can't drag it out of the system folder. - copy the resources into the system file so that there isn't a separate file for the students to remove. I haven't tried any of these, so I don't know if they'll cause problems (although making the file invisible should be harmless), but they're possible options. Whether they'll be any use depends on how resourceful (so to speak) the users are, which you'll have to judge for yourself. And of course nothing will help if people boot off their own floppies. Robert
rmh@apple.com (Rick Holzgrafe) (06/22/89)
In article <12273@netnews.upenn.edu> rubinoff@linc.cis.upenn.edu (Robert Rubinoff) writes: > - make the file invisible, so the students can't drag it out of the > system folder. Recent versions of the OS will not run INITs found in invisible files. ========================================================================== Rick Holzgrafe | {sun,voder,nsc,mtxinu,dual}!apple!rmh Software Engineer | AppleLink HOLZGRAFE1 rmh@apple.com Apple Computer, Inc. | "All opinions expressed are mine, and do 20525 Mariani Ave. MS: 27-O | not necessarily represent those of my Cupertino, CA 95014 | employer, Apple Computer Inc."
mystone@caen.engin.umich.edu (Dean Yu) (06/22/89)
In article <12270@netnews.upenn.edu> pakman@scrolls.wharton.upenn.edu (David B. Pakman) writes: >I have heard that someone at the University of Michigan has created >a version of Vaccine that is un-defeatable. Has anyone heard about >such a utility? I am thinking in terms of public labs where we don't >want users disabling the protection of Vaccine or overriding >gatekeeper. > I should first point out that there are two factions here at the University of Michigan; the Computing Center, which serves the general student population, and CAEN, which serves the Engineering school. The two have little to do with each other; they have different policies, consultants, etc. As a result, we have two modifed versions of Vaccine here at U-M. The CC version has the cdev code totally removed, and the 'Granted' button has been moved outside the visible area of the dialog box, so the user has no choice but to click 'Denied'. This method has some obvious problems, the first being that people who write programs cannot use CC machines, since there is no way to add CODE resources into the application. The second is that the removal of the cdev resource causes problems with Disinfectant, as documented in that program. The CAEN version has its file type changed to INIT, so the cdev will not show up in the Control Panel (which was why CC removed the cdev code), but we did not modifiy the dialog. While this is less secure than CC's version, our version does not have problems with Disinfectant, and people who write programs can add resources to their applications. Note that neither version is "undefeatable". We have just made it harder to turn off Vaccine. A user can still boot off his own floppy which might not have Vaccine on it. The most we can do in this case is to discourage this. CAEN's machines are reloaded each week to keep the chance of an infestation down. _______________________________________________________________________________ Dean Yu | E-mail: mystone@{sol,caen}.engin.umich.edu University of Michigan | Real-mail: Dean Yu Computer Aided Engineering Network | 909 Church St ===================================| Apt C "These are MY opinions." (My | Ann Arbor, MI 48104 employer doesn't want them. |=========================================== Actually, they don't really care | what I think. But President | This space intentionally left blank. Duderstadt does...) | -------------------------------------------------------------------------------
mystone@caen.engin.umich.edu (Dean Yu) (06/22/89)
In article <32604@apple.Apple.COM> jordan@Apple.COM (Jordan Mattson) writes: >Dear Dean - > Good to see you up on the net. Want to tell us about your "killer >Inits"? > > But Jordan, we all know that it was YOUR fault that MobileDialogs crashed! ;) _______________________________________________________________________________ Dean Yu | E-mail: mystone@{sol,caen}.engin.umich.edu University of Michigan | Real-mail: Dean Yu Computer Aided Engineering Network | 909 Church St ===================================| Apt C "These are MY opinions." (My | Ann Arbor, MI 48104 employer doesn't want them. |=========================================== Actually, they don't really care | what I think. But President | This space intentionally left blank. Duderstadt does...) | -------------------------------------------------------------------------------
drc@claris.com (Dennis Cohen) (06/22/89)
In article <12273@netnews.upenn.edu> rubinoff@linc.cis.upenn.edu (Robert Rubinoff) writes: > ... [ leadin as to why you might want to make turning off Vaccine difficult] > > - change the file type from cdev to INIT, so it won't show up in the control >panel. This will (should) work. > - make the file invisible, so the students can't drag it out of the system >folder. This won't work with System 6.0.2. Invisible INITs don't get executed at System Startup. This was a change made due to the characteristics of some of the earlier viruses -- they created invisible INITs that did their dirty work. > - copy the resources into the system file so that there isn't a separate file >for the students to remove. This might or might not work -- it depends upon how Vaccine was written. > >I haven't tried any of these, so I don't know if they'll cause problems >(although making the file invisible should be harmless), but they're possible OOPS ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >options. Whether they'll be any use depends on how resourceful (so to speak) >the users are, which you'll have to judge for yourself. And of course nothing >will help if people boot off their own floppies. -- Dennis Cohen Claris Corp. ------------ Disclaimer: Any opinions expressed above are _MINE_!
jordan@Apple.COM (Jordan Mattson) (06/23/89)
Dear Dean - Good to see you up on the net. Want to tell us about your "killer Inits"? Jordan Mattson UUCP: jordan@apple.apple.com Apple Computer, Inc. CSNET: jordan@apple.CSNET Development Tools Product Management AppleLink: Mattson1 20525 Mariani Avenue, MS 27S Cupertino, CA 95014 408-974-4601 "Joy is the serious business of heaven." C.S. Lewis
henry@chinet.chi.il.us (Henry C. Schmitt) (06/24/89)
Dean -
I'll be sure to send you a copy of the next issue of
Mac/CHICAGO magazine with a picture of me sitting next to my Mac
with my "Kill Dean's INITs" button carefully propped up next to it!
Of course it's all Jordan's fault that I put it there!
:-) :-) :-) :-) :-) :-) ;-) :-) :-) :-) :-) :-) :-)--
H3nry C. Schmitt | CompuServe: 72275,1456 (Rarely)
| GEnie: H.Schmitt (Occasionally)
Royal Inn of Yoruba | UUCP: Henry@chinet.chi.il.us (Best Bet)dcc@ncsuvx.ncsu.edu (Daniel Carr) (06/26/89)
just something to add... i know someone who used resedit to move the "Granted" button out of the dialog's rect, so it was still there, but you couldn't see/click it. this is going a bit to the extreme, but it works. although non-viral resources could complicate things (font da mover would be rendered useless). daniel -- >>>>>>>>>>>>>>>>>>>>>>>> Daniel C. Carr <<<<<<<<<<<<<<<<<<<<<<<< >>>>>>> North Carolina State University Computing Center <<<<<<< dcc@ncsuvx.ncsu.edu daniel@ncsuvm.BITNET d.c.carr, GEnie