ken@matr-a.UUCP (Ken Farnen) (04/24/88)
I have just read a short piece in a UK computer paper about viruses in general. There was what ammounted to a 'throwaway' comment that the Mac community was heavily infected by the 'Stuff It' virus. This is a trifle worrying! We quite like StuffIt, and since the net is in the process of standardising on it, we can't get away from it. I was also about ready to authorise it to be included in the shareware archives we keep. OK, I know that the free rags are not the most accurate of sources, but I feel I must ask: IS STUFFIT A TROJAN HORSE ????????? If not, does anyone know how such a misunderstanding could arise ? - - - - - - - - - - Matrix Software Development | Ken Farnen. UUCP:..!mcvax!ukc!matr-a!ken * Unix Software Solutions * |flames and complaints to| VOX: +44 51 708 7978 *Apple Registered Mac Developers|my boss, ken@matr-a :-) | BBS: +44 51 737 1882
macak@lakesys.UUCP (Jim Macak) (04/26/88)
In article <350@matr-a.UUCP> ken@matr-a.UUCP (Ken Farnen) writes: >I have just read a short piece in a UK computer paper about viruses in general. > >There was what ammounted to a 'throwaway' comment that the Mac community was >heavily infected by the 'Stuff It' virus. > >This is a trifle worrying! We quite like StuffIt, and since the net is in >the process of standardising on it, we can't get away from it. I was also >about ready to authorise it to be included in the shareware archives we keep. > >OK, I know that the free rags are not the most accurate of sources, but I >feel I must ask: > >IS STUFFIT A TROJAN HORSE ????????? > >If not, does anyone know how such a misunderstanding could arise ? I think that we have to remember that our friendly viruses can often attack and attach themselves to several different types of Macintosh files, including System files and applications. So if someone uses a previously uninfected application on a Mac that has been infected with a virus, that application could become infected itself. Now, suppose the user takes that newly infected application and gives it to a friend, or uploads it to a BBS. Now the application carries the virus to whichever Mac it is used on. And so it spreads from Mac to Mac. This is the way many viruses are intended to work. They infect "innocent" applications and use them as carriers, to further spread the virus. Singling out a certain program as a "Trojan Horse" just because a copy of it was infected in this manner is completely unfair and can do unreasonable harm to the reputation of that program. We have to be careful to make a distinction between programs that have been innocently infected and those that were infected on purpose by the virus author in order to distribute the virus. In the former case, only a few copies of the application will be infected, and the problem will often be related to the distribution of that originally infected copy. In the latter case, _every_ copy of the application will be infected, universally. Unfortunately, this distinction is likely a very difficult one to make for the isolated user. That's something we can use the nets for. Jim -- >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< Jim --> macak@lakesys.UUCP (Jim Macak) {Standard disclaimer, nothin' fancy!} >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
kmw@ardent.UUCP (Ken Wallich) (04/27/88)
In article <350@matr-a.UUCP> ken@matr-a.UUCP (Ken Farnen) writes: >I have just read a short piece in a UK computer paper about viruses in general. > >There was what ammounted to a 'throwaway' comment that the Mac community was >heavily infected by the 'Stuff It' virus. > >If not, does anyone know how such a misunderstanding could arise ? > no, No, NO! Stuffit is nothing resembling a virus. Geesh, some idiot who writes (ha!) for a *UK* computer rag says something stupid, and folks get worried. Now uniformed folks are gonna think whenever their machine does something strange that it must have been that "stuffit virus" again. Stuffif is a great utility and does lots of great things. Let's not go dragging it's name through the mud. Some people are just too paranoid for their own good (like me :-). ---- Ken Wallich *If anyone wants my opinions, they can have them* Consultant kmw@ardent DCI hplabs!ardent!kmw
richard@claris.UUCP (Richard Scorer) (04/27/88)
In article <355@ardent.UUCP> kmw@ardent.UUCP (Ken Wallich) writes: |In article <350@matr-a.UUCP> ken@matr-a.UUCP (Ken Farnen) writes: |>I have just read a short piece in a UK computer paper about viruses in general. | |no, No, NO! Stuffit is nothing resembling a virus. Geesh, some idiot YES YES YES - it did have a virus. |who writes (ha!) for a *UK* computer rag says something stupid, and folks ^^^^^ ? |get worried. Now uniformed folks are gonna think whenever their machine ^ What, only Army, Navy and Marines ?? :-> |does something strange that it must have been that "stuffit virus" again. | |Stuffif is a great utility and does lots of great things. Let's not |go dragging it's name through the mud. | |Some people are just too paranoid for their own good (like me :-). | | |---- | |Ken Wallich *If anyone wants my opinions, they can have them* * No thanks * |Consultant kmw@ardent |DCI hplabs!ardent!kmw Yes,yes,yes... StuffIt version 1.2 was contaminated for a short period of time. However, version 1.40A is out now, and does not have the virus in it. Raymond corrected the problem almost immediately. The problem with stories like these, is that no-one actually knows what started the virus. Apparently some numbskull in Texas posted the virused copy of Stuffit. So, Ken - you're wrong. Whoever wrote this piece is obviously not as moronic as you seem to think he is. Just 'cos he writes in the UK doesn't mean he doesn't know what's happening - he knows more than you, for example... FLAMEs to /dev/null. Thanks -- Richard Scorer * UUCP: {ames,apple,portal,sun,voder}!claris!richard Claris Corporation * AppleLink: Scorer1 * CompuServe: 74017,344
rs4u+@andrew.cmu.edu (Richard Siegel) (04/27/88)
\begindata{text, 269533040}
\textdsversion{12}
\template{scribe}
\bold{\quotation{
Excerpts from: 26-Apr-88 Re: StuffIt a Virus ? Jim Macak@lakesys.UUCP (2425)}}
\quotation{We have to be careful to make a distinction between programs that
have been}
\quotation{innocently infected and those that were infected on purpose by the
virus}
\quotation{author in order to distribute the virus.}
Not only must we make the distinction between programs that are accidentally
infected and those that were purposely "inoculated", it is also highly
important that we make the distinction between hardware/software problems such
as incompatibilities and virus behavior.
I've seen recently (both in these newsgroups and at CMU) cases where
something doesn't work correctly, and the first conclusion is "Oh my God, it's
a VIRUS!!!" In the case at CMU, someone was trying to use a very old version
of AutoBlack (the screen darkener that called itself "Macsbug" to install
itself) on a Macintosh II. It crashed at startup, so the user assumed he had a
virus of some sort.
Another example I saw just yesterday: two friends were trying to install
SteppingOut on a Mac, and it kept crashing on boot. One of them concluded that
"it's a high possibility that the machine is infected". AS it turned out,
there were lots of INITs, and one of them was accidentally getting installed
twice, and that's what was crashing the system. Not a virus.
Being careful to watch for virus infections is one thing. Every piece of new
software that you download from a service must be carefully checked. Use
Vaccine or whatever. (I don't use it because I keep my system safe and I
prefer to have as few things mucking with my computer as possible.)
Being paranoid and assuming that every little quirk MUST BE A VIRUS!!! is
quite another.
-Rich
\enddata{text,269533040}isle@eleazar.Dartmouth.EDU (Ken Hancock) (04/28/88)
In article <350@matr-a.UUCP> ken@matr-a.UUCP (Ken Farnen) writes: >I have just read a short piece in a UK computer paper about viruses in general. > >There was what ammounted to a 'throwaway' comment that the Mac community was >heavily infected by the 'Stuff It' virus. > >This is a trifle worrying! We quite like StuffIt, and since the net is in >the process of standardising on it, we can't get away from it. I was also >about ready to authorise it to be included in the shareware archives we keep. > >OK, I know that the free rags are not the most accurate of sources, but I >feel I must ask: > >IS STUFFIT A TROJAN HORSE ????????? > >If not, does anyone know how such a misunderstanding could arise ? 1. StuffIt is NOT a trojan horse. 2. Misunderstandings arrise because people pass on incomplete information and other people spread it. 3. People are getting a trifle paranoid about viruses in general. Every time someone gets a bomb nowadays, their first reaction is "Oh my! I must have a virus!" As for the virus in StuffIt comment, there was a copy of StuffIt found in Texas with a virus attached to it. How did it get there? Probably someone downloaded StuffIt from somewhere, ran it on their hard disk which was infected by some virus, and then uploaded it to another bulletin board in the area. Then others downloaded it, etc. etc. You get the idea. Raymond Lau has written a wonderful program and I hate to see it get cut appart by all this paranoia over viruses. True enough, viruses exist, but let's put it in perspective -- it's easier to catch a little cold then to come across a computer virus. So, for the moment, take a couple aspirins and call me in the morning... Ken -- Ken Hancock | UUCP: isle@eleazar.dartmouth.edu Personal Computing Ctr. Consultant | BITNET: isle@eleazar.dartmouth.edu __________________________________/ \____________________________________ DISCLAIMER: If people weren't so sue-happy, I wouldn't need one!
davids@dasys1.UUCP (David Schenfeld) (04/28/88)
In article <350@matr-a.UUCP>, ken@matr-a.UUCP (Ken Farnen) writes: > > OK, I know that the free rags are not the most accurate of sources, but I > feel I must ask: > > IS STUFFIT A TROJAN HORSE ????????? > There was a report about an infected StuffIt that was circulating in Texas. The infected program was an OLD version 1.2x. There have been general references to StuffIt in some publications, including MacWEEK and Macintosh today, saying things to the effect of "...and now StuffIt is infected." I wrote a letter to the editor of MacWEEK expressing my anger over such an irresponsible and general comment and I was informed that a correction will be printed. StuffIt as released by its author, Raymond Lau, is *NOT* infected. The latest version 1.40A is clean, and so have been the previous versions. I hate to make this analogy, (please, no flames) but just as you have to be careful these days with new girlfriends/boyfriends (referring to the AIDS crisis), if you don't know where a program has been, you take your own chances. If you received StuffIt directly from the author, or if you downloaded a copy from (again, no flames) one of the commercial networks that Mr. Lau uploads directly to, you can be assured that you received a virus free program. Since StuffIt is a popular program withing the telecomm community, it makes a good target for some shady person to inject it with a 'virus'. -- David Schenfeld {allegra,philabs,cmcl2}!phri\ Big Electric Cat Public Unix {columbia,cmcl2}!cucard!dasys1!davids New York, NY, USA {sun,well,amdahl}!hoptoad/ Compuserve: 72315,1457 | Delphi: DSCHENFELD | GEnie: AES-ELECT
chiaravi@silver.bacs.indiana.edu (Lucius Chiaraviglio) (04/28/88)
In article <355@ardent.UUCP> kmw@ardent.UUCP (Ken Wallich) writes: >no, No, NO! Stuffit is nothing resembling a virus. Geesh, some idiot >who writes (ha!) for a *UK* computer rag says something stupid, and folks >get worried. Now uniformed folks are gonna think whenever their machine ^^^^^^^^^ ? >does something strange that it must have been that "stuffit virus" again. I didn't know wearing uniforms led to paranoia, but I suppose both are military items. . . . I will in the future make a even greater effort to avoid wearing a uniform. (Sorry, I just couldn't resist.) -- Lucius Chiaraviglio chiaravi@silver.bacs.indiana.edu lucius@tardis.harvard.edu (in case the first one doesn't work) "The future begins tomorrow."