syap@ur-tut (James Fitzwilliam) (03/23/88)
OK, I've got this neat little vaccinator file in my system folder which "helps guard against viruses, trojans, worms..." -- What will it say/do if it spots something fishy? Can someone explain briefly how it operates without giving away the recipe for defeating the protection it provides? I'm particularly puzzled as to how an INIT device could check for infections of APPLs as well as the ZSYS... Is it just a do-a-checksum-on-the-system-at-boot, or does it work as long as the Mac is on? Please excuse me if this info was available but I missed it. This kind of information is probably safer in the mail than the topic. (Besides, all of these virus panic messages, vitally important as they are, can be very unnerving reading while sitting at one's Mac keyboard! A bit like watching "A Night to Remember" on a cruise.) Thanks much. James Fitzwilliam domain: syap@tut.cc.rochester.edu path: rochester!ur-tut!syap "Piano is my forte" (-: GEnie: FITZWILLIAM ==================================================================
jwhitnel@csi.UUCP (Jerry Whitnell) (03/24/88)
In article <1480@ur-tut.UUCP> syap@ur-tut (James Fitzwilliam) writes: >OK, I've got this neat little vaccinator file in my system folder >which "helps guard against viruses, trojans, worms..." -- What >will it say/do if it spots something fishy? Can someone explain >briefly how it operates without giving away the recipe for >defeating the protection it provides? I'm particularly puzzled as >to how an INIT device could check for infections of APPLs as well >as the ZSYS... Is it just a do-a-checksum-on-the-system-at-boot, >or does it work as long as the Mac is on? The vaccine basicly watchs all attempts to modify the resource fork of any file that has some subset of resources that are interesting to it. If you want to see it in action, try modifying an application or the System file with Font D/A mover or ResEdit. LightspeedC will also cause it to trap. Note that it is resident at all times (if enabled) and watches any program for suspious activity. > > James Fitzwilliam Jerry Whitnell Been through Hell? Communication Solutions, Inc. What did you bring back for me? - A. Brilliant
ilan_-_rabinowitz@cup.portal.com (03/24/88)
The vaccine is not just an INIT. Its a CDEV. If you look in your control panel and then hit the vaccine icon, youll be able to select the "instruction" button for the vaccine. The instructions are pretty clear. I do hope we are talking about the same vaccine INIT, since I've seen a few floating around. The one I am talking about is CE's 1.0 version of the vaccine CDEV. - ILAN RABINOWITZ - with ILANET(tm) (408) 248-0521 or ilan_rabinowitz@cup.portal.com
syap@ur-tut (James Fitzwilliam ) (03/25/88)
In article <4074@cup.portal.com> ilan_-_rabinowitz@cup.portal.com writes:
*The vaccine is not just an INIT. Its a CDEV. If you look in your control
*panel and then hit the vaccine icon, youll be able to select the "instruction"
Ahh! I should have figured this out myself, since I did notice a cdev when
poking into it with ResEdit -- I'd forgotten they belonged to the Control
Panel, however. Thanks for reminding me. One would think that "See instruc-
tions in Control Panel" is the kind of thing that should be put in the intro
of the binary. No big problem, I'm sure I'd have seen it before long (don't
futz with my C-Panel settings all that often! :-)
Thanks.
James Fitzwilliam
domain: syap@tut.cc.rochester.edu
path: rochester!ur-tut!syap "Piano is my forte" (-:
GEnie: FITZWILLIAM
========================================================================