mmccann@hubcap.UUCP (Mike McCann) (03/03/88)
I recently downloaded a file from sumex which after running for a few seconds, crashed on me. The mouse was frozen, so when I reset the Mac the hard drive wouldnt come up and it was treated as an non-mac disk. Was this a freak accident or are there virus programs out there which attack macs? If so, is there a program that can successfully detect virus programs? Help........... Thanks in advance, Mike McCann
jas@cadre.dsl.PITTSBURGH.EDU (Jeffrey A. Sullivan) (03/03/88)
In article <1056@hubcap.UUCP>, mmccann@hubcap.UUCP (Mike McCann) writes: > I recently downloaded a file from sumex which after running for a few > seconds, crashed on me. The mouse was frozen, so when I reset the Mac > the hard drive wouldnt come up and it was treated as an non-mac disk. > Was this a freak accident or are there virus programs out there which > attack macs? If so, is there a program that can successfully detect > virus programs? Help........... > > Thanks in advance, > Mike McCann No, this is no virus. It is a feature of the Mac OS. (I assume you are run- ning a Mac II, since it's what I have and what I've heard this problem on, but I don't know if it can happen to other Macs. I think so, though.) What happened was that the program screwed up your parameter RAM (PRAM) and your little ole mac got confused about what to do at startup. Just run a program to ZAP PRAM, or hold down SHIFT-CTRL-OPT when you choose the control panel DA and answer yes to the PRAM ZAP dialog. This blanks PRAM to its default setting and lets you re-set it to your taste. If you are using a Mac II, there is a patchj in the form of an INIT that keeps this from happening. I love it! Can't say how many times I had to ZAP my PRAM before the patch came along, and I've not had to do it since. Well, not for this reason, anyway... -- .......................................................................... Jeffrey Sullivan | University of Pittsburgh jas@cadre.dsl.pittsburgh.edu | Intelligent Systems Studies Program jasper@PittVMS.BITNET, jasst3@cisunx.UUCP | Graduate Student
bill@utastro.UUCP (William H. Jefferys) (03/03/88)
In article <1056@hubcap.UUCP> mmccann@hubcap.UUCP (Mike McCann) writes:
~I recently downloaded a file from sumex which after running for a few
~seconds, crashed on me. The mouse was frozen, so when I reset the Mac
~the hard drive wouldnt come up and it was treated as an non-mac disk.
~Was this a freak accident or are there virus programs out there which
~attack macs? If so, is there a program that can successfully detect
~virus programs? Help...........
~
What program was this that caused this problem? Without this
information your article can't help (warn) anyone else, and no-one
else can help you!
Bill Jefferys
--
Glend. I can call spirits from the vasty deep.
Hot. Why, so can I, or so can any man; But will they come when you
do call for them? -- Henry IV Pt. I, III, i, 53mmccann@hubcap.UUCP (Mike McCann) (03/03/88)
Several people have asked what program I was running (and what kind of Mac I was on) when my hard drive died. I was running BCompile when my Mac died but I had run Localizer directly before that. My Mac is a Mac+ w/1M, one 800K drive and one HD20SC. The Mac boots fine from other disks but thinks that the hard drive isnt a Mac disk (not a good sign). Mike McCann
ephraim@think.COM (ephraim vishniac) (03/03/88)
In article <1056@hubcap.UUCP> mmccann@hubcap.UUCP (Mike McCann) writes: >I recently downloaded a file from sumex which after running for a few >seconds, crashed on me. The mouse was frozen, so when I reset the Mac >the hard drive wouldnt come up and it was treated as an non-mac disk. >Was this a freak accident or are there virus programs out there which >attack macs? If so, is there a program that can successfully detect >virus programs? Help........... Fear of viruses is a bit overdone these days. Consider the more likely possibilities: Much of the software on sumex was written by hobbyists. Much of it has problems, even when run under the exact environment it was written for. Lots of it has *severe* problems when run under different environments. How old was the particular item you ran? Was it written for a 128K Mac? 512K Mac? 512e? Mac Plus? SE or II (not likely!)? Was it written for Finder 1.0? 1.1g? 4.1? 5.5? 6.0? Did it expect MFS or HFS? I recently pulled out a demo from the distant past (the "Windows Demo" program, with variant WDEFs) which used to run fine on my Fat Mac. On my Mac II, it bombed instantly. A slightly different crash could easily have sent my hard disk out to lunch, but not through any malice on the author's part. Ephraim Vishniac ephraim@think.com Thinking Machines Corporation / 245 First Street / Cambridge, MA 02142-1214 On two occasions I have been asked, "Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?"
rs4u+@andrew.cmu.edu (Richard Siegel) (03/08/88)
>> the hard drive wouldnt come up and it was treated as an non-mac disk. >> Was this a freak accident or are there virus programs out there which >> attack macs? If so, is there a program that can successfully detect This was more than likely a freak accident; it's possible for many public-domain, freeware, beta-test, and shareware programs to have bugs in them that cause crashes; when these crashes occur, it's possible that it'll happen at such a time when the disk directory or information is in an inconsistent state. If this happens, it's very possible that the Finder will tell you that the disk is not a Macintosh disk or that it's damaged. >happened was that the program screwed up your parameter RAM (PRAM) and your >little ole mac got confused about what to do at startup. Just run a program No, no, no.... The disk being damaged is not going to be apparent here, except for a refusal to boot from that disk. When the disk drive is " treated as a non-mac disk", it's damaged for sure. It's not a virus, it's just something that happens from time to time. In this case, your best (and probably only) way to recover the disk is to use the Disk First Aid program that comes with your Macintosh; it's on one of the Utilities disks. Boot up on another floppy and run Disk First aid; a drive selection box will come up. Click on the "Drive" button; you'll see either "Disk With Bad Name (SCSI #)" (where # is the SCSI address of your disk), or your disk's name, or something garbled (SCSI #). Click on the "Open" button, then click "Start." If Disk First Aid can fix your disk, it will do so. To protect yourself, it's wise to back up often (I use DiskFit; the choice of a backup program is subject to personal preference and is something of a religious issue) and to become familiar with a program such as Disk First Aid. This is one of the risks of using stuff that comes in over the nets; by and large, these programs go through absolutely NO testing and NO quality control - you are the beta tester. The good part is that there's some genuinely good stuff that is posted.... --Rich =================================================================== Rich Siegel Confused Undergrad, Carnegie-Mellon University The opinions stated here do not represent the policies of Carnegie-Mellon University. Arpa: rich.siegel@andrew.cmu.edu UUCP: {decvax,ucbvax,sun}!andrew.cmu.edu!rich.siegel ==================================================================
hammen@csd4.milw.wisc.edu (Robert Joseph Hammen) (03/10/88)
In article <IWAi9Vy00V4-Frk0Td@andrew.cmu.edu> rs4u+@andrew.cmu.edu (Richard Siegel) types: <discussion of damaged disk & buggy programs deleted> > In this case, your best (and probably only) way to recover the disk is >the Disk First Aid program that comes with your Macintosh; it's on one of the >Utilities disks. Boot up on another floppy and run Disk First aid; a drive >selection box will come up. Click on the "Drive" button; you'll see either >"Disk With Bad Name (SCSI #)" (where # is the SCSI address of your disk), or >your disk's name, or something garbled (SCSI #). Click on the "Open" button, >then click "Start." If Disk First Aid can fix your disk, it will do so. Let me add to Rich's comments. One thing that can be helpful for a hacker is to figure out what went wrong with the damaged disk. After you click Open (as detailed above), type Command-S (I think the Caps Lock key must be up for this to work). A small window will appear at the bottom of the screen. When you click "Start", you will now see what DFA is doing. If it fails to read the disk immediately, chances are the SCSI driver is zapped, or the directory is biffed. Most hard disk utility programs (e.g. Apple's HD SC Setup) allow you to "update" the SCSI drivers. If there are other problems with the disk that Disk First Aid can't fix, and if your data is worth more than $40 or so, call up MacConnection and order a copy of MacZap (unless they are out of stock, it'll be on your doorstep the following morning). MacZap is a powerful program that has been able to fix any bad disk I've ever come across, though the manual and the user interface are a real challenge (though they may have improved in recent versions - I have not upgraded in a while). Another product out there is First Aid Kit - I have no experience with that package, however. Hope this helps someone... >Rich Siegel /////////////////////////////////////////////////////////////////////////// / Robert Hammen Computer Applications hammen@csd4.milw.wisc.edu / / Delphi: HAMMEN GEnie: R.Hammen CI$: 70701,2104 / ///////////////////////////////////////////////////////////////////////////
fjo@ttrdf.UUCP (Frank Owen ) (03/11/88)
> Was this a freak accident or are there virus programs out there which > attack macs? There are many known viruses for PCs. Is your Mac located near a PC? A PC virus could possibly be carried out of the PC through it's exhaust fan and then infect your Mac! Actually, the chances of this happening are pretty slim, because even if the virus somehow found it's way out of the PC (these viruses can be pretty tricky little fellows), it would have to go through some sort of genetic transformation in order to infect such a radically different species as the Mac. -- Frank Owen (fjo@ttrde) 312-982-2182 AT&T Information Systems Computer Systems Division, 5555 Touhy Ave., Skokie, IL 60077 PATH: ...!ihnp4!ttrdf!fjo
roger@homxc.UUCP (searching for net.identity) (03/11/88)
In article <340@ttrdf.UUCP>, fjo@ttrdf.UUCP (Frank Owen ) writes: > > There are many known viruses for PCs. Is your Mac > located near a PC? A PC virus could possibly be > carried out of the PC through it's exhaust fan and > then infect your Mac! I think I saw one of those virus programs for sale. It was called "Programmer's Aids." > Frank Owen (fjo@ttrde) 312-982-2182 > AT&T Information Systems Roger Tait ..ihnp4!homxc!roger (201) 949-1136 AT&T Bell Labs Technical Publications Holmdel, NJ (-; (-; "Where never is heard a discouraging word, and the skies are not cloudy all day." :-) :-)
edwards@bgsuvax.UUCP (Bruce Edwards) (03/16/88)
In article <340@ttrdf.UUCP>, fjo@ttrdf.UUCP (Frank Owen ) writes: > > Was this a freak accident or are there virus programs out there which > > attack macs? > > There are many known viruses for PCs. Is your Mac > located near a PC? A PC virus could possibly be > carried out of the PC through it's exhaust fan and > then infect your Mac! > > Actually, the chances of this happening are pretty > slim, because even if the virus somehow found it's > way out of the PC (these viruses can be pretty tricky > little fellows), it would have to go through some > sort of genetic transformation in order to infect > such a radically different species as the Mac. > The best way to avoid such viruses is to practice SAFE DOWNLOADING I do this by wrapping my modem in Saran-Wrap before connecting to any BBS. :-)
Linkers@cup.portal.com (03/19/88)
It seems to me that the only effective way to check for a virus would be to take a snapshot of the entire environment before running the suspected program, and another afterwards, and then examine what changed. This process would have to be repeated in conjunction with updating the clock to detect virus' that are triggered after certain dates. Unfortunately, on all existing Mac CPU's there is no way to simulate the programs environment, (this should be possible under an 68030 multitasking and memory mapped architecture) to develope a program capable of testing another for viral effects. However, it is possible to develop a way to take a snapshot in the form of a checksum of every executable/system file on the system before each program is executed, and then to determine which files changed between the previous program execution. Hopefully some saintly organization/individual will take up the challenge. Scott Bryan
gillies@uiucdcsp.cs.uiuc.edu (03/20/88)
Trojan Horses are a classic problem in the discipline of operating
system protection. Any partial solution to this problem DOES NOT
depend on whose processor chip you buy. It depends on having a
serious protection scheme built by a designer that expressly solves
the problem.
Theoretically, whether a program halts and zeroes core is
undecideable. Therefore, it is certainly undecideable whether a
program halts and does a bad thing XYZ (in particular, XYZ = zeroing
core) to your computer.
You can protect against a Trojan Horse, but you cannot completely
prevent one (assuming you load new software into your computer). To
protect against one, you need to confine untrusted software. In
principle, you must confine each piece of software FOREVER. If the
program writes to the disk, the objects it must access (to do useful
work) will always be in peril.
If the software spoofs you successfully (e.g. "This piece of software
is a univeral vaccine INIT -- it needs FULL access to your system
file", or "This piece of software patches your system file with a new
version of Quickdraw that is 5 time faster!"), and you believe this
nonsense, then you're sunk. Your only hope is to disassemble the code
an prove (theoretically) that the program does nothing harmful.
Sorry to bring you this depressing news....
Don Gillies {ihnp4!uiucdcs!gillies} U of Illinois
{gillies@p.cs.uiuc.edu}
---------------------------------------------------------------------
Doing an M.S. thesis in protection. Did a B.S. thesis in protection.
Hope I don't have to do a Ph.D. in protection.
---------------------------------------------------------------------