MANUTTER@grove.iup.edu (Mark Nutter, Apple Support) (04/11/91)
Thomas DiBlasi asks: >Is it possible for a virus, trojan, worm, etc. to infect a hard disk >or RAM simply by inserting an infected floppy into a drive without >execution?? There are a couple of Mac viruses that take advantage of a loophole in the Mac OS to produce precisely that effect. Basically, the Mac OS allows you to define code resources for such common items as windows and menus, so that you can implement custom windows and unusual menus. The WDEF and MDEF viruses exploit this by putting modified (viral) code resources where the operating system will find them when it goes to draw a window or pull down a menu. Thus, if you put an infected disk in your disk drive, and then open a window (or pull down a menu), the infected code resource gets executed, even though you never ran a program. Naturally, the freeware program GateKeeper (actually GateKeeper Aid), and a number of other anti-viral products, now check this loophole, so a protected Mac should be safe from this particular avenue of infection. I run GateKeeper all the time, and it has caught a number of WDEF-infected disks before they could do anything. (It automatically removes the virus upon detection). - ----------------------------------------------------------------------------- Mark Nutter MANUTTER@IUP Apple Support Manager Indiana University of Pennsylvania G-4 Stright Hall, IUP Indiana, PA 15705 "You can lead a horse to water, but you can't look in his mouth." - Archie B. =============================================================================