76476.337@CompuServe.COM (Robert McClenon) (09/07/90)
A correspondent to this forum recently mentioned an odd interaction
between two viral scanners on the PC, where one of them identified the
list of viral signatures used by the other one as containing the
viruses. I have observed a different type of odd interaction between
anti-viral packages on the Macintosh. The virus scanner Virex and the
security package A.M.E. (Access Managed Environment) have been
installed on a Macintosh. If a diskette containing new applications
is inserted into a drive, Virex attempts to scan the diskette for
virus signatures. However, A.M.E. intercepts the scan and puts up a
message saying that an attempt is being made to open an unregistered
item of software. It allows the system administrator to bypass
registration or to cancel the open, but warns that bypassing the
requirement for registration is dangerous. If the diskette contains a
new release of previously installed software (an update), it puts up
an even more strongly worded warning that an attempt is being made to
open an altered copy of a registered program and that it may have
viruses. The message may confuse an inexperienced system
administrator because she may assume that an attempt is being made to
EXECUTE an unregistered or altered application. In fact, Virex is
opening the applications to READ them to scan for viruses. The proper
response is to bypass the A.M.E. registration check at this point.
Cancelling the open causes the diskette to be ejected.
If the user is not the system administrator, A.M.E. does not offer the
bypass option. It simply cancels the open. This is reasonable since
in a controlled environment only the system administrator should be
loading new programs.
The specific moral to this concerns the interaction between A.M.E.
and Virex. The general moral to this is that anti-viral programs may
interact with each other oddly, and that they do require expert
knowledge of what the virus threat is and what the other threats are
and what they are doing to protect the users.
Robert McClenon
Neither my employer nor anyone else paid me to say this.