S10891KH@SEMASSU.BITNET (Thank you matchline) (04/09/90)
The following is an excerpt of a letter sent to John Norstadt, Author of
disinfectant and may be of interest to anyone who uses gatekeeper
____________________________________________________________________
SMU, 9-APR-1990
John, I'm sending this to you because I think it may be of interest. I
just downloaded gatekeeper 1.1.1 off the rice archives and was in the
process of evaluating its performance against scores, nVir and WDEF.
Immediately I found a problem. When starting up an application already
infected with scores (on a floppy) gatekeeper announced 3 times that the
virus was attempting to infect the application and its attempt was 'vetoed'
Great so far. However, after that initial warnining I waited about 10
minutes and then checked on the process of the attempted infection. By
that time, pyro had come on and nothing was any different BUT when I
checked the system folder the notepad file and scrapbook files had the
'dogeared page' icon. I ran disinfectant 1.6 and guess what the system was
infected as well as the desktop, clipboard and scrapbook.
It seems that gatekeeper only partly protects from scores attacks. And
worse yet disinfectant had to be run twice to completely remove all bits
and pieces of scores.
- Zav