jg3o+@andrew.cmu.edu (Jason Ari Goldstein) (02/07/90)
Just like everywhere else the WDEF is thriving here at Carnegie-Mellon Univ. I recently removed WDEF A & B off of 15 disks of a friend of mine. When I commented to somone here about the virus they said there was nothing they could do to stop it, except remove it once a machine got infected. I don't know much about Macs (Being a PC person) but if I understand correctly every time the disk is inserted the they Virus is sread to the disk. Well, why doesn't someone write an innoculation directly based on the virus itself. Everytime a disk is inserted in the drive it would be checked for infection if so it would remove WDEF if not it would then 'innoculate the disk' with itself. Eventually, WDEF would be wiped out the same way it was spread initially. The only problem with this is that it is a virus also, but with the proper prompts (allowing the user the choice of being innoculated) I don't think this would be a problem. I know I would mind not ever being infected by a virus that kills other viruses. In the mean time, about 75% of the time I in a cluster I remove WDEF A or B from either a hard disk or someone elses floppies. Later... me - ------------------- Jason Goldstein Internet: jg3o+@andrew.cmu.edu Disclaimer: I represent me and only me not CMU, not my folks, not anyone. "Thank the lord my PC came in the mail yesterday" - me Over, Finished, Gone, Done, Out.
woody@rpp386.cactus.org (Woodrow Baker) (02/09/90)
jg3o+@andrew.cmu.edu (Jason Ari Goldstein) writes: > Just like everywhere else the WDEF is thriving here at Carnegie-Mellon > Univ. I recently removed WDEF A & B off of 15 disks of a friend of > mine. When I commented to somone here about the virus they said there > was nothing they could do to stop it, except remove it once a machine > got infected. > > I don't know much about Macs (Being a PC person) but if I understand > correctly every time the disk is inserted the they Virus is sread to > the disk. Well, why doesn't someone write an innoculation directly > based on the virus itself. Everytime a disk is inserted in the drive > it would be checked for infection if so it would remove WDEF if not it > would then 'innoculate the disk' with itself. Eventually, WDEF would > be wiped out the same way it was spread initially. This is the first *really* sane Idea that I have seen, about combatting viri. The checkers and clearers are fine, but this type of 'virus' would be a good thing. Provided it is safegarded so that IT can't be infected..... Cheers Woody
CXT105@PSUVM.PSU.EDU (Christopher Tate) (02/12/90)
jg3o+@andrew.cmu.edu (Jason Ari Goldstein) says: >I don't know much about Macs (Being a PC person) but if I understand >correctly every time the disk is inserted the they Virus is sread to >the disk. Well, why doesn't someone write an innoculation directly >based on the virus itself. Everytime a disk is inserted in the drive >it would be checked for infection if so it would remove WDEF if not it >would then 'innoculate the disk' with itself. Eventually, WDEF would >be wiped out the same way it was spread initially. > >The only problem with this is that it is a virus also, but with the >proper prompts (allowing the user the choice of being innoculated) I >don't think this would be a problem. I know I would mind not ever >being infected by a virus that kills other viruses. > >In the mean time, about 75% of the time I in a cluster I remove WDEF A >or B from either a hard disk or someone elses floppies. The big problem with this is that since the WDEF-removal code is itself a virus, it stands a big chance of causing the same problems as any other virus -- crashes due to poorly written code. There have been no viruses written to date for the Macintosh which deliberately cause damage to the system (*). All of the problems caused by existing viruses are in fact the result of bugs in the viruses, which causes interference with other programs under certain circumstances. Since the above-mentioned inoculation program would be a virus itself, it might well cause problems itself. (*) Mosaic and Font Finder are not viruses (they do not replicate), but are instead "trojan horses" -- destructive code hidden within an innocuous-seeming program. - ------- Christopher Tate | cxt105@psuvm.bitnet | nobody, not even the rain, cxt105@psuvm.psu.edu | has such small hands. ..!psuvax1!psuvm.bitnet!cxt105 |
steve@clmqt.marquette.Mi.US (Steve Lasich) (02/22/90)
CXT105@PSUVM.PSU.EDU (Christopher Tate) writes: >The big problem with this is that since the WDEF-removal code is itself >a virus, it stands a big chance of causing the same problems as any other >virus -- crashes due to poorly written code. >There have been no viruses written to date for the Macintosh which ^^^^^^^^^^^^^^^^^^^^^^^^^^ >deliberately cause damage to the system (*). All of the problems caused ^^^^^^^^^^^^^^^^^^^ >by existing viruses are in fact the result of bugs in the viruses, which >causes interference with other programs under certain circumstances. >Since the above-mentioned inoculation program would be a virus itself, >it might well cause problems itself. I have seen this assertion made a half dozen times. Can somebody either confirm or deny the report I read in either MacUser or MacWorld (circa October 1988) that there is malicious code in the SCORES virus which is only activated by the presence on a disk volume of files containing certain creator IDs belonging to Electronic Data Systems (EDS), the company which Ross Perot sold to GM? I apologize if this is an old question that has been answered a hundred times already. >(*) Mosaic and Font Finder are not viruses (they do not replicate), but > are instead "trojan horses" -- destructive code hidden within an > innocuous-seeming program. >Christopher Tate | - ---------- Steve Lasich Micro Lab Coordinator steve@clmqt.marquette.mi.us .rutgers!mailrus!sharkey!clmqt!steve