XRJDM@SCFVM.GSFC.NASA.GOV (Joe McMahon) (02/08/90)
>From: Jason Ari Goldstein <jg3o+@andrew.cmu.edu> > >Just like everywhere else the WDEF is thriving here at Carnegie-Mellon >Univ. I recently removed WDEF A & B off of 15 disks of a friend of >mine. When I commented to somone here about the virus they said there >was nothing they could do to stop it, except remove it once a machine >got infected. Eradicate'em and Gatekeeper Aid both stop the virus and automatically remove it from the disk as disks are inserted. >I don't know much about Macs (Being a PC person) but if I understand >correctly every time the disk is inserted the they Virus is spread to >the disk... Close enough; the default window definition procedure also has to be invoked, and you have to be running under the Finder. >Well, why doesn't someone write an innoculation directly >based on the virus itself.... >The only problem with this is that it is a virus also, but with the >proper prompts (allowing the user the choice of being innoculated) I >don't think this would be a problem.... It might not be a problem on current Macs or current versions of the System, but would be very likely to fail in future incarnations. Also, available anti-virals probably wouldn't be able to tell the difference between your "WDEF C" and a real infection, so well-meaning disinfectors would wipe out your "inoculation". Finally, I think we all agree that viruses to fight viruses simply help to continue the upward spiral of virus technology, and that *any* virus has the potential to cause damage under some circumstances. Worse, a virus writer could take your supposedly harmless virus and hack it into a virulent one. If your anti-virus virus contains your name, you might have trouble convincing people (including law enforcement) that you didn't write the nasy variant. >In the mean time, about 75% of the time I in a cluster I remove WDEF A >or B from either a hard disk or someone elses floppies. Jason, if no one there has the programs I mentioned above, they are available from our LISTSERV. Worst case, there is a very simple way of getting rid of WDEF infections, and it's BUILT IN to the Mac! When you insert a disk, hold down the Command and Option keys. You'll get a message asking if you want to rebuild the Desktop file. Click "OK". This will blow away any existing WDEF infection. The same can be done for boot disks: just hold down those two keys after the "Welcome to Macintosh" screen appears. You'll get the same dialog, to which you respond in the same way. Nothing could be simpler. Rebuilding the Desktop causes it to be thrown away, virus and all, and a new copy built. Since WDEF doesn't live anywhere else, you're all set. >From: Fung P Lau <LAU@ricevm1.rice.edu> > > I have recently read something about Disinfectant 1.6 from this >newsgroup. Its author said that there was no Disinfectant 1.6... At the time the message was posted, that was true. John Norstad created 1.6 since then, so versions of that program from sumex, John's node, or the SCFVM LISTSERV are true, valid copies of Disinfectant 1.6. >From: wcpl_ltd@uhura.cc.rochester.edu (Wing Leung) > > Can someone tell me is WDEF an illegal string in the resource code? WDEF resources are "window definition procedure" resources. They define how windows look and act. They are legal. >How about the program called WDEF uploaded in comp.binaries.mac? It's an alternate window definition procedure and is OK. >In fact, I've found some WDEF resource code in system version 6.0.3. > Please tell me more about this resource code. That's the code that defines the standard Mac window (scroll bars, go-away box, zoom box, etc). DON'T DELETE IT or your System file will no longer be usable. Whew. --- Joe M.