OSPWD%EMUVM1.BITNET@IBM1.CC.Lehigh.Edu (Peter W. Day) (09/06/89)
>Date: 04 Sep 89 01:18:53 +0000 >From: gilbertd@silver.bacs.indiana.edu (Don Gilbert) >Subject: Appleshare and viruses ? > >What are the conditions under which current Mac viruses can >infect files on Appleshare volumes? I have not attempted to infect any files with a virus, whether on an AppleShare volume or otherwise, but based on what I know about Macintosh, AppleShare and viruses, here is what I think is true. A Mac virus can infect a file only if it can write to the file, no matter where the file is located. A micro cannot access an AppleShare volume directly: it must ask the server to access the AppleShare volume on its behalf. As a result, the server can enforce access privileges. Access privileges apply only to FOLDERS. For the benefit of other readers, the privileges are See Files, See folders and Make Changes. They apply individually to the owner, a group, and everyone. I experimented writing directly to files and folders on an AppleShare volume using Microsoft Word, typing the explicit file path in a Save As... dialog box. For a file to be changeable, the volume and folders in the file path must have See Folders privilege, and the final folder must have See Files and Make Changes privilege. The virus would probably need to search for files to infect, and would only find files along paths with See Folders privs for the volume and folders in the path, and See Files in the final folder. Macintoshes used with shared files are subject to trojans, and the trojan could be infected with a virus. Consider the following scenario: A user has a private folder on a volume shared with others using (say) AppleShare. The volume has a folder containing a shared application named, say, Prog1, and the folder has everyone See Files and See Folders but not Make Changes (i.e. it is read-only). The user makes a private copy of Prog1, and later runs a virus-infected program locally while the shared volume is mounted, and the copy of Prog1 becomes infected. The user now makes his AppleShare folder sharable (See Files, See Folders) to everyone (so that someone can copy a file he has, say). Another user double-clicks on a document created by Prog1, and the Mac Finder happens to find the infected copy of Prog1 before finding the other copy. As a result, the second user's files become infected. Thus I recommend that private folders be readable only by the owner as a matter of policy. Allowing everyone Make Changes creates drop folders so that users can exchange files. Drop Folders are safe enough in that AppleShare does not allow you to overwrite a file when you only have Make Changes priv. However, users should be told to run a virus check on any files that others drop in their folders.