THCY@VAX5.CCS.CORNELL.EDU (Mark H. Anbinder) (07/05/89)
Any Macintosh virus that spreads when an infected program is executed can be spread over AppleTalk networks, IF you are using file sharing or file server software such as AppleShare or TOPS. If you execute a program on a remote computer that happens to be infected, the System software on your local computer can be infected. From there, you will infect any other program you use. nVIR is particularly effective at spreading from program to program in this way, so be sure that any shared software, or anything on a shared file server volume, is clean. As evidence: my hard drive was heavily infected with nVIR when someone else on my network (I'm running TOPS) asked to try out the software on my drive. He executed a couple dozen programs... shortly after having played an nVIR-infected game on his own computer. The disk containing the nVIR virus was never physically even NEAR my computer. Mark H. Anbinder
XRJDM@SCFVM.GSFC.NASA.GOV (Joe McMahon) (07/05/89)
E. C. Greer <RS0XEG@ROHVM1.BITNET> asks: >Subject: nVIR and Appletalk (Mac) > >We've found a few MAC's here with nVIR (both A and B), and we're >having some success in dealing with the infections using SAM. So far >the affected machines appear to be isolated cases, but I'm concerned >becaues most of our 100+ MAC's are networked with Appletalk. Can >anyone tell me whether nVIR can be spread over Appletalk? If so, under >what conditions is it spread, and what countermeasures can I take? nVIR can transmit to a new machine in two ways: 1) The user runs an infected program on the machine, which installs the virus in the System file. After the "incubation period", the infected System file begins to spread the virus to applications run on the machine. 2) The user boots an infected System of his or her own and then runs applications which reside on the machine. This can infect appli- cations even if the "normal" folder on the machine contains a virus blocker like Vaccine. If your AppleTalk network only is used for mail or access to LaserWriters, you shouldn't have a problem. If you have AppleShare servers, make sure the servers are protected. You may have to disinfect the odd machine here and there, but the servers should be safe. --- Joe M.
THCY@VAX5.CCS.CORNELL.EDU (Mark H. Anbinder) (07/13/89)
*On 5 July Joe McMahon <XRJDM@SCFVM.GSFC.NASA.GOV> said... >If your AppleTalk network only is used for mail or access to >LaserWriters, you shouldn't have a problem. If you have AppleShare >servers, make sure the servers are protected. You may have to disinfect >the odd machine here and there, but the servers should be safe. It's true that if your network is only used for printing that CURRENTLY KNOWN Mac viruses can't spread over the network. Some electronic mail software, though, lets users exchange files or even applications. If an application that's infected is transferred in this way, the infection WILL be transferred. There is no simple way of "protecting" servers themselves against the infection of the files they hold. If an application stored on the server is executed by a person using an infected machine, that application will probably be infected. You cannot run such things as Vaccine or GateKeeper or SAM Intercept on a server machine. Well, you can, but it only keeps software being run ON the server from being infected; it does nothing to prevent software that RESIDES on the server from being infected. The best way to do that is still to make sure that each workstation is as secure as possible, using frequent checks with Disinfectant, Virex, or SAM (currently the three most up to date programs), and protection with such programs as Vaccine, GateKeeper, or SAM Intercept (the best of the three, but not free). For the curious, SAM is a new package of antiviral utilities from Symantec, the same people who created SUM. It stands for Symantec Antivirus for the Macintosh. I haven't finished evaluating it, but it looks great. I will post more about it shortly. Mark H. Anbinder
RS0XEG@ROHVM1.BITNET (E. C. Greer) (07/18/89)
We've found a few MAC's here with nVIR (both A and B), and we're having some success in dealing with the infections using SAM. So far the affected machines appear to be isolated cases, but I'm concerned becaues most of our 100+ MAC's are networked with Appletalk. Can anyone tell me whether nVIR can be spread over Appletalk? If so, under what conditions is it spread, and what countermeasures can I take?