roy@alanine.phri.nyu.edu (Roy Smith) (08/01/90)
I have a IIcx running 6.0.5 with Disinfectant 2.0 and Disinfectant
Init installed. Most of the other machines around here are either IIs of
various flavors or Pluses, with 6.0.[2345] and also with Disinfectant Init
installed. Somebody just brought me a floppy (800k, I think) that she
claims was infected by one of the Disinfectant protected public machines.
When I put the floppy in my machine, Disinfectant Init didn't catch it, but
when I scanned it with Disinfectant 2.0 (the application), it did indeed
say it was infected with WDEF-A. Rebuilding the desk top cleared the
infection.
I'm pretty sure Disinfectant Init is properly installed and working
on my machine because it has caught infected disks before (as recently as
yesterday). Is there such a thing as a partially WDEF infected disk, that
the Init might miss but the application would catch?
--
Roy Smith, Public Health Research Institute
455 First Avenue, New York, NY 10016
roy@alanine.phri.nyu.edu -OR- {att,cmcl2,rutgers,hombre}!phri!roy
"Arcane? Did you say arcane? It wouldn't be Unix if it wasn't arcane!"jln@acns.nwu.edu (John Norstad) (08/01/90)
In article <1990Jul31.171614.2042@phri.nyu.edu> roy@alanine.phri.nyu.edu (Roy Smith) writes: > Somebody just brought me a floppy (800k, I think) that she > claims was infected by one of the Disinfectant protected public machines. > When I put the floppy in my machine, Disinfectant Init didn't catch it, but > when I scanned it with Disinfectant 2.0 (the application), it did indeed > say it was infected with WDEF-A. Disinfectant does not attempt to scan floppies when they are inserted. It instead catches viruses at the point of initial attack. Simply inserting a WDEF-A infected floppy will not wake up the Disinfectant INIT. You must open the floppy's main Finder window or do something else to cause the virus to attack your system. At this point the INIT will detect the virus, temporarily neutralize it, and inform the user. It's a common misconception that the WDEF virus attacks immediately when an infected floppy is inserted in a drive. This is not true. If the original Mac was indeed protected by the Disinfectant INIT, then I doubt very much that the user's floppy was infected by that Mac. Did you check the original Mac to see if it was in fact infected? John Norstad Academic Computing and Network Services Northwestern University jln@acns.nwu.edu
wilcox@hydra.unm.edu (Sherman Wilcox) (08/01/90)
I recently took my SE/30 to my local dealer because the superdrive had gone out on me (bad news -- my machine is only 6 months old, but purchased before the 1 year warranty went into effect). When I brought it home and booted up, Disinfectant immediately let me know that I had been infected with WDEF-A (the INIT let me know). The good news: thank god for Disinfectant! The bad news: I took a clean machine into the shop and got a dirty one in return (but the new floppy does work).
jln@acns.nwu.edu (John Norstad) (08/02/90)
In article <1990Aug1.001425.22545@ariel.unm.edu> wilcox@hydra.unm.edu (Sherman Wilcox) writes: > I recently took my SE/30 to my local dealer because the superdrive had > gone out on me (bad news -- my machine is only 6 months old, but purchased > before the 1 year warranty went into effect). When I brought it home and > booted up, Disinfectant immediately let me know that I had been infected > with WDEF-A (the INIT let me know). This is neat. When I released Disinfectant 2.0, I of course knew that my INIT worked, at least on my machine and on my Beta tester's machines, but getting reports like this back from the "real world" is very nice. I'm happy that it really is being used, that it really is working, and that it really is catching and blocking viruses. That's why I wrote it! John Norstad Academic Computing and Network Services Northwestern University jln@acns.nwu.edu