Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!ames!apple!dlyons From: dlyons@Apple.COM (David Lyons) Newsgroups: comp.sys.apple Subject: Re: Resource Forks? Keywords: Resource Forks, Viruses, IIGS Message-ID: <33441@apple.Apple.COM> Date: 25 Jul 89 03:31:43 GMT References: <6851@sdcsvax.UCSD.Edu> <12865@bloom-beacon.MIT.EDU> Organization: Apple Computer Inc, Cupertino, CA Lines: 49 In article <12865@bloom-beacon.MIT.EDU> captkidd@athena.mit.edu (Ivan Cavero Belaunde) writes: >[...] >Actually, resource forks should make virus spread harder, not easier. While >one can hide a virus in a resource fork, the same can be done in a data fork. >The thing is, since all code resides in the resource fork, and modifications >to resources go through manager calls, it is possible to intercept these and >consequently have a very effective virus defense. People familiar with the >Mac will know of the programs Vaccine and GateKeeper, which work in this way >by monitoring resource manager calls. Thus, it should be an improvement in >the virus situation. A couple of notes: On the GS, code is usually *not* stored in the resource fork. It's still in the data fork like before. There *is* support for Code Resources, but they are not executed automatically. When the system launches an application, it just InitialLoad-s the file, which uses only the data fork. Once the application starts running, it is free to call StartUpTools to open its resource fork (it can open its resource fork in more complicated ways if it really wants to). Once the application's resource fork is open, resources will generally be searched for there before the Sys.Resources file is searched. This means (for example) that the Icon Button control definition procedure (which is code) could come from the application instead of the Sys.Resources file. If the application decides to open documents as resource files, then resources could come from the documents too. This is not something that most applications will do--certainly not applications that were released before 5.0 was out. On the GS, I don't think resources would be the most convenient way for a virus to spread itself, so don't anybody get too paranoid about resources. For that matter, don't get too paranoid about viruses at all: just be careful. *DO* keep good backups! Some day your hard drive will implode and be struck by lightning, and the people you hired to re-tile the bathroom walls will mistake most of your 3.5" disks for bathroom wall tiles, and you'll be glad you took my advice. (Or, if you didn't, you'll be sorry you didn't.) --Dave Lyons, Apple Computer, Inc. | DAL Systems AppleLink--Apple Edition: DAVE.LYONS | P.O. Box 875 AppleLink--Personal Edition: Dave Lyons | Cupertino, CA 95015-0875 GEnie: D.LYONS2 or DAVE.LYONS CompuServe: 72177,3233 Internet/BITNET: dlyons@apple.com UUCP: ...!ames!apple!dlyons My opinions are my own, not Apple's.