Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!cs.utexas.edu!ut-emx!chrisj From: chrisj@ut-emx.UUCP (Chris Johnson) Newsgroups: comp.sys.mac Subject: Re: Vaccine vs. Gatekeeper Keywords: virus Vaccine Gatekeeper Message-ID: <21506@ut-emx.UUCP> Date: 28 Nov 89 20:29:27 GMT References: <870@pmafire.UUCP> Reply-To: chrisj@emx.UUCP (Chris Johnson) Organization: U.T. Austin Computation Center Lines: 75 In article <870@pmafire.UUCP> geoff@pmafire.UUCP (Geoff Allen) writes: >I recently obtained both Vaccine and Gatekeeper and was wondering if >folks on the net could expound on the relative merits of each. > >Gatekeeper seems to be the more thorough of the two, but does require >setting up all the permissions. Yes, Gatekeeper is more thorough in a number of important respects. It's also true that Gatekeeper used to require you to setup its privilege list, but I stress the phrase "used to" - with the release of version 1.1.1, Gatekeeper finally started shipping preconfigured with about 40 of the most commonly required privileges (most users, of course, need only a handful of those 40). >Also, it seems that Gatkeeper allows >you to choose between halting all suspicious activity and simply >notifying the user. What I'd like to have is something that would let >me allow or prevent actions as I see fit. (Especially in the early >stages when I'm trying to get Gatekeeper configured.) Is this possible? "Is it possible?" Hmm... My current answer is "no" because I haven't been able to work out a safe and reliable method of displaying alerts at *any* phase in the operation of the Macintosh. Paul Coza's answer would, I imagine, be "yes" because he, somehow, managed to implement something very similar in SAM. Needless to say, Paul hasn't been anxious to tell me how he did it. :-) :-) :-) For what it's worth, I'd love to provide the sort of alerts you suggest, but I won't do it until I find a thoroughly safe and reliable method of doing so. Sadly, I don't see such a method on the horizon. Still, distributing Gatekeeper preconfigured has dramatically decreased the troubles with the early stages of installation. In fact, in most cases, those troubles have been eliminated. >I haven't looked into Vaccine too much yet, so I don't know as much >about it. On the subject of Vaccine - I recommend Gatekeeper. I've seen too many situations in which Vaccine asked all the right questions to users who (quite understandably) had no earthly idea what the answers were. Result: the viruses did very well - the users, in stark contrast, did rather poorly. Beyond that, even if *you* can always be certain which operations are virus related and which aren't - it's hard to be certain that everyone who ever uses your machine (passing co-workers, friends, family, etc.) will always know and provide the right answers to Vaccine's Grant/Deny questions. One wrong answer and you've got a problem. Also, as mentioned above, Gatekeeper's actual *protections* are considerably more extensive than Vaccine's. >I have the impression that there is no point in putting both in my >System Folder. Is this correct? Would having both in my System Folder >cause any problems? If you use Gatekeeper there's no point in using Vaccine and vice-versa. Having both in your System Folder won't actually cause your system to crash, but Vaccine will effectively undermine Gatekeeper's transparency of operation. >Thanks for any and all advice. > >-- >Geoff Allen \ WINCO doesn't believe in Macs, >{uunet|bigtex}!pmafire!geoff \ so of course these are my views. >ucdavis!egg-id!pmafire!geoff \ My pleasure. By the way, you can find Gatekeeper 1.1.1 at sumex and simtel, and, if all else fails, I can always email it to you. Cheers, ----Chris (Johnson) ----Author of Gatekeeper ----chrisj@emx.utexas.edu