Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!cs.utexas.edu!uunet!mcsun!hp4nl!eutrc3!rcbaem From: rcbaem@eutrc3.urc.tue.nl (Ernst Mulder) Newsgroups: comp.sys.mac Subject: WDEF virus Message-ID: <1309@eutrc3.urc.tue.nl> Date: 11 Dec 89 10:16:37 GMT Organization: Eindhoven University of Technology, The Netherlands Lines: 24 Having read many articles on this new WDEF virus here on comp.sy.mac, I have the following question: Isn't there a very simple precaution against this new virus? What I mean is: I guess this virus spreads because the Mac, when a window is opened, tries to access a WDEF resource. Since this resource is in ROM and the ROM 'resource file' is opened at the lowest level, the Mac finds the WDEF in the DeskTop file first. This will only happen in the Finder (or MultiFinder) because when in the Finder the DeskTop file will be one of the open files. Any other opened file will be at a higher level than the ROM and therefore trying to open a WDEF resouce will give the resource in the DeskTop file. What is the order (resource) files are opened when in the Finder? The ROM will be on the lowest level. What after that? The Finder itself or the DeskTop file? In the latter case the WDEF problem can be solved by placing a valid WDEF in the Finder. Hmm, I guess I over-reacted, the problem might be more difficult than I thought at first glance. When a disk is inserted the DeskTop file on it will be the last opened and therefore the first searched in by GetResource. :( Maybe someone could (TAIL? ;) ) patch GetResource? pooh.