Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!cs.utexas.edu!wuarchive!udel!rochester!rit!ultb!jjw7384
From: jjw7384@ultb.isc.rit.edu (J.J. Wasilko)
Newsgroups: comp.sys.mac
Subject: Re: I'm not sure I believe this. (was Re: New WDEF Virus)
Message-ID: <1748@ultb.isc.rit.edu>
Date: 13 Dec 89 16:06:01 GMT
References: <3277@hub.UUCP> <1501@rodan.acs.syr.edu> <4221@sbcs.sunysb.edu> <1989Dec12.044029.19171@eng.umd.edu>
Reply-To: jjw7384@ultb.isc.rit.edu (J.J. Wasilko)
Organization: Information Systems and Computing @ RIT, Rochester, New York
Lines: 17

In article <1989Dec12.044029.19171@eng.umd.edu> russotto@eng.umd.edu (Matthew T. Russotto) writes:
>In article <4221@sbcs.sunysb.edu> vallon@sboslab15.cs.sunysb.edu (Justin Vallon) writes:
>>I can see how Gatekeeper could be fooled because it does not distinguish
>>between calls of AddResoruce('MSWD', 0) and AR('WDEF', 0).  Maybe GK should
>>check what's going in, and have protection for standard resources, and
>>executable resources.
>Huh? This is exactly how gatekeeper works!  Maybe 'WDEF' just isn't on
>it's standard list of code-containing resources.

Whenever I install the SuperSpoll DA (which contains a WDEF) Vaccine
always catches it. It also catches the fact that WinChooser is adding a
WDEF resource.

Why doesn't it catch the addition of a WDEF resource to the Desktop
file?

Jeff