Path: utzoo!utgpu!news-server.csri.toronto.edu!clyde.concordia.ca!uunet!jarthur!elroy.jpl.nasa.gov!ncar!tank!msuinfo!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: trebor@biar.UUCP (Robert J Woodhead) Newsgroups: comp.virus Subject: Re: Virus in Text Files (Mac) Message-ID: <0008.9004131250.AA02586@ubu.cert.sei.cmu.edu> Date: 11 Apr 90 13:49:10 GMT Sender: Virus Discussion List Lines: 31 Approved: krvw@sei.cmu.edu woody@chinacat.Unicom.COM (Woody Baker @ Eagle Signal) writes: >Macintosh datafiles, as I understand them, have 2 parts, a resource >fork and a data fork. Anything in resource fork (so I've been told) >can execute. Does this imply that one could bury a virus in the >resource fork of a data file? >I'm sure that this has been hashed over before. >Cheers >Woody Not quite. Resource forks contain resources. Some resources are "code- bearing" resources, some are data. Only code bearing resources could ever get executed. However, for this to happen, the system (or an app) has to decide it wants to do so. For a variety of technical reasons, it is extremely unlikely that this can be induced to occur. It might be possible to write a virus that infects a certain application only and once in that app can spread to others (that piggybacks on that target app's documents) but it would be an unreliable and difficult infection vector. Summary : very difficult, unreliable, not bloody likely PS: a semi-example of this "piggybacking" is WDEF, which depends on a quirk of the OS to get executed if it is in the desktop file. However, the desktop file is a very special file on a macintosh. - -- Robert J Woodhead, Biar Games, Inc. !uunet!biar!trebor | trebor@biar.UUCP Announcing TEMPORAL EXPRESS. For only $999,999.95 (per page), your message will be carefully stored, then sent back in time as soon as technologically possible. TEMEX - when it absolutely, postively has to be there yesterday!