Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: panix!alexis@cmcl2.nyu.edu (Alexis Rosen) Newsgroups: comp.virus Subject: Re: Viruses in Sound Effects (Mac) Message-ID: <0007.9010041806.AA01362@ubu.cert.sei.cmu.edu> Date: 2 Oct 90 09:27:07 GMT Sender: Virus Discussion List Lines: 63 Approved: krvw@sei.cmu.edu pjc@sirius.melb.bull.oz.au (Paul Carapetis) writes: >Alexis Rosen said: >> The assertion that you should check everything is fairly decent advice >> for beginners, but there are definitely many types of files that will >> remain forever uninfectable. (That is, with a healthy contagious >> virus.) In general, these are data files which don't contain >> information which is interpreted as anything like instruction >> sequences by a fairly generic command processor. Yes, I know that >> that's a pretty vague definition, but it's pretty accurate too for all >> of that. > >It is my belief that any file on the mac which is capable of >displaying itself as an icon has executable code to do so. If this is >true, then ANY file is open to infection by a virus designed to take >advantage of this. > >Of course, it is very possible that I have been mis-informed and the >above premise is totally incorrect, in which case, I apologise in >advance. > >Any comments from knowledgable mac users? This is not correct. However, there was one small flaw in my conclusion, though not the idea behind it, which this reminds me of. In fact, icons are *not* stored as executable code. It is easy to make a file with an icon that has no code. So that's not a specific route for a virus. However, there is an important point I didn't make in the last posting. What I said was, a sound (as we currently know them) cannot be infected by any virus. This does *not* lead to the conclusion that a sound _file_ cannot be infected. The problem is the way that the Mac deals with resource forks. If you are an application and you-- Oh no. I've just invented a virus. - --fortunately, GateKeeper Aid (and probably SAM Intercept) will deal with it. As I was saying, If you're an application and you open a resource file of any sort, for any reason, *all* of it's resources, including CODE and various ?DEFs, get used in preference to yours. So you could write a virus that chose to live in any resource file, and it could spread very quickly. In fact, there is one virus that will "infect" non-application resource files, including sounds, but it doesn't qualify, because the baby viruses are stillborn- not executable or infectious. It's called INIT 29. Anyway, I stand by my first statement absolutely. No copy of nVIR will EVER infect a sound file. Ever. No exceptions. BTW, somebody sent me mail a few days ago. It got badly mangled by the mailer (like when the post office sends you a cancelled stamp in a plastic bag and says "sorry about mis-handling your mail!") but it occurs to me now from the line or so that survived that it might have been a response to my first note. If it was, you might care to re-send. - --- Alexis Rosen {cmcl2,apple}!panix!alexis alexis@panix.uucp