Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw
From: lunde@casbah.acns.nwu.edu (Albert Lunde)
Newsgroups: comp.virus
Subject: Re: Questions about "Disinfectant" (Mac).
Message-ID: <0010.9106171414.AA16331@ubu.cert.sei.cmu.edu>
Date: 15 Jun 91 01:09:56 GMT
Sender: Virus Discussion List <VIRUS-L@LEHIIBM1>
Lines: 63
Approved: krvw@sei.cmu.edu

firmiss@cae.wisc.edu writes:
> 1.  I believe since version 2.0, Disinfectant had the ability to install
>     a protection INIT.  The thing is only 5k... What does it DO?...
>     Does it just give a warning if something is being infected?
>     What does it look for?

It is small because it is written in assembly, with no configuration
options.  It tries to prevent virus infection from being successful,
and issue an informative message via the notification manager.  The
means used to block infection vary according to the virus.  Like
Disinfectant it is effective against a list of known viruses, and
tries to be specific enough to avoid false alarms.

It does not scan files on every inserted disk for say, nVIR.

> 2.  I remember hearing that using Disinfectant AND the old virus
>     protection
>     CDEV(?) "Vaccine (TM) 1.0.1" was a bad idea (Vaccine somehow
>     rendered the
>     Disinfectant INIT useless or something to that effect).
>       Is it also a good idea to remove the INITs "KillVirus" (Icon is a
>     needle with the word nVIR next to it). and "Kill WDEF - virus INIT"
>     (Icon is just a standard document icon)?  I know these are pretty old
>     too.  (at least I don't have "Ferret" and "Kill Scores" and those
>     other
>     related relics)

We are currently advocating that general users at Northwestern use
only the Disinfectant INIT and not Vaccine or Gatekeeper Aid, and that
they get periodic updates.

The risk from unknown viruses seems balanced by the reduced grief to
general users.  The rate of virus spread is slow enough that this is
workable.

Vaccine presents unclear messages, bombs on application startup under
many real infections and is bypassed by other newer viruses and has a
few minor bugs unrelated to viruses.

Gatekeeper Aid has occasionally removed the CODE resources from my
running applications.  Like the other Gatekeeper tools, I think it is
useful for advanced users, but too paranoid and subject to false
alarms for average Mac users.  There is a tradeoff between detecting
suspicious activity and being quiet and specific. (See discussion in
the Disinfectant online help.)

I would not recommend "KillVirus" - it seems to be one of many early
nVIR tools, that are not as generally effective as the Disinfectant
INIT. I know nothing about "Kill WDEF - virus INIT", but it is not
needed if you use the Disinfectant INIT.

> 2a. Almost forgot... What about "SAM (TM) Intercept" INIT... I know it's
>     newer but do "SAM" and "Disinfectant" interfere with each other?

I think that these can co-exist, but I don't remember which takes priority.

> My current version of Disinfectant is 2.4... Is this the most current
> one?  I've had it for about 6 months now.

Yes 2.4 is current - see John's prior post about it and system 7.

Albert Lunde - Northwestern University  This post represents neither NU
Albert_Lunde@nwu.edu                                    or John Norstad