Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: KE2Y@VAX5.CIT.CORNELL.EDU (John Chapman) Newsgroups: comp.virus Subject: Re: protecting mac files via locking (Mac) Message-ID: <0001.9106251509.AA25956@ubu.cert.sei.cmu.edu> Date: 24 Jun 91 13:16:00 GMT Sender: Virus Discussion List Lines: 47 Approved: krvw@sei.cmu.edu ratzan@rwja.umdnj.edu (Lee Ratzan) writes: > Aplication locking on a Macintosh prevents a file from accidentally > being destroyed (trashed) and to some extent from being altered. > A user wants to know if locking Disinfectant on a hard disk will > prevent it from being itself infected from a virus emanating > from an infected floppy. > > The issue is whether we can trust a resident locked copy of > Disinfectant to remain clean even if the hard disk on which it resides > becomes infected. From what I understand, Disinfectant checks itself first thing when it is launched. If it has been altered in ANY way, it supposedly renames itself to something like 'Trash Me' and quits immediately. I think the check it performs on itself is a little more complex than just simple checksumming, but I am not sure. Anyway, the theory is that even if something were able to infect Disinfectant, it would not allow itself to be run. (For those interested, I think this is also why you cannot alter the MultiFinder partition size - it is somehow 'hard-coded' into Disinfectant such that changing it in the Finder Get Info box doesn't work). If you are particularly concerned, run the Disinfectant INIT on all boot volumes. This should prevent the infection of any program (not just Disinfectant) from any known virus. The INIT is unobtrusive, VERY small (read 5K) and is very effective against anything that's been found. If you want more complete protection, I would suggest trying GateKeeper (freeware) or the commercial packages SAM, Rival, or Virex. From what I have seen, all are excellent at blocking all known virus, but their main strength is their ability to catch & block new, unidentified viruses. Unfortunately, this means they are far more picky and sensitive than the Disinfectant INIT and may cause conflicts with (a few) software packages and INITs. By the way, the current version of Disinfectant is 2.4 and may be found on most good FTP archives (eg. sumex-aim.stanford.edu) as well as several mail server archives. > Lee Ratzan - - John T. Chapman ke2y@vax5.cit.cornell.edu ke2y@crnlvax5.bitnet Disclaimer: These opinions are my own and do not necessarily reflect those of the University or of the manufacturers of the products mentioned above.