Xref: utzoo comp.sys.mac:15396 comp.sys.mac.programmer:605 Path: utzoo!mnetor!uunet!husc6!bbn!uwmcsd1!lakesys!macak From: macak@lakesys.UUCP (Jim Macak) Newsgroups: comp.sys.mac,comp.sys.mac.programmer Subject: Re: StuffIt a Virus ? Message-ID: <615@lakesys.UUCP> Date: 26 Apr 88 14:27:11 GMT References: <350@matr-a.UUCP> Reply-To: macak@lakesys.UUCP (Jim Macak) Distribution: na Organization: Lake Systems - Milwaukee, WI Lines: 50 Keywords: Trojan Horse Stuff It Virus Summary: Most anything can carry a virus. In article <350@matr-a.UUCP> ken@matr-a.UUCP (Ken Farnen) writes: >I have just read a short piece in a UK computer paper about viruses in general. > >There was what ammounted to a 'throwaway' comment that the Mac community was >heavily infected by the 'Stuff It' virus. > >This is a trifle worrying! We quite like StuffIt, and since the net is in >the process of standardising on it, we can't get away from it. I was also >about ready to authorise it to be included in the shareware archives we keep. > >OK, I know that the free rags are not the most accurate of sources, but I >feel I must ask: > >IS STUFFIT A TROJAN HORSE ????????? > >If not, does anyone know how such a misunderstanding could arise ? I think that we have to remember that our friendly viruses can often attack and attach themselves to several different types of Macintosh files, including System files and applications. So if someone uses a previously uninfected application on a Mac that has been infected with a virus, that application could become infected itself. Now, suppose the user takes that newly infected application and gives it to a friend, or uploads it to a BBS. Now the application carries the virus to whichever Mac it is used on. And so it spreads from Mac to Mac. This is the way many viruses are intended to work. They infect "innocent" applications and use them as carriers, to further spread the virus. Singling out a certain program as a "Trojan Horse" just because a copy of it was infected in this manner is completely unfair and can do unreasonable harm to the reputation of that program. We have to be careful to make a distinction between programs that have been innocently infected and those that were infected on purpose by the virus author in order to distribute the virus. In the former case, only a few copies of the application will be infected, and the problem will often be related to the distribution of that originally infected copy. In the latter case, _every_ copy of the application will be infected, universally. Unfortunately, this distinction is likely a very difficult one to make for the isolated user. That's something we can use the nets for. Jim -- >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< Jim --> macak@lakesys.UUCP (Jim Macak) {Standard disclaimer, nothin' fancy!} >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<