Path: utzoo!yunexus!geac!syntron!jtsv16!uunet!mcvax!cernvax!ethz!macman From: macman@ethz.UUCP (Danny Schwendener) Newsgroups: comp.sys.mac Subject: Re: Need Vaccine Type Programs Keywords: virus vaccine nVIR scores dukakis Message-ID: <661@ethz.UUCP> Date: 30 Oct 88 17:36:46 GMT Article-I.D.: ethz.661 References: <3548@crash.cts.com> Reply-To: macman@ethz.UUCP (Danny Schwendener) Organization: ETH Zuerich, Switzerland Lines: 231 There is currently no known PD program that is explicitly a virus carrier. Sometimes a program gets infected and is uploaded to a BBS. This was the case, for example, of Stuffit 1.21, as an infected version of that program has been uploaded to a texan BBS. HOWEVER, THIS WAS A LOCAL INFECTION. This virus never made it far outside Texas, and was discovered just a few days after it was uploaded. Really important in that business is the Leitmotiv "Don't Panic". We are at the fourth nVIR wave on our site, because some institutes just don't care about disk hygiene until they are struck by a virus themselves. But then, it is already (almost) too late... There is a virus discussion list on BITNET and I encourage everybody who has access to that net to sign up. Send the following interactive message to LISTSERV@LEHIIBM1.BITNET: SUBSCRIBE VIRUS-L "Your full name" Below is a list of the virus detection/killer programs I know of, with a short description of what they're doing. I have Vaccine CDEV, Interferon,Virus-Rx, KillScores, VirusDetective, VCheck, nVIR Vaccine and Ferret,but I really only use Vaccine CDEV and Interferon as detection programs, and one of the killer programs if it really gets tough (KillScores, nVIR Vaccine). Oh, and the dukakis vaccine, of course, which you have to install only once in your Home stack. The documentation has been written by Joe McMahon and is available as Hypercard stack. By the way, Joe's address is: Code 631 Bitnet : XRJDM@SCFVM NASA/Goddard Space Flight Center CompuServe: 72330,554 Greenbelt, MD 20771 -- Danny +-----------------------------------------------------------------------+ | Mail : Danny Schwendener, ETH Macintosh Support | | Swiss Federal Institute of Technology, CH-8092 Zuerich | | Bitnet : macman@czheth5a UUCP : {cernvax,mcvax}ethz!macman | | Internet: macman@ifi.ethz.ch Voice : yodel three times | +-----------------------------------------------------------------------+ -------------------------------Text follows -------------------------------- Product name: Vaccine 1.0 Author: Don Brown, CE Software Price: Free Agreements: No fee must be charged for Vaccine and it must not be modified. Class: Automatic, general prevention. Vaccine is a CDEV and designed to provide Rpartial protection from worms and viruses.S It does this by trapping attempts to write executable resources to any file on your system. Vaccine will respond to any such attempt by displaying a dialog showing the resource type which is being added and the file to which it is being added. The user may either prevent or allow this access. --------------------------- Product name: Interferon 3.1 Author: Robert Woodhead Price: Free (optional donation; see details) Agreements: Copyrighted, but permission given to reproduce and distribute. Class: Manual, general detection. File deletion. Interferon 3.1 is a Rsearch, report and destroyS application. It recognizes the known viruses, and can delete files which are deemed to be infected. Interferon is probably the most comprehensive of the virus-checking programs. It is set up to check likely areas for invasion by new viruses in addition to checking for known ones. --------------------------- Product name: Virus Rx Author: Apple Computer Price: Free Agreements: Copyrighted, but may be distributed freely. Class: Manual, general detection. Virus Rx scans for common symptoms of viral attack, such as INIT, RDEV, and CDEV files in the system folder, unusual CODE 0 resources, and others. It produces a report in a text file, which may be saved or printed as a record of disk status. Virus Rx does not disinfect applications or systems. Accompanying documentation recommends replacement of infected files. --------------------------- Product name: VirusDetective* Author: Jeffery S. Shulman Price: $10 Agreements: Copyrighted; permission given to distribute. Class: Manual, general detection/removal. Virus Detective* provides an anti-viral program in a desk accessory. It currently searches for Scores and nVIR infectsion, but is easily customizable to search for other resources. Version 1.2 allows you to produce a log file show the status of all files, files suspected of infection, and files not suspected of infection. --------------------------- Product name: KillScores Author: MacPack User Group, Dallas TX Price: Free Agreements: Copyrighted, but permission given to reproduce and distribute. Class: Manual, specific detection/removal. KillScores efficiently discovers and repairs applications and systems infected with the Scores virus. It does not look for nor does it remove any other type of viral infection. KillScores seems to be more effective than Ferret in cleaning up infected applications and systems. --------------------------- Product name: VCheck Author: Albert Lunde, Northwestern University Price: Free Agreements: Copyrighted. See details about distribution. Class: Manual, general protection. VCheck checks for changes in the contents of the active system folder, the boot blocks, and on all applications on all mounted volumes. It does not remove viruses, but simply warns of their possible existence by detecting RdangerousS resources. VCheck keeps a checksum file for all of the above items for comparison purposes. VCheck is written in Turbo Pascal and source is provided. --------------------------- Product Name: nVIR Vaccine Author: Mike* Scanlin Price: See details; source in May 1988 MacUser Agreements: Copyrighted; distribution restrictions unclear. Class: Manual, specific (partial) removal. nVIR Vaccine is a specific targeted at the RnVIRS virus. It removes this virusonly from applications which are infected with it. nVIR Vaccine is not an automatic program. You will have to select all of the programs to be disinfected manually. Also, nVIR Vaccine does not remove the virus from the System file. See the details for how to do this. --------------------------- Product name: Sniffer Author: Unknown Price: Free Agreements: See details Class: Manual, general detection. Sniffer is a simple application which can be customized to search for a given resource. Sniffer will scan for the selected resource, check for applications which have non-standard CODE 0 resources (a possible symptom of infection), and can rename files which are possibly infected. Sniffer does no disinfection. You must know the types and IDs of the resources which are to be looked for. --------------------------- Product name: Ferret 1.0 Author: Larry Nedry Price: Free Agreements: Copyrighted, but permission given toJdistribute. Class: Manual, specific detection/removal. Ferret 1.0 is an application which scans for and removes the Scores virus only. It scans the selected files for the Scores signature resources. It they are found, they are removed and the affected applications repaired. There have been reports that Ferret is not as good as KillScores and that version 1.1 may in fact leave viral resources applications after cleaning. --------------------------- Product name: Blood Test Author: Doug Werner, Apple Computer Price: Free Agreements: All rights reserved; not distributable. Class: Manual, specific and general detection. Blood Test looks for specific resources and reports if they are found. It can check for damaged applications (i.e., those with bad resource forks), and can also check for patched trap addresses in the system trap dispatch table. Blood Test does no disinfection; it is simply a means of detecting possible infections. --------------------------- Product name: Dukakis Vaccine Author: Ian Summerfield, Apple Computer UK Ltd. Price: Free to everyone except the originator of the virus. Agreements: No distribution restrictions. Class: Automatic, specific and general detection/prevention. Dukakis Vaccine is a HyperCard script designed to both detect the Dukakis virus and to prevent its invasion into stacks. The script is general enough to be of utility in blocking other HyperCard-only viruses. Dukakis Vaccine only monitors changes to scripts; it cannot block viral XCMDs or XFCNs. It does not remove the virus, but blocks it and alerts you to the virus's presence. ---------------------------