Path: utzoo!attcan!uunet!tank!ncar!ames!coherent!dplatt From: dplatt@coherent.com (Dave Platt) Newsgroups: comp.sys.mac Subject: Re: nVIR virus found in "Kill Virus" Message-ID: <14462@coherent.com> Date: 22 Nov 88 19:24:37 GMT References: <5563@saturn.ucsc.edu> Reply-To: dplatt@coherent.com (Dave Platt) Distribution: comp Organization: Coherent Thought Inc., Palo Alto CA Lines: 47 In article <5563@saturn.ucsc.edu> bushnel@ucscb.UCSC.EDU (Bill Bushnell) writes: > I recently was given a disk full of PD software by a friend. I checked the > disk with Interferon 3.1 before running any of the programs. Interferon gave > me a error #002, ironically enough, in a file called "Kill Virus INIT" and > in a file called "Kill Virus." Just thought I'd let people know... That may not indicate infection. The nVIR virus can be kept from infecting files by installing a dummy "nVIR" resource (ID=10, I believe). Some anti-nVIR programs include such a resource in their own set, and/or will install such a resource in other applications in order to render these applications immune to infection. Naturally, the presence of this resource will tend to trigger infection-alerts by virus-seekers... and so it's not necessarily a good technique. By analogy: there is an effective medical vaccine available against tuberculosis (I believe it's based on the related "BCG" bacterium) which is being used in some countries (mostly Third World, I believe). However, it's not being used in this country, because it interferes with the standard skin-patch screening test for TB infection. If you've received the BCG vaccine, then you'll respond with a "false positive" if tested for tuberculosis infection. The medical establishment in this country has decided to emphasize detection of TB infection, and treatment of those found to be infected, rather than vaccination against TB. Apparently, this makes good sense if the infection-rate is low (less expensive, no adverse allergic reactions to the vaccine, etc.). A preventive vaccine is preferable under conditions in which the disease is more common, victims are more difficult to locate and identify, or treatment is more difficult to render. So... if you're willing to run Interferon frequently (to detect infections) and apply "safe software sex" techniques (to avoid exposure to infected applications), then you should probably not use a dummy-nVIR blocking technique such as (I believe) Kill Virus uses. On the other hand, if you're not willing to do these things, then you might as well install Kill Virus and have it innoculate your applications against nVIR, and accept the fact that Interferon and VirusDetective will scream bloody murder. -- Dave Platt FIDONET: Dave Platt on 1:204/444 VOICE: (415) 493-8805 UUCP: ...!{ames,sun,uunet}!coherent!dplatt DOMAIN: dplatt@coherent.com INTERNET: coherent!dplatt@ames.arpa, ...@sun.com, ...@uunet.uu.net USNAIL: Coherent Thought Inc. 3350 West Bayshore #205 Palo Alto CA 94303