Path: utzoo!attcan!uunet!lll-winken!ames!mailrus!ukma!rutgers!cs.utexas.edu!ut-emx!chrisj
From: chrisj@ut-emx.UUCP (Chris Johnson)
Newsgroups: comp.sys.mac.programmer
Subject: Re: Suggestion for virus prevention
Keywords: CODE resource virus detection
Message-ID: <9382@ut-emx.UUCP>
Date: 12 Jan 89 16:02:56 GMT
References: <1272@viscous.sco.COM> <3614@tekig4.TEK.COM>
Reply-To: chrisj@emx.UUCP (Chris Johnson)
Organization: U.T. Austin Computation Center
Lines: 29

In article <1272@viscous.sco.COM> jamesm@sco.COM (James M. Moore) writes:
>Would having programs... check their CODE resources
>...help prevent the spread of the current strain of viruses?  

Actually, there's already a cdev/INIT designed to protect executable
resources (not just CODE resources) from addition/modification/deletion.
It also protects the file types of files containing executable resources.
All attempts to alter any of these things results in a an entry being written
to a log file that'll tell you exactly what ROM call was made, who and what
it was directed against, and what application was responsible for the call.

The INIT/cdev is called GateKeeper, and version 1.0 was finished and released
on January 2nd.  It has been posted to comp.binaries.mac and will appear
there eventually, but it is already available from Sumex at Stanford and
Simtel20 at White Sands.

I've tested GateKeeper against Scores and nVIR, against which it has proved
totally effective.  It should, by the same token, be totally effective against
Hpat, and (educated guess only) should be effective against INIT29.  GateKeeper
was tested prior to its release in several public access Macintosh facilities
in which it also proved itself effective and essentially trouble-free.

If you can't get it from Sumex or Simtel, I'll be happy to email a copy to
you.

Hope this helps,
----Chris

P.S.  The question mark is the on-line help button.