home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker 2
/
HACKER2.mdf
/
virus
/
virusl2
/
virusl2.69
< prev
next >
Wrap
Text File
|
1995-01-03
|
6KB
|
136 lines
VIRUS-L Digest Tuesday, 21 Mar 1989 Volume 2 : Issue 69
Today's Topics:
Hard Drive Protection from nVir Virus (Mac)
Re: nVIR at Apple (Mac)
Viruses and the Media
---------------------------------------------------------------------------
Date: Tue, 21 Mar 89 08:52 EST
From: MOSES@URVAX.BITNET
Subject: Hard Drive Protection from nVir Virus (Mac)
I am a new subscriber to the Virus-L list. I subscribed in hopes that
someone could possibly give me some information or advice. I need to
find a hard drive write protection tool. This is my problem - my macs
were infected with the nVir virus. After extensive cleanup and losing
a lot of good applications I placed the Vaccine into my system files.
It has been brought to my attention that the users either Turn Off the
protection or remove the vaccine so they may be able to use their
infected applications. What can I do in this situation. This campus
is new to macs and I have only worked with them for about a year.
This has become very frustratinng. Can someone help?
------------------------------
Date: Tue, 21 Mar 1989 07:00:23 PDT
From: blob@apple.com (Brian Bechtel)
Subject: Re: nVIR at Apple (Mac)
In article <8903211325.AA02883@apple.com> "Mitchell N. Perilstein"
<mitch@pjd.CES.CWRU.Edu> writes:
> In reference to Anders Christensen's message about witnessing
> an nVIR infection by inserting an infected floppy to a clean machine
> and immediately removing it, I would like to add two thoughts.
>
> One is that the nVIR sourcecode was widely posted to European
> bulletin boards, so a new strain that patched a system to respond to
> DiskInsert events wouldn't be unreasonable.
However, this would assume that the system is already infected. When
a disk is inserted, no code is executed from the disk in question.
System code, already in place from the current booted system, is
executed. There is no method for a floppy disk to infect a system
merely by being inserted into the machine.
> Second, it may be possible Apple distributed some nVIR by
> accident. My friend's new SE recently was infected with the nVIR
> virus, and we are fairly certain it was introduced to the machine via
> the "Teach Text" application on the System Tools diskette packaged
> with the machine. The diskette was used to format the SE's new drive,
> then it was put away and never again touched. Later, when nVIR was
> found, all my friend's floppies were examined, and the Tools disk,
> still locked, had the normal nVIR strain in that one application.
>
> I emailed to someone at Apple a question about the possibility
> of this happening, complete with disk serial numbers. They replied
> that they had done some checking and found nothing, and suggested I
> see if the machine's dealer had possibly used the diskettes. I trust
> Apple on this -- their business depends upon it.
Okay, the following is based on my personal experiences here at Apple:
I don't know to whom the message referenced above was mailed, but I
can assure you that the possibility of Apple shipping any software
with a Virus is almost nonexistant. We have a group whose sole
responsibility is to ensure the clean build of our software. This
Software Configuration Management (SCM) group has implemented a
variety of strategies to help ensure a sterile environment:
1) All build machines are not connected to any network.
2) All software is built from source files that have been stripped of all
resource forks.
3) All software is built from source files. No software is allowed to be
submitted with pre-existing resources.
4) All software is built using tools created here at Apple. This means
that we build the tools, as well as the software. The tools are built
using the same procedures as any other software.
5) All software is checked after build using a variety of tools such as
VirusRx and ResEdit. The checking is done on a image copy of the built
software, not on the originals. (To prevent potential infection from the
tools, even though they are also kept only for this purpose.)
6) All originals have at least one copy kept off-site, at least one copy
kept on site in a locked vault, and additional copies (the ones actually
used) are kept in a locked room, only accessable to members of the SCM
group.
7) The copies sent to manufacturing for duplication are never inserted
into a machine for use; they are only used in an image copy duplication
machine.
There are other measures as well. To sum it up, Apple Computer is
VERY aware of the potential problems of virus infections. I find it
EXTREMELY difficult to believe that Apple has shipped any infected
software. Whoever responded to your original request had a plausible
explanation; an infected dealer may use diskettes from a machine, put
them back, and pass the infection. Naturally, Apple has no control
over such circumstances. Only dealer education and safe software
practices can help.
As you say in your message, "...trust Apple. Their business depends
upon it."
- --Brian Bechtel blob@apple.com
I can not officially comment for Apple, just as you can not offically
comment for your organization
------------------------------
Date: Tue, 21 Mar 89 11:16:05 mst
From: Hugh Gibbons <gibbons%mimicad@boulder.Colorado.EDU>
Subject: Viruses and the Media
Nicholas Geovanis is correct to point out that the unprofessional
treatment of viruses by the media is a part of a larger problem. His
comments about US News & World Report are well deserved. As American
news magazines go, however, US News is one of the better ones (usually
less sensational than Time or Newsweek, for instance). What surprises
me is that reporters for the newspapers and magazines are not better
informed about viruses than they are, considering the fact that many
if not most of these reporters use computers on a daily basis; they
are as vulnerable to viruses as anyone.
But I guess if you live in the world every day and don't bother to
inform yourself about what's going on before reporting it, you
probably wouldn't bother yourself about data integrity either.
Hugh Gibbons < gibbons%mimicad@boulder.colorado.edu >
University of Colorado
(the Wild West)
------------------------------
End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253