Here is a group of programs that may help protect you form the rogue PostScript virus that has cropped up and reported by MacWeek in its July 31 issue. First are two programs writtten by Jim Lawton and then a few pointers from Peter Fink.
This program may take a long time to run because it tries every possible password number from 0 to 999,999 until a success or it exhuasts all numbers. However, this may not work as Peter Fink points out a password can be set to letters and other values.
%%May be copied and distributed freely for non-commercial use, as long as the creation information is kept intact.
%%Pages: (atend)
%%DocumentsFonts: (atend)
%%BoundingBox 0 0 612 792
%%endComments
statusdict begin
/s (100 string) def
clear
(Password status check ) print flush
/password 0 def
999999{password checkpassword { password s cvs print ( is the current password.) print flush exit } {/password password 1 add def}ifelse }loop
%%SetPassword
%%Jim Lawton
%%To change the password on a PS device, send it the following code:
%%where "old" and "new" represent the respective old & new passwords.
serverdict begin "old" exitserver
statusdict begin
"old" "new" setpassword
end
Peter Finks letter:
Dated July 20, 1990
Password Alert! protects you from a vicious trojan horse PostScript file thtat has just struck several service bureaus during the past two weeks, resetting passwords in their PostScript interpreters t an unknown value. Such a change immediately renders a RIP useless for most commercial PostScript applications.
Commercial prep files rely on exitserver calls that use zero as the password. With your password changed to an unknown value, there's little you can do but replace a board (or of your lucky, a chip) in your interpreter.
Download Password Alert! postscript each time you powr up or reset:
Password Alert! listing:
serverdict begin 0 exitserver
statusdict /setpassword
{userdict begin /evilpassword exch def pop
(!! PASSWORD ALERT - NOTIFY OWNER!!) = flush
/Helvetica findfont 24 scalefont setfont
20 50 720 {70 exch moveto
(!! PASSWORD ALERT - NOTIFY OWNER!!)
show} for
showpage
} put
Password Alert! does three things:
1) It protects your RIP by redefining the setpassword operator until you reset or reboot the RIP.
2) It Captures the "evil" password and stores it harmlessly in userdict as a value associatedee with the name literal /evilpassword. (If the password changer substitutes the same password for zero in all case, knkowing it will save future victims a lot of time and money. Even if the evil password is different in each case, knowing its type may beof Help. Contrary to Adobe documentation, a passowrd need not just be an integer. In at least someimplementations setpassword will accept all sorts of things as a new password, including real numbers and strings.)
3) Password Alert! then notifies the user that a program has called setpassword. It crashes the password changer's print job (which probably doesn't print anyway), sends an alert messsage to the printing application, and screams bloody murder via its alert page. If an alert page shows up in your shop, you should apprehend the file been printed, complete with any EPSF files and fonts (likely vectors for the password changer's code), and use the third utility below to get a printout of the evil password.
Print EvilPassword listing:
/Helvetica findfont 12 scalefont setfont
70 70 moveto (The evil password is: ) show
userdict /evilpassword load 256 string cvs show
showpage
If Password Alert! prints an alert page, a program has attempted to use setpassword. You may have foiled the password changer and captured the evil password! Print EvilPassword should print a page that tells you the evil password. Make sure you download this code before the RIP is rebooted. Rebooting will remomve the captured /evilpassword entry in userdict.
If you obtain the evil password (or its vector file), please contact Peter Fink at DeskToPress. (617) 527-1899 (voice) or (617) 332-1533 (FAX)
