VIRUS-L Digest Tuesday, 21 Mar 1989 Volume 2 : Issue 69 Today's Topics: Hard Drive Protection from nVir Virus (Mac) Re: nVIR at Apple (Mac) Viruses and the Media --------------------------------------------------------------------------- Date: Tue, 21 Mar 89 08:52 EST From: MOSES@URVAX.BITNET Subject: Hard Drive Protection from nVir Virus (Mac) I am a new subscriber to the Virus-L list. I subscribed in hopes that someone could possibly give me some information or advice. I need to find a hard drive write protection tool. This is my problem - my macs were infected with the nVir virus. After extensive cleanup and losing a lot of good applications I placed the Vaccine into my system files. It has been brought to my attention that the users either Turn Off the protection or remove the vaccine so they may be able to use their infected applications. What can I do in this situation. This campus is new to macs and I have only worked with them for about a year. This has become very frustratinng. Can someone help? ------------------------------ Date: Tue, 21 Mar 1989 07:00:23 PDT From: blob@apple.com (Brian Bechtel) Subject: Re: nVIR at Apple (Mac) In article <8903211325.AA02883@apple.com> "Mitchell N. Perilstein" writes: > In reference to Anders Christensen's message about witnessing > an nVIR infection by inserting an infected floppy to a clean machine > and immediately removing it, I would like to add two thoughts. > > One is that the nVIR sourcecode was widely posted to European > bulletin boards, so a new strain that patched a system to respond to > DiskInsert events wouldn't be unreasonable. However, this would assume that the system is already infected. When a disk is inserted, no code is executed from the disk in question. System code, already in place from the current booted system, is executed. There is no method for a floppy disk to infect a system merely by being inserted into the machine. > Second, it may be possible Apple distributed some nVIR by > accident. My friend's new SE recently was infected with the nVIR > virus, and we are fairly certain it was introduced to the machine via > the "Teach Text" application on the System Tools diskette packaged > with the machine. The diskette was used to format the SE's new drive, > then it was put away and never again touched. Later, when nVIR was > found, all my friend's floppies were examined, and the Tools disk, > still locked, had the normal nVIR strain in that one application. > > I emailed to someone at Apple a question about the possibility > of this happening, complete with disk serial numbers. They replied > that they had done some checking and found nothing, and suggested I > see if the machine's dealer had possibly used the diskettes. I trust > Apple on this -- their business depends upon it. Okay, the following is based on my personal experiences here at Apple: I don't know to whom the message referenced above was mailed, but I can assure you that the possibility of Apple shipping any software with a Virus is almost nonexistant. We have a group whose sole responsibility is to ensure the clean build of our software. This Software Configuration Management (SCM) group has implemented a variety of strategies to help ensure a sterile environment: 1) All build machines are not connected to any network. 2) All software is built from source files that have been stripped of all resource forks. 3) All software is built from source files. No software is allowed to be submitted with pre-existing resources. 4) All software is built using tools created here at Apple. This means that we build the tools, as well as the software. The tools are built using the same procedures as any other software. 5) All software is checked after build using a variety of tools such as VirusRx and ResEdit. The checking is done on a image copy of the built software, not on the originals. (To prevent potential infection from the tools, even though they are also kept only for this purpose.) 6) All originals have at least one copy kept off-site, at least one copy kept on site in a locked vault, and additional copies (the ones actually used) are kept in a locked room, only accessable to members of the SCM group. 7) The copies sent to manufacturing for duplication are never inserted into a machine for use; they are only used in an image copy duplication machine. There are other measures as well. To sum it up, Apple Computer is VERY aware of the potential problems of virus infections. I find it EXTREMELY difficult to believe that Apple has shipped any infected software. Whoever responded to your original request had a plausible explanation; an infected dealer may use diskettes from a machine, put them back, and pass the infection. Naturally, Apple has no control over such circumstances. Only dealer education and safe software practices can help. As you say in your message, "...trust Apple. Their business depends upon it." - --Brian Bechtel blob@apple.com I can not officially comment for Apple, just as you can not offically comment for your organization ------------------------------ Date: Tue, 21 Mar 89 11:16:05 mst From: Hugh Gibbons Subject: Viruses and the Media Nicholas Geovanis is correct to point out that the unprofessional treatment of viruses by the media is a part of a larger problem. His comments about US News & World Report are well deserved. As American news magazines go, however, US News is one of the better ones (usually less sensational than Time or Newsweek, for instance). What surprises me is that reporters for the newspapers and magazines are not better informed about viruses than they are, considering the fact that many if not most of these reporters use computers on a daily basis; they are as vulnerable to viruses as anyone. But I guess if you live in the world every day and don't bother to inform yourself about what's going on before reporting it, you probably wouldn't bother yourself about data integrity either. Hugh Gibbons < gibbons%mimicad@boulder.colorado.edu > University of Colorado (the Wild West) ------------------------------ End of VIRUS-L Digest ********************* Downloaded From P-80 International Information Systems 304-744-2253