New virus reported; not here yet
Author: from AppleLink
Date: March, 1989
Keywords: ANTI virus protection
Text: TECH TIDBITS Copyright 1988, Apple Computer Inc. (Compiled by Mike Furniss, SMUG AppleLink editor) Articles on both CompuServe and Delphi have reported that there is a new Macintosh virus which, unlike previous viruses, does not create an additional resource. This makes detection more difficult. This new virus is calledANTI, and apparently infects only Applications or other files with ID=1 resource. The virus has been found in Paris and Marseilles, at the time of the message posting. At this time, there have been no reported cases of the virusin the US. However, knowing how fast they travel, it is best to be on thealert for it, and to practice ''Safe Software'' precautions. * The ANTI virus will and can install itself even when Vaccine is on: Vaccine will only alert the user with beeps if the ''Always compile MPW Inits is NOT checked. * VirusDetective can not detect this virus. * Virus Rx does not detect ANTI's presence in other files -- only when Virus Rx is itself infected. When Virus Rx is itself infected it changes its name to ''Throw me in the trash.'' * It does not seem to infect all applications: Apparently it only infects applications with a CODE1 resource called ''Main.'' The only known ways at present to determine if the infection is present are * By using Res Edit and opening its CODE ID=1 resource and search for the ASCII string ''ANTI'' * Use the advanced features (resource fork search) of GOfer. Copies of this virus have been given to several of the authors of anti-viral programs and detectors, who are working on updating their software to cope with this latest virus. Further update on this virus will be made available in Tech Tidbits as we receive further information, and additional information can also be obtained on CompuServe, Delphi and other on-line services. Safe Software Practices Although the current virus detection tools will not locate an ANTI infection, at present, it is good practice to use them to alert you to other infections. 1. Keep your software masters locked away and use backups so that if aninfection does occur, you will have an uninfected master to fall back on. 2. When booting from a floppy, keep the disk write protected so that if your system is infected, the infection can not spread itself to your floppy. 3. If at all possible, do not run applications from servers. This prevents the applications on the servers from being infected and then infecting other machines. 4. If you do have applications on the server, keep them in read only folders. This will not work if the application writes scratch files in the folder it resides in, however. 5. Check new application disks with a virus-searching utility before use. If you don't know where the software came from, be very careful. 6. In mission-critical environments, institute a policy of no public domain or unchecked software. 7. Think of periodic virus checks as important as periodic backups. 8. Keep Vaccine, or another similar program that alerts you to a potential infection about to occur active at all times. 9. Back up -- but do so after you have checked your system for an infection -- you don't want to back up the infection! 10.When you are using virus detection tools, run them from locked floppies. Most tools themselves can be infected, which makes a very convenient way for a virus to be sread in the eradication process. The best defense against any virus is to prevent contamination. Do not insert any disk into your system unless you know it is not infected. Do not let others use your system. If they are infected, they can contaminate your system by using a single infected disk in your system. Check for infections routinely. Once a virus has been detected, eradicate it completely and check all your floppies, taking care not to reinfect your system in the progress. While some virus detection programs can eradicate a virus, the surest way to insure that the infection is gone is to delete all files from your hard drive, reformat, and reload system software, applications and files from a clean backup or original that has not been infected.
Copyright © march, 1989 by from AppleLink