Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the best-selling Take Control ebooks.

 

 

Pick an apple! 
 
Using Keyboard Commands While Screen Sharing

In Snow Leopard, screen sharing now properly transfers all keyboard commands to the remote server. For example, the Command-Tab application switcher switches applications only on the remote system's screen.

Submitted by
Doug McLean

 
 

INIT 1984 Virus

Send Article to a Friend

These things come in fits and spurts. We went a long time without a new virus, and the world was a better place for it. Then wham, two viruses within a few weeks of each other. People who have files infected with this new virus will definitely want to get the attention of the as-yet-unknown anti-social troglodyte author, although I expect that attention will again fall into the category of violence to the knee cap region.

This new virus is called "INIT 1984" presumably for the resource number that it installs in infected files. It differs from previous Macintosh viruses in two ways, one fortunate, one unfortunate. Luckily, it only installs itself in system extensions of the type INIT and does not affect the System file, the desktop file, control panels, applications, or data files. This is good because INITs are shared less than applications, which means that INIT 1984 has spread slowly, and indeed, only a few infections have been reported, one in the US and one in Europe. Apparently the virus works under both System 6 and System 7 though on old Macs with the 64K ROMs (the 128K and 512K Macs), the virus will cause crashes at boot time.

Unfortunately, this is also the first virus that intentionally causes damage to the files on infected hard disks when it is triggered on any Friday the 13th in 1991 or later years. Damage includes changing the names and attributes of a large number of folders and files to random strings and the deletion of approximately 2% of your files. Needless to say, the file deletion aside, changed file and folder names and attributes would be almost completely impossible to fix if a backup was not available.

The virus was discovered when it activated a few weeks ago on 13-Mar-92, but it's possible that other Macs were damaged when the virus would have activated on 13-Sep-91 and 13-Dec-91. If you think you may have had files damaged or deleted on one of those two dates, please contact Gene Spafford at <spaf@cs.purdue.edu>. If you are not on the Internet, feel free to send mail to TidBITS and we'll forward it to Gene.

Looking quickly at a calendar, I see that the next Friday the 13th isn't until November of 1992, so the virus is not likely to damage your data until then if it hasn't already. However, you should immediately get an updated version of your favorite anti-virus utility to avoid further spreading of any existing infections. My favorite anti-virus utility, Disinfectant, has been upgraded to version 2.7 by its erstwhile author, John Norstad of Northwestern University and should be available at your favorite purveyor of public domain and shareware software. Do note one important change with Disinfectant. The Disinfectant INIT must now load before all other INITs to be able to detect and prevent INIT 1984 from doing its dirty deeds. All other anti-virus utilities will also be updated to detect and eliminate INIT 1984 as you read this, so go grab one now. Incidently, the current versions of both Gatekeeper and SAM Intercept generate an alert if this virus attempts to spread to other files. However, you should still get the updates to those programs so they specifically recognize that virus for what it is.

Information from:
Gene Spafford -- spaf@cs.purdue.edu
Mark H Anbinder, TidBITS Contributing Editor

 

Make friends and influence people by sponsoring TidBITS!
Put your company and products in front of tens of thousands of
savvy, committed Apple users who actually buy stuff.
More information: <http://tidbits.com/advertising.html>