Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the best-selling Take Control ebooks.

 

 

Pick an apple! 
 
Record HD in Game Your Video

With Game Your Video you can you also record HD videos. To do this, go to the record screen, tap and hold your finger on this screen for about a second, and you'll see the video resolution pop-up. Choose the HD option to record videos in higher quality.

Visit Global Delight

 
 

Garfield Strikes Back

Send Article to a Friend

The Macintosh virus count increased by one last Monday when a new virus called either MDEF or Garfield was found at Cornell University. Contrary to an article in MacWEEK, the virus was found by Gordon Suggs of Cornell Information Technologies and Adam Engst of TidBITS. Tom Young, also of CIT, did an excellent job clarifying and distributing information about Garfield to the virus protection authors and the world at large.

The virus is fairly simple and is partially stopped by CE Software's Vaccine. Chris Johnson's Gatekeeper stops it completely. The virus was discovered when a number of Macs attached to public laser printers failed to drop any menus. Vaccine had been reporting attempts to add an MDEF resource, but those attempts had been denied. Garfield's first step is to renumber the MDEF 0 resource in the System to MDEF 5378. Vaccine does not stop the renumbering, and when the System cannot find MDEF 0, menus no longer drop. The second step is for Garfield to copy itself into the System as MDEF 0, at which point it can copy itself to applications unnoticed since the menus still work (apparently it calls the original MDEF resource when necessary). Added evidence of the virus' simplicity is that it cannot infect later models of the Mac (after the SE) since the MDEF resource is in ROM in those machines.

John Norstad's Disinfectant and the commercial programs SAM and Virex were updated within days to find and eradicate the Garfield virus. The latest version of Disinfectant is 1.8 and Virex is at 2.7. Symantec Corp. is publishing the methods of finding MDEF with SAM. If you have Jeff Shulman's Virus Detective 4.0 or later, you can add this search strings to look for MDEF:

Resource MDEF & ID=0 & WData 4546#58EA9AB#C3F#B6048; To find Garfield MDEF

Information from:
Adam C. Engst -- TidBITS Editor
Gordon Suggs -- cd7J@cornella.cit.cornell.edu
Tom Young -- xmu@cornella.cit.cornell.edu

Related articles:
MacWEEK -- 22-May-90, Vol. 4 #20, pg. 10

 

READERS LIKE YOU! Support TidBITS by becoming a member today!
Check out the perks at <http://tidbits.com/member_benefits.html>
Special thanks to Tif, John Greening, Irving Silver, and Lynn Richards
for their generous support!