Murph Sewall wrote to tell us that he talked to both Lloyd Chambers, author of AutoDoubler, and Greg Friedman, Technical Director of Aladdin Systems. Murph was concerned that if an infected application was compressed by either AutoDoubler or Aladdin’s forthcoming SpaceSaver, that perhaps virus checking programs like Disinfectant would not detect the virus. Both Lloyd and Greg said that as long as the virus checking program accessed the infected files through the Resource Manager, they should successfully detect viruses. So the use of transparent compression utilities such as AutoDoubler, SpaceSaver, and (presumably) More Disk Space from Alysis should not impede the functioning of a virus checking utility. This is not to guarantee that all virus checkers will detect all infections in any sort of transparently compressed file, but I know that AutoDoubler and Disinfectant work fine together, and I imagine that other combinations do as well.
Porting Viruses — Murph continues, "Here’s a humorous rumor. A member of our local user group called yesterday to ask if it was true that the Michelangelo virus would affect Macs as well as PCs. As a friend of mine (who works for Apple) says, authors of viruses rarely publicize what platforms are supported. Porting that sort of code from one operating system to another is a thankfully daunting proposition. Still, I may do a full backup on March 5th." [Adam: This rumor about a Mac version of Michelangelo being a Mac virus seems to be going around. As far as I know, this is merely a humorous and incorrect rumor.] [Tonya: It gets less humorous when you spend a lot of your day explaining how it’s only a rumor. ;-)]
Murph Sewall — [email protected]
Virus Checking Code — Last week I suggested that perhaps Claris could put their integrity checking code into the public domain so that other programmers could use it. Several people quickly pointed out the problem with this idea – publicizing the code would make it easy for virus authors to circumvent it. In addition, the more different techniques that people use to prevent viruses from infecting their programs, the harder it will be for a virus to pass unnoticed.
Marshall Clow adds:
There are lots of easy things that an app can do to make life difficult for viruses:
- Mark your resources "protected", especially "CODE 0" and "CODE 1". This makes it more difficult to change them.
- Mark your resource map "read-only". This makes it more difficult to add or enlarge resources.
- Check the number and sizes of your CODE resources occasionally. Note that infection need not occur at program startup!
Use your imagination! Be creative! Be a winner like Claris! P.S. I have no affiliation with Claris.