close this bookTidBITS#166   19930301
View the documentMailBITS/01-Mar-93
View the documentEnabler Availability
View the documentUpdate Your Antiviral Utilities!
View the documentSIMM Standards
View the documentDo You Feel Enabled?
View the documentPowerBooks Do DOS
View the documentDrooling Rumors
View the documentApple Adjustable Keyboard
View the documentApple Sued For Ergonomic Keyboard
View the documentReviews/01-Mar-93
View the documentFoot Notes
Expanding the text here will generate a large amount of data for your browser to display

Update Your Antiviral Utilities!

by Mark H. Anbinder, Contributing Editor -- mha@baka.ithaca.ny.us

Technical Support Coordinator, BAKA Computers

According to an announcement from Gene Spafford at Purdue University, Macintosh virus-busters now face two new variants of existing viruses. Variants of the CDEF and T4 viruses forced several antiviral utility vendors to update their products last week.

Some existing utilities already detect the new CDEF variant, which appears to function identically to the previously-known form of the virus. According to Disinfectant author John Norstad, this variant escaped detection by the Disinfectant protection INIT, though the Disinfectant application successfully locates and removes it.

Some, but not all, of the existing antiviral utilities detect the variant of T4, called T4-C. Like previously-known strains of T4, this variant attempts to modify system boot code, tries to change the names of some applications to "Disinfectant," and can cause damage to the System software and some applications that requires a complete reinstallation rather than a repair.

Current versions of the Gatekeeper package (1.2.7), Rival (1.1.9w or later), Virex (3.91), and Virus Detective (5.0.6) already handle these new virus variants. Versions of SAM later than 3.5 (3.0 for SAM Intercept) recognize both virus variants and repair CDEF infections, but you need SAM 3.5.3 to repair T4-C infections that can be repaired. Central Point Anti-Virus 2.01c handles the new variants as long as it has the new 2/24/93 revision of the MacSig file, and John Norstad has released Disinfectant 3.0 to handle the new variants.

Norstad stressed that Disinfectant 3.0 is not a major new release of the utility, despite the change from 2.x to 3.0. It contains only changes necessary to handle the new variants of CDEF and T4, but Apple's version numbering scheme does not support a minor revision following 2.9. (Using another decimal place indicates a bug-fix revision, which is not appropriate.)

Users of antiviral utilities should make certain that AT LEAST one of the utilities they have is up-to-date. Subscribers to a commercial utility providers' update services should soon receive notification about a new version. In the meantime, updates are available from:

Central Point Anti-Virus: CompuServe, America Online,
sumex-aim.stanford.edu, Central Point BBS -- 503/690-6650.
Disinfectant: usual archive sites and bulletin boards,
including ftp.acns.nwu.edu, sumex-aim.stanford.edu,
rascal.ics.utexas.edu, AppleLink, America Online, CompuServe,
Genie, Calvacom, MacNet, Delphi, comp.binaries.mac.
Gatekeeper: usual archive sites and bulletin boards, including
microlib.cc.utexas.edu, sumex-aim.stanford.edu,
rascal.ics.utexas.edu, comp.binaries.mac.
Rival: AppleLink, America Online, Internet, CompuServe.
SAM: CompuServe, America Online, AppleLink, Symantec Customer
Service -- 800/441-7234, rascal.ics.utexas.edu
Virex: DataWatch BBS -- 919/419-1602

Readers who have no current antiviral utility installed should select one of the free or commercial utilities and install it at once according to the provided instructions. John Norstad recommends that people who expect to need tech support or automatic updates should select a commercial virus checker. We feel that Disinfectant is the perfect choice for users who stay informed, but we agree that the commercial vendors do have the advantage of offering professional support for their products.

Spafford reminded readers that creating and spreading computer viruses violates a number of state and federal laws in the U.S. and is illegal in many countries. In case anyone retains foolish notions after reading that warning, he added that several Macintosh virus authors have been apprehended thanks to the efforts of the Macintosh user community, and that some have been successfully prosecuted.