Re[2]: Word's Macro Virus

Subject: Re[2]: Word's Macro Virus
From: Arlen -dot- P -dot- Walker -at- JCI -dot- COM
Date: Wed, 29 May 1996 08:50:00 -0600

I cannot understand how anyone could have spent 24 hours devirusing
the Macs - in 12 years I have not spent that much time although I am
extremely, almost to the extent of being paranoic, regular in
running Virus Detective and Disinfectant on all the Macs that I have
managed as we used them for scientific work of controlling our lasers
in the clean room as well as doing research on the high temperature
superconductors. The total time was usually a few minutes per
computer and on a Saturday morning I would get through many tens of
Macs - can you explain how they managed to spend 24 hours.

Having watched the Microsoft scanprot macro in action, I can easily
understand how it took 24 hours.

First, remember this macro runs under Word 6.0, quite probably the slowest,
most bloated, program ever to be run on a Mac.

Then, remember it will use this slow. bloated, pig of a program to open
each and every word document on your entire hard drive. Since I have
hundreds on mine, I'm assuming it's possible some of the folks at Qualcomm
could even have more.

Now add to this the bizarre fact that the MS macro language that scanprot
is written in cannot be counted on to be able to open all (or even *any*)
of your files (if the complete path name to the document is too long, it
will quit). This length isn't normally a problem on PC's, with their silly
8-character limit. But when you consider every Mac folder name could be
four times longer than every PC directory name you can see how Mac paths
could quite easily become too long.

You're right, when running SAM or Disinfectant it takes just a few minutes
to check my entire drive. But it took hours to run scanprot, and I'm on a
PowerMac 8100. Someone less fortunate (say, running a IIci) could easily
take a full day.

And, to be honest, I have never ever had a virus on my Mac - probably
because mine was a Microsoft Free computer laboratory!

I've had three, and MS was only involved in the last one. (The first two
were WDEF and CDEF.) The Word virus was by far the hardest to clean up,

The virus is also not a Mac phenomena - can you imagine what would
happen if you got a virus onto your Sparc (especially if you have
been following what has been happening with those rogue Java applets
which can appear on your safe side of the firewall)!

First, as far as I know, no one has *ever* seen a "rogue java applet." Some
researchers have found a hole in some of the security around java, yes. But
I'm not aware of a single instance of an applet not developed by them
specifically for the purpose of testing their theories using it. (Remember,
we're talking java, not javascript.)

<putting on techie hat>
And remember that most of those rogue applet problems require a compromised
DNS, which means the Bad Guys have *already* breached your firewall, before
the java applet arrived. Or they require a hostile (or possibly
incompetent) site administrator on the server end. In which case rogue java
isn't your only potential problem.

Second, the nature of Unix makes virii very difficult, so I'd be astonished
to be shown a virus which infects a Unix system. (Now, trojan horses can
affect anything, and there have been a number of worms, but I don't recall
any virus.) System 8 will bring a type of that protection to the Mac as
well. I'm not aware of any developments from MS to bring it to Windows
(it's already in Windows NT, but by default isn't being used, but that's
different OS completely -- it's VMS, if you're interested).
<removing techie hat>

Further David, the virus detective and the disinfectant programs as
well as the majestic GateKeeper have always been FREEWARE for the Mac
with updates ariving at the major shareware sites (info-mac and
umich) within hours of a reported virus.

Gatekeeper is powerless against the Word macro virus. I believe John
Norstad has already announced that Disinfectant will *not* be updated to
search for the Word macro virus. Virus Detective can probably be updated
manually to look for it. I'm not sure, as it's been years since I've seen

The problem with the Word virus is that it infects data files, not
executables. And, since it's a crossplatform virus, there's no quick and
easy way to determine which data files to check, as Word documents received
from another platform will not necessarily carry the appropriate
identifiers. Therefore a successful check will have to read each and every
data file on your disc.

Have fun,
Chief Managing Director In Charge, Department of Redundancy Department
DNRC 124

Arlen -dot- P -dot- Walker -at- JCI -dot- Com
In God we trust; all others must provide data.
Opinions expressed are mine and mine alone.
If JCI had an opinion on this, they'd hire someone else to deliver it.

Post Message: TECHWR-L -at- LISTSERV -dot- OKSTATE -dot- EDU
Get Commands: LISTSERV -at- LISTSERV -dot- OKSTATE -dot- EDU with "help" in body.
Unsubscribe: LISTSERV -at- LISTSERV -dot- OKSTATE -dot- EDU with "signoff TECHWR-L"
Listowner: ejray -at- ionet -dot- net

Previous by Author: Re[2]: Humor
Next by Author: Re[4]: Word's Macro Virus
Previous by Thread: Re: Word's Macro Virus
Next by Thread: Re: Re[2]: Word's Macro Virus

What this post helpful? Share it with friends and colleagues:

Sponsored Ads