Path: utzoo!utgpu!watmath!clyde!att!pacbell!ames!mailrus!caen.engin.umich.edu!billkatt
From: billkatt@caen.engin.umich.edu (Steve Bollinger)
Newsgroups: comp.sys.mac
Subject: Re: nVIR virus found in "Kill Virus"
Message-ID: <3ff51312.129dc@blue.engin.umich.edu>
Date: 29 Nov 88 15:22:00 GMT
References:  <199@s1.sys.uea.ac.uk>
Reply-To: billkatt@caen.engin.umich.edu (Steve Bollinger)
Organization: caen
Lines: 45

In article <199@s1.sys.uea.ac.uk> jrk@s1.sys.uea.ac.uk (Richard Kennaway CMP RA) writes:
>In article , ll12+@andrew.cmu.edu (Laura Ann Lemay) writes:
>> Roland Mansson writes, quoting me:
>> .Please do NEVER state that a program is NOT infected. You can't be sure!
>> 
>> Ah, but I CAN be sure.
>> KillVirus is an INIT.  Unless someone goes in and physically puts nVIR
>> resources into it, there is NO WAY that it can become infected.
>
>That's a pretty big unless.  Like saying, "Unless someone physically breaks
>in to my house, there is NO WAY anything can be stolen from it".

He is right, nVIR is not programmed to infect anything but applications and
System files.  an INIT cannot be infected automatically (someone would have
to use ResEdit and put the nVIR in there, I don't why they would though, see
below)

>> And even if someone did put a virus in it, there is no way it could spread
>> anywhere else.
>
>Why not?  INITs contain code.  When run, it will do whatever it was
>programmed to do.  It may be that nVIR itself doesnt work when run as INIT
>code, but there's no reason you cant make INIT viruses, or for that matter
>WDEF or cdev or MDEF viruses.

nVIR works by patching the CODE resource ID=0 to jump to itself.  INITs don't
contain CODE resources, although they do contain INIT resources which consist
of code, but that isn't the same thing.  Therefore, there is no way for nVIR to
patch anything in order to be executed.  It is a common misconception that
you can just place a resource in a file and it will be executed automatically.

On the other hand, you are right, someone could write an INIT virus (i.e., a
virus that is an INIT resource and spreads to other INIT files), but nVIR
isn't an INIT virus and can't spread through INITs.

+----------------------+----------------------------------------------------+
| Steve Bollinger      | Internet: billkatt@caen.engin.umich.edu            |
| 4297 Sulgrave Dr.    +------+---------------------------------------------+
| Swartz Creek, Mi. 48473     | "My employer doesn't take my opinion any    |
+-----------------------------+  more seriously than you do."               |
| "You remember the IIe, it   +---------------------------------------------+
| was the machine Apple made before they decided people didn't need         |
| machines with big screens, color, or slots."                              |
|                                 - Harry Anderson (from NBC's Night Court) |
+---------------------------------------------------------------------------+