ECN No Name Newsletter: May, 1989

The ECN No Name Newsletter is no longer being published. This is an archived issue.

[previous article] [next article]

The Terminator (Virus Killing)

Mike "terminator" Moya

How do I detect a virus on a floppy? ...on a hard disk drive? Is there anything I can do to prevent viral infections? What "virus finder" application should I use?

All of the above are legitimate questions and I have answers...just read on!

This article focuses on two very important applications for fighting viruses on a Macintosh workstation that are available on the ECN Public file server. "Disinfectant" is a virus finder/killer and fixer that you use to clean a disk. "Vaccine" is a virus prevention application you put in your system folder and operate from your control panel.

Disinfectant:

"Disinfectant" is an application that will search and kill most viral strains circulating on Macs today. In addition it will fix infected files (many other viral killers boast they can do this, but "Disinfectant" is the only one I've used that *really* does). It is not going to be 100% effective (that is unrealistic) but it is the best available. Best of all, it's free! and available to you on the ECN Public file server. It has a very usable and easy to understand interface and you could probably figure it out even if you didn't read how to use it. The following is edited from "Disinfectant's" own online about document and explains how to apply this application.

The main Disinfectant window has 8 buttons that control its operation:

(illustration shown here)

Drive and Eject

These buttons are used to select the disk you want to scan or disinfect. They work the same as they do in Apple's standard open file dialogue. The drive button cycles through all your hard disks and floppies on the workstation. The eject button is used to eject a floppy. As an alternative you can also click on the name and keep the mouse button held down to get a popup menu listing all of your disks. The "currently selected" disk will have a check mark next to it (pull the mouse up and down the list to select a particular disk).

Scan and Disinfect

Use the scan button to look for viral infection on the disk you selected (read above). The scan button will not repair or heal any of the infected files, just list possible infections. The disinfect button will scan and attempt to *repair* any infected files found. Both scan and disinfect will produce a detailed report to the left of the button panel. To scan or disinfect a single file or folder, hold down the option key while clicking on the scan or disinfect button. This action produces a dialogue that lets you select the file or folder. To quickly scan or disinfect a sequence of floppies, insert a floppy, hold down the command (or flower) key and click on the scan or disinfect button. You will be continuously prompted to insert the next floppy until clicking the cancel button. To scan or disinfect *all* mounted volumes (or disks), hold down both the command and option keys while clicking the scan or disinfect buttons. This is useful if you have several hard drives or have partitioned off a single drive.

Save

Use this button to save the report as a text file. You can then read it into just about any of your favorite word processors to print.

About

This button is an online document telling about "Disinfectant" and explaining how to use it. It also gives the known histories of viruses, what they do, how to look for them, etc, etc, etc. It is very good.

Cancel

Use this to stop a scan, it is active during scans. You can also type Command/Period to cancel.

Quit

Quits the application, you can also type Command/Q for the same result.

Do not use "MultiFinder" when disinfecting for obvious reasons (busy files).

Vaccine:

"Vaccine" is used for protection. It is the *most effective* application available to prevent virus infection. I would highly recommend using it on all *startup* floppies and hard drive system folders. It was written by Don Brown of CE Software and is available free through the ECN public file server. I would really recommend doing a "Disinfectant" scan before you install it (how to scan is explained above).

The following steps tell how to install vaccine:

  1. Connect to the ECN public file server (instructions available in another newsletter article). Open the folder called Vaccine, inside you will find an icon that looks like a hypodermic needle called Vaccine.
  2. Drag the "Vaccine" icon to your system folder.

    (illustration shown here)

  3. Open the "Control Panel" desk accessory. You will find the same hypodermic needle icon in the list of devices on the left, "click" on it. You will see a column of four check boxes, each with a small description of what they do. The top and bottom box should be checked, NOTHING ELSE! Make certain the top and bottom are the *only* ones checked then restart/reboot your system.
As long as your disk was not previously infected, you are now protected. Once vaccinated, if you try to run an infected application, vaccine will block the attack and protect your Mac by either bombing or hanging (system error). Thus if software bombs or hangs the first time you try to run it...it is probably infected. Check out the software with "Disinfectant". Do not try taking it around from Mac to Mac (and people do this!) until you finally reach an unprotected Mac so that the application finally runs! You are just propagating the virus!

"Vaccine" watches for attempts made to modify files. You might see a dialogue box appear asking for your permission to "add a resource" to a file. If you don't understand why the resource is being added...DENY permission, close the application and use "Disinfectant" to check for infection. Read "Vaccine's" online instructions in the control panel for more information.

You should make up you own personal "Virus Killing" floppy for the purpose of searching and killing viruses. You should run it on every machine before you use it. This floppy should only contain:

  1. a system
  2. a finder
  3. a copy of Disinfectant
Make sure your "Virus Killer" disk is not infected (scan it with Disinfectant)! If you bring a new floppy to MSEE 104j, I'll make it for you.

Once your "Virus Killer" disk is finished and clean...LOCK IT. Viruses can not infect locked floppies! To lock a floppy, look on the back side, flip the switch on the upper left hand side UP. Now when you insert and open it, you should see a small pad lock. That pad lock means the floppy is now READ-ONLY and is therefore immune to viral infection.

Disinfect all your floppies and disks at once. Do not do some now and the rest at a later date, you run the risk of reinfecting the clean ones. After you have completed disinfection and fixed some files, restart your workstation. This removes any copy of the virus that may be lurking in your Mac's memory.

If you are running Disinfectant on a Vaccine protected system, you may get a dialogue box asking for permission to "add a CODE resource". Grant the request. This is Disinfectant trying to repair an infected file.

Of course this is not *perfect* protection for all future viruses, but it is a good start. Frequently used startup floppies and hard disk drives should not be without it! Viruses are becoming an increasing pain in the ___, especially in the University environment. However, we can cope with it. You the users *must* help!

read these articles
take the necessary precautionary measures
use the tools available
don't *let* yourself be a victim
As I stated before Disinfectant, in my opinion, is the best available virus finder/killer. There are several more public domain vaccines available on the "ECN Public" file server. Read the article on how to use the "ECN Public" file server. All of the virus material is in the folder called "vaccines". Happy hunting!!

webmaster@ecn.purdue.edu
Last modified: Thursday, 30-Oct-97 16:48:02 EST

[HTML Check] HTML