[WinMac] Re: making a mac cd-rom; AutoStart 9805; incoming Mac media station

Daniel L. Schwartz(expresso[at]snip.net)
Tue, 21 Dec 1999 16:26:01 -0500

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Daniel L. Schwartz: "Re: [WinMac] making a mac cd-rom"
• Previous message: Bruce Johnson: "Re: [WinMac] making a mac cd-rom"
• In reply to: Curt SIters: "Re: [WinMac] making a mac cd-rom"

        Your point is well taken about the total *quantity* of x86 virii out there
as compared to MacOS virii... And many of those 60 are ignored by System 7
& up...

        BUT, those 60 (actually over 100 if you count Micros~1 macro virii!)
strains, when they hit, spread rapidly worldwide... Including on to a
number of "safe" commercial CD's from reputable companies! Just look in
MacInTouch at the tally of hundreds of thousands of commercial CD's that
were infected with AutoStart 9805 variants last year

        Why is this?

        Two factors lead to the AutoStart 9805 spreading so rapidly:

        Primarily *because* the Mac community let their guard down. We were so
smug that it came back and bit us in the ass! :)

        A secondary - But important - factor was the general bugginess of Mac
anti-virus software, oftentimes causing much more trouble than it solved!
Because antivirus software likes to load first (at least in the System 7.0
- 7.6 days), it played hob on all sorts of other stuff.

        So, we stopped installing antivirus software on our Macs - Yours truly
included. I relied on John Norstad's excellent Disinfectant 3.6 for many a
moon for cleaning up machines under my care... Until Spring 1998.

        The rules changed when AutoStart 9805 worm arrived from Hong Kong. And
when it hit, it struck especially at Mac-only graphics shops where Finder
File Sharing was enabled. But, it also struck in shops that had a
client-server topology, because the worm would spread to - But not execute
on - *nix and NT Mac enabled volumes.

        When these worms hit the non-Mac servers - And scanning for Mac virii was
turned on - bells and whistles went off, alerting sysadmins that there was
an infection. [Keep in mind that using an antivirus is mandatory on x86
machines as well as on servers for precisely this reason.]

        Enterprise strength antivirus software is a good idea in almost every
WinMac shop... And if done properly one machine will protect an entire
network. The key is to have it keep a low profile on the Macs, and let an
NT box do the dirty work.

 -----

        Now lest you think I'm a Mac basher, here's a solution that works very
well in Mac-only shops - Especially those that bring in media (syquest,
zip, CD) from the public:

        Take an older Mac - *Preferably* a Quadra that is about to be retired -
and load System 7.5.1 or 7.6.1 on it. Then, load the most current antivirus
software on it, with only minimal network extensions. This way, any
conflicts with current MacOS software has been long ago fixed. Then, "pile
on" all of your SCSI peripherals - Zip, Jaz, 44, 200 & 270 MB SyQuest, yada
yada yada.

        Now, designate this machine as the "hot" machine where incoming media must
enter your system, where it will be unstuffed and thoroughly swept for
malicious code.

        This will also provide an unexpected benefit as well: Since all of your
SCSI removable devices will be piled on one machine, your other Macs will
also run faster, too! [This is because Zip & Sy devices - And scanners -
are notorious for having very poor SCSI controller chips in them; and when
you put them on the same SCSI bus as your hard drive it (they) will drag
your hard drive performance down into the toilet.]

        And in case you wonder, I use Sophos SWEEP on my NT server here at home to
scan for Mac virii. :)

        Cheers!
        Dan

At 02:17 PM 12/21/99 -0500, Curtis wrote:
>I been running Mac for over thirteen years and it has been over eight since
>I had ANY virus protection because I haven't had any virus' in that period
>of time.
>
>The last I heard was that the official count of Mac virus' was near 60
>(wintel over 60,000). So the chances of someone getting one are very slim.
>
>
>Curtis J Siters
>
>csiters@earthlink.net
>csiters@keyconn.net
>
>www.keycon.net
>www.htip.com (soon to be back online)
>www.natureandhealth.com (soon to be online)
>
>----------
>>From: winmac-errors@lists.best.com
>>To: winmac@lists.best.com
>>Subject: Digest winmac.v001.n056
>>Date: Mon, Dec 20, 1999, 6:11 PM
>>
>
>> But what about the newbie - The user Apple is targeting with the iMac?!
>> New users aren't going to have an antivirus app... But their default will
>> be set wrong!

*** Windows-MacintoshOS Cooperation List ***
FAQ: http://www.darryl.com/winmacfaq/
Archive: http://www.darryl.com/winmac/

To unsubscribe, send mail to winmac-request@lists.best.com
with just the word "unsubscribe" in the body of the message.

• Next message: Daniel L. Schwartz: "Re: [WinMac] making a mac cd-rom"
• Previous message: Bruce Johnson: "Re: [WinMac] making a mac cd-rom"
• In reply to: Curt SIters: "Re: [WinMac] making a mac cd-rom"

This archive was generated by hypermail 2.0b2 on Tue Dec 21 1999 - 14:19:54 PST