From: Aron Roberts (aron@socrates.berkeley.edu)
Date: Fri Jul 27 2001 - 12:15:56 PDT
In the message "[MAGNet] virus protection for Macs", dated
2001-07-26, Sally Bellows wrote:
>As a Mac user with no departmental support, could I ask for a little
>basic info here? This latest virus or worm attack does not affect
>Macs, right?
If you are referring to SIRCAM/32 and other worms which are
dependent on features specific to computers running Microsoft
Windows, that's correct.
> Virex isn't offering any new virus definitions in between its
>monthly updates. Is that because this virus/worm doesn't concern
>us, in which case my Virex protection is sufficient, or is it just
>that Virex doesn't address outbreaks as they occur?
Both:
1) Virex's vendor, Network Associates, Inc. (NAI), decided that
their product should not attempt to detect and repair viruses and
worms which, because they were written for delivery on other
platforms, are incapable of replicating under the Mac OS.
Similarly, Virex does not detect trojan programs or scripts
which are incapable of running under the Mac OS.
In the past we've asked NAI -- so far unsuccessfully -- to allow
Virex to detect Windows-only viruses, worms, and trojans, because
Macintosh computers might serve as excellent 'tripwires' for
detecting these miscreants in e-mail attachments sent by Windows
users.
2) NAI also has almost never released virus definitions updates
between regularly scheduled monthly updates.
The only two exceptions that I'm aware of are:
- In late March 1999, when NAI made an extra driver file available
to detect the original variants of W97M/Melissa, a Microsoft
Word macro virus.
(The 'extra driver' file is a text file named "EXTRA.DAT" that
you place in your Extensions folder. The definitions in that
file can be used to supplement the extensive set of definitions
in Virex's "Virus Definitions" preferences file.)
- In June 2000, when NAI provided the UC Berkeley campus -- in
response to problem reports and virus samples generously provided
by several MAGNet members -- with an extra driver file to detect
the 'D' variant of the W97M/EIGHT Microsoft Word macro virus.
In both cases, the next monthly Virex virus definitions update also
included the ability to detect these specific viruses, rendering
these extra driver files obsolete.
>Should I be doing more than just keeping my Virex current and
>performing a scan after each update?
At present, that's entirely adequate.
Aron Roberts
Workstation Software Support Group
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about MAGNet, its meetings and events, and its
mailing list, including information on subscribing and unsubscribing,
see the MAGNet Web site at <http://mac.berkeley.edu/help/magnet/>.
This archive was generated by hypermail 2b29 : Fri Jul 27 2001 - 12:17:07 PDT