At 12:10 AM 1/31/96, Bill Stewart wrote:

At 11:45 AM 1/30/96 -0500, Nathaniel Borenstein <nsb@nsb.fv.com> wrote:

...

In fact, I'd settle for getting onto 10% of the machines, although I suspect I could get onto more like 80% without raising a sweat.

If I were you, Nathaniel, I'd drop that petard of yours on the ground, grab a very absorbent hankie and run like hell. ;)

You've alleged that Macs and Unixen should be about as easy as Windows machines to crack with your CardShark. I disagree - most Mac users I know have been using virus protectors more consistently and reliably than DOS/Windows users. However, if their virus software only stops known viruses, rather than anything modifying critical resources, you might get away with it for long enough to surf some numbers. [elided]

Actually, for those who don't know, one of the most ubiquitous anti-viral utilities for Macs (Symantec Antivirus for Macintosh, aka "SAM") also offers a mode that constantly watches for any generic attempt to modify crucial file/app/system resources -- and offers the opportunity to deny such attempts. Thus, it doesn't _only_ offer protection against "known" attacks. It even specifies which application/virus is trying to modify which file, allows the user to teach it that certain mods are verboten and halts activity until the user decides how to proceed. This makes it all but impossible (if a Mac is so-protected) to even introduce a trojan-keystroke-sniffing-credit-card-transmitter, much less use it to take over the TCP stack (MacTCP) without the user's knowledge. As for FV's recent "discovery:" [a] I'm glad if FV _really_ wants to educate the public, but I hope they find a better way next time than a "hey, we found this really simple way to hack the universe, but we're not telling all you 13-year-old juvenile delinquent hacker-wannabes" broadcast (talk about yer invitations!), [b] confused why NB didn't anticipate the fuss and prepend a short disclaimer onto his posting of it to cpunx (how about _thrice_ burnt, Nathaniel?), [c] unimpressed by all the vitriol it stirred up and the glee exhibited by everyone in slamming Nathaniel and Co. (lighten up, even if it was deserved) and [d] bummed that no-one remembered my keycapture utility survey of nearly a year and a half ago...as in "gee, I wish _I'd_ thoughta that." ;) Frankly, I wonder if, in the long run, FV's stunt hasn't wrought more harm than good: I got a late-night call from a worried but clueless friend asking me to clarify this "credit card sniffer thing" he'd heard about from someone else: he was all worried that there was an invisible virus on his machine. >sigh< It's seems the brush has been set afire: now which way will the winds blow? Cheers, dave ____________________________________________________________________________ "With annual interest, compounded every nanosecond, that'll be $0.02000018."