> If one were to receive a message bearing a virus (e.g. klez), what > happens to it on a mac?
Generally, absolutely nothing. :) > Does it get deleted via emptying one's old mail? Yes it does. > Does it reside in any particular place? It resides as an attachment embedded within the email- usually you will see .pif or a few other names- there are something like 3-4 variants that all use different tricks such as subject and message lines. The real nasty thing about the klez virus is that it is incredibly hard to figure out where it came from. It has its own SMTP engine, and keeps lists of names of machines it has infected and mixes and matches the "from and to". So someone might actually get a message that looks like it came from you that has a virus in it, but you never sent it, or you might get one from someone you don't know at all. > I heard someone say it would > just "sit there". Where? In one's mail app? Yep, it will essentially sit there within your mail application. Kind of like if you emailed a PC user an applescript and they double clicked it- nothing would happen, because their PC doesn't have applescript to hook into. But, they could forward that applescript to a mac user and that mac user could then run it. > It doesn't latch onto the code of an application? Nope. :) Some macro virus's =can= theoretically do that, which is why macs sometimes can be seen as viral incubators. One of the funniest things I ever saw was happened at a company I worked for around 3 years ago. One day I was at a meeting, and came back to the head of operations (boss of the network admins) berating one of my designers until I thought she would cry. It turned out someone had sent her the "I love you" virus, she didn't know what it was and forwarded it on to three network admins, and all hell broke loose from there. Her mac wasn't affected by it, but by forwarding the message she essentially sent all three of them the virus which hit the exchange server... About a day before it caused havoc around the world. I just said I'd deal with it, took her into a conference room and sat down and laughed for at least 20 minutes, then told her about how I once accidently deleted an entire virtual host directory instead of one file via a mistyped / while connected through telnet. Stuff just happens. Unfortunately microsoft just makes it much easier for stuff to just happen. I know some of my above answers were short, so I'll try to clarify with a little history so it makes some more sense: Basically, awhile back microsoft decided it would be very cool to build in all of this neat functionality into its products and exchange servers. If you've ever used the PC outlook, you've seen this- you can send someone a message requesting a meeting, they can say "yes I can be there at this and this time" when they reply. Your server/machine gets the message, updates your meeting database and you're good to go. Over a bunch of objections, microsoft chose convenience over security. Most of their products have a scripting language built in (similar to applescript) which allows the applications to be controlled via the built in "hooks". These are essentially what are exploited- because people keep finding new holes in their implimentation. Back in the day, MS had a standard policy- all of their products had to be built on the same code base in order to help eliminate wasted reimplentation costs. So the same hooks were built into the mac products starting with version 6.0 (through emulation). Therefore, macs were theoretically able to be affected by word macro viruses. Outlook express and outlook 2001 never had functionality that could be exploited- you'd think outlook could be, but it was never feature compatible- the exchange server only served it RTF files and stripped out the rest. So you're essentially left with word files that can have macros embedded within them, that =can= affect your mac. They theoretically can even propogate them throughout all your word files by adding itself to a special file MS uses to create new word docs starting with MS 6.0, 97 and 98. Here's the thing though- even though theoretically a word virus can propogate on the mac, and even run- 99.999999999% of the time it expects to be running on windows, so the code it tries to run (ie, "delete c:") is meaningless to the mac and nothing happens. Long, but hopefully it puts your mind at ease a little. Michael Bryan Bell ------------------ ICQ: 16106263 Yahoo: mhbell1 No Link for you! AIM: drunkenbatman -- G-Books is sponsored by <http://lowendmac.com/> and... Small Dog Electronics http://www.smalldog.com | Refurbished Drives | -- Check our web site for refurbished PowerBooks | & CDRWs on Sale! | Support Low End Mac <http://lowendmac.com/lists/support.html> G-Books list info: <http://lowendmac.com/lists/g-books.html> --> AOL users, remove "mailto:"; Send list messages to: <mailto:[EMAIL PROTECTED]> To unsubscribe, email: <mailto:[EMAIL PROTECTED]> For digest mode, email: <mailto:[EMAIL PROTECTED]> Subscription questions: <mailto:[EMAIL PROTECTED]> Archive: <http://www.mail-archive.com/g-books%40mail.maclaunch.com/> Using a Mac? Free email & more at Applelinks! http://www.applelinks.com
