Damaged PM Docs
PM Color Mgmt
Viruses & PM
Tips & Tricks
Type & Typography
Utilities & Plug-Ins
PageMaker at Adobe
Before & After
Listserv et al
Search for a List
How you can help!
You can donate money to offset the cost of hosting the site with Paypal by clicking the "donate" button above.
About This Site
Design philosophy: all information in this web site should be accessible to the intended audience regardless of platform, browser, or size of screen. Graphics are kept to a minimum to reduce download times. If you see a frame or an animated GIF, feel free to flame me mercilessly.
This site uses fully compliant cascading style sheets (CSS). Older browsers should display text in their default fonts, while more recent browsers will all display fully formatted text. (However, the styles sheets will look best viewed in Internet Explorer 4.0 or above.) The site also complies with major accessibility standards.
The base font for this page is Trebuchet MS, a free font from Microsoft designed for on-screen readability at small point sizes. The headlines are 32 pt Times bold italic, combining elegance, classical proportions, and compactness.
The logo is variation on the original logo from Aldus PageMaker and depicts Aldus Manutius, a student of Johannes Gutenberg and inventor of italics. This is to echo the roots of desktop publishing, both in the 1450s and the 1980s. The logo uses Courier from ITC to evoke the feel of metal type and Poetica from Adobe Systems to evoke the era of hand lettering.
Viruses and the Desktop Publisher
by Peter C.S. Adams <email@example.com>
(Yes, it's "viruses." In Latin, "virus" was a mass word like "air"; there was no plural. It is only in modern usage that "virus" has come to mean a thing, something capable syntactically of taking a plural form. Hence Latin rules do not apply; English ones do, making the correct plural "viruses." For more information on the "correct" plural of "virus," see what the authors of Perl and the folks at Dictionary.com have to say on the matter.)
Viruses are of particular interest to the desktop publisher because we frequently exchange disks with clients, open other people's Word files to edit them, and receive unsolicited files via email all examples of "at risk" behavior. Everyone should practice "safe computing" and Windows users especially should make certain their anti-virus software is kept up to date. A list of vendors and informational sites can be found in the sidebar on the right.
However, viruses pose no specific threat to PageMaker users. There is no PageMaker virus, and for the most part, PageMaker users are at low risk. However, there are four major areas of concern:
Therefore, you should be wary and heed some commonsense advice.
Viruses and the Mac
In general, viruses are not a major problem on the Mac, but there are some issues:
This is not to say that virus problems will not recur in the Mac world. The "Simpsons" worm was moderately clever, but far too slow and easy to detect and remove to be considered a real threat. More recently, the Tored Mac worm has attempted to spread via email, but -- to quote The Register -- "is so hopelessly buggy and lame that it's about as likely to score as Steve Ballmer at an Apple convention." However, Mac users should still be cautious. Practice "safe computing" and be as aware as PC users of Word macro viruses and email worms.
Viruses and Windows PCs
Viruses have been a huge and destructive problem for Wintel PCs since the "Brain" virus appeared in the early '80s. Theses viruses fall into five main categories:
Because few people boot computers from floppy disks today, you will rarely see a boot sector virus. The others, however, are a different matter. Word macro viruses are cross platform and can access nearly any function on the PC, including formatting the disk. The same is true of email and other worms. Therefore, PC users should be especially wary and pay close attention to virus warnings from reputable sources and keep their anti-virus software up to date.
These are thankfully quite rare today
Until "Melissa," these were the most common virus threats.
These are not technically viruses because they do not infect other files, but rather spread by making copies of themselves, making them "worms." (But who cares?)
In virtually every case, the virus writer attempts to trick you into manually activation the attached file.
Sircam -- real file name
Like the famous horse filled with enemy soldiers for which they were named, this type of threat is neither a virus nor a worm, but a real threat nonetheless.
web scripting host
Well, you can go to
One point well-made concerns anti-virus software particularly:
Am I saying that anti-virus software is useless? For most people, yes. If you follow the guidelines in this issue, and you handle only attachments that contain photos or sound/music files, anti-virus software is a waste of money and can make your computer slower and less reliable.
If you deal with word processor files or spreadsheets, if you (or your kids) download software then using an anti-virus program may be a good idea. But be aware that it can only protect you from the viruses it KNOWS about. I've heard from LOTS of people who faithfully kept their anti-virus software updated, but they still got the ILOVEYOU virus (or one of the many variants) because of careless email handling.
For those who are sitting at Macs saying, "It can't happen here," I'd just like to remind you that every script kiddie on the planet has a copy of Red Hat or Mandrake, and isn't that pretty much what OS X is based on? Linux? I expect it's just a matter of time (months, not years).
this would not be enough now if you use unpatched Outlook, OE and IE - as 90% of users probably do. The Klez.h worm - just spotted in the wild - can start its attack when you simply *read* the infected message, thanks to the IFRAME vulnerability in the Internet Explorer security system. I just got a warning from Kaspersky Labs:
This special feature practically discounts the human factor and many times over raises the effectiveness of Klez.h to infect and to spread
There is a significant new piece of malicious code ("malware") for the Macintosh for the first time in several years, commonly called the "Hong Kong virus," since it originated there. This is not technically a virus, however, but a worm, so its official designation is "Autostart 9805 worm."
Note: the worm can ONLY spread on Power Macs running QuickTime 2.0 or greater. Damage ranges from slowdowns due to excessive disk and network activity to irretrievable data loss from the worm overwriting files with garbage.
Dr. Solomon's was the first anti-virus vendor to introduce protection against this worm, but other vendors have caught up. Check with your anti-virus vendor for details. If you choose, you can .find and remove this worm manually. Instructions follow, after a technical overview.
The Autorun 9805 worm was discovered earlier this month in Hong Kong. It spreads rapidly and has been reported in Vancouver, B.C., already. It can spread to and from any mountable Macintosh volume, including floppy disks and Zip disks, except Audio CDs. CD-ROMs can carry the infection, but cannot be infected, since they are read-only. An infected Mac can infect a file server (assuming the Mac is logged in with appropriate access); however, mounting the file server cannot then infect another Mac.
It spreads through the "autorun" feature introduced in QuickTime 2.0 which allows CDs (and, apparently, ANY mountable volume) to run a program automatically. Beginning in QuickTime 2.5, this feature can be turned off, so it is recommended that if you are running QuickTime 2.0, upgrade to 2.5 (or 3.0) and turn OFF the "Enable CD-ROM Autoplay" option in the QuickTime Settings control panel. (It is safe to leave the "Enable Audio CD Autoplay" feature on, since audio CDs cannot be infected.) However, this will not protect you if you boot from an infected volume, since the payload is carried in the System Folder of the infected Mac.
When a volume is mounted and CD-ROM Autoplay is enabled, the Macintosh will attempt to run an invisible file named "DB," located in the root directory of the volume. Upon launch, the DB checks to see if the Mac is already infected. If not, it copies itself to the Extensions folder and renames itself "Desktop Print Spooler" and restarts the computer. From then on, "Desktop Print Spooler" background application is automatically launched at startup. About every thirty minutes, it examines any mounted volumes. If any are not already infected, it attempts to infect them by copying itself to the root directory and turning on the disk's "CD-ROM Autoplay" feature.
Autostart 9805 can be identified by some or all of the following symptoms:
Manually removing Autostart
If you find an infection, immediately reboot the Mac with extensions off (hold down the Shift key at startup until you see the message "Extensions Off") or, better, from a locked floppy disk or CD-ROM without QuickTime installed. A Norton Utilities Emergency Disk would be ideal. Using a utility capable of changing file attributes, such as Norton Disk Doctor, find the invisible "DB" file in the root directory and the invisible "Desktop Print Spooler" file in the extensions folder (not the legitimate "Desktop Printer Spooler, which is not invisible), make them visible, and change their types from "APPL" (application) to something else, like "JUNK." Once this is done, reboot again with extensions off and delete the files, which should now be visible. Repeat this process for each volume you have used recently which might be infected.
Reboot once again and the virus should be gone, but it would be wise to double-check!
For more information, see:
On July 8, 2002 several Mac sites reported that users of Apple's Mac
OS X Software Update feature could be unwittingly downloading and updating
their systems with code produced by hackers. The problem was that Apple's
Software Update made an insecure connection to the Apple web site to download
Following is the description and interim solution posted to the PAGEMAKR mailing list.
Software Update periodically checks with the Apple web site for new updates, downloads them and installs them, which is a great convenience. However, the transaction is made via an unauthenticated HTTP stream. This is not generally a problem, but on a large network, a hacker could use one of several techniques such as "DNS spoofing" and "DNS Cache Poisoning" to misdirect the user's request to a rogue machine one the network, rather than to Apple's site, tricking the user into installing a malicious program posing as an update from Apple. Once the user enters the administrative password, the update runs with full privileges and can do anything from erasing the hard disk to changing the administrative password. The problem exists in both Mac OS 9 and Mac OS X, but the Unix underpinnings of Mac OS X make the rogue code easier to produce.
Real World Risk
This is potentially a very serious problem, and rather embarrassing, as Apple recently submitted Mac OS X to the U.S. government's National Information Assurance for security testing pursuant to becoming an approved vendor for sensitive government agencies!
Fortunately, the exploit is not nearly as easy as the news sites have made it sound, and, in general, can only be done from within your local network. Add to this the fact that Software Update only runs periodically and requires user intervention and a password, and the timing would have to be perfect for the IP misdirection to work. While the potential risk is huge, the real world risk is very low for most users.
However, Apple clearly needs to add some sort of security, such as Kerberos, to this scheme to prevent even one Mac user from downloading rogue updates, which has not happened in the real world.
You can still use Software Update, but rather than letting it download updates and apply them for you, you should manually apply any updates and remove them from Software Update. Here's the procedure:
In addition, you can edit your local hosts table to add the Apple Software Update server. This should prevent your Mac from ever querying the DNS and therefore ever being fooled by a spoofed IP address. Here is the correct server information:
See the following Apple knowledgebase articles:
Since the exploit relies on the fact that Software Update must query a domain name server to resolve an IP address, this should work. However, it would cause Software Update to fail if Apple changed the IP address of the server.
To find out if you are being pointed to a rogue server, use an internet utility such as Network Utility (Mac OS X) or WhatRoute (Mac OS 9) to look up swscan.apple.com and verify that the IP address returned by the DNS server is the proper IP address (currently 18.104.22.168).
Adding the Software Update Server to your local Mac OS X Machine
From the Apple Knowledgebase article "How to add hosts to your local NetInfo Database"
Note: If you have a number of hosts that you wish to add, you
can use the niload command to add them. The file needs to be a standard
UNIX hosts file. For instance, if you have a hosts file named 'hosts.txt'
you can enter the
All rights reserved. Unless otherwise specified, all contents copyright © 1993
Peter C.S. Adams
STEPPS -- Stop Tax Exempt Private Property Sprawl -- Framingham