'Mismatch' Versions 1.x is limited and can be circumvented. - cougar718

Author of MisMatch here... I would say what you posted is completely false and rather than emailing me your comments or suggestions on how to fix what you *think* you might have found, you rather bash or deter people away from MisMatch. The fact you say the script can be circumvented by using *your* procedure does not prove anything. The behavior Mac OS X takes in your procedure is normal. If you choose to replace a folder that already exists, the Folder being replaced and it's contents are removed / replaced. I don't see how this is circumventing MisMatch. Also, the links you posted of more examples of the Mp3Concept Trojans do not work. And my reply to "Nor were any Files I would embed Code into, including an Extension other than 'app' or none at all, were detected." if this ... You probably are not creating the Trojan correctly or your Mac OS X install is corrupt - The detection process MisMatch uses can't be bypassed - It acts on what the Finder sees and only what the Finder sees. If the File type of the file is "APPL" and the extension is anything other than .app, then MisMatch will alert you. If this criteria is being met, then you failed to recreate the Mp3Concept Trojan.

Reply to This

Wednesday, April 14 2004 @ 08:19 PM PDT

'Mismatch' Versions 1.x is limited and can be circumvented. - barhar

01. My Post was not 'completely false' - not false at all; nor, presented to bash the AppleScript 'MisMatch' or its Author; but, yes to inform others that the Script can be circumvented. It is not my intent to discuss whether one could, should, or has to to e-Mail back and forth to the Author, etc., about Software or other forms of Publications.

02. 'My Procedure' as you label it, is just a Process of verification. Again, if a Folder is dragged onto a 'MisMatch' assigned Folder as the 'Folder Action' - the Script functions as stated. If a Copy of the originally dragged Folder is again dragged onto the assigned Folder - 'Finder' via a 'Copy' Window will allow one to 'Cancel' or 'Replace' the Folder that was earlier tested by the 'MisMatch' Script. If the User selects 'Replace' the original Folder is replaced and no checking occurs.

03. It is 5.59 AM EDST [U.S.] and I successfully highlighted, copied, and downloaded each of the three Posted Links provided in the 14 April 2004 Post - "'Mixmatch' Version 1.x is limited and can be circumvented.' The Links were presented by 'nirs' on Comp.sys.mac.programmer.misc' on 09 April 2004 under the Subject 'Sorta-RFC-ish: Virus in MP3? (was Re: mp3 flood uploads)'.

04. I have several Mac's [680x0, PPC 60X, and a dual 500 MHz Model] here, and typically verify my Mac Findings on the Macs of others also. I have written Code in 68000 Assembly, can Code on MacOS X - Cocoa, Perl, Java, AppleScript, etc., and do know about embedding Code, as well. With respect to your mentioning of possible MacOS X corruption here - 'No, it is not'..

05. Anyone can assign a Creator Type of "APPL' to any File, other than an actual Application, with 'File Buddy' or any other available Resource Editor - and 'Finder' will list the Files under the 'Kind' Column [in 'List' View] as an Application - regardless of the included '.xyz' Extension [where '.xyz' could be '.mp3', etc.].

06. Again, my Findings [in using 'MisMatch'] are accurate and reproducible. The Links to the 'other' 'Proof-of-Concept' Files are correct and indeed result in the successful downloading of the Files. No bashing of the Script 'MisMatch' or Author were stated or implied in the original Post - and remains such in this Post. For those who the AppleScript 'MisMatch' works - great; for those who reproduce my Results - you know, and can see, what I am talking about.

P.S. I was never into the Hype produced by the recent News Releases, and just came across 'MisMatch' via a 'MacFixtIt' Article title 'More on the Mac OS X type/creator, extension "trojan horse"' on 12 April 2004.

Reply to This

Friday, April 16 2004 @ 03:10 AM PDT