Notes on Exceptions

The problem of Exceptions:

I have been asked many times about the problem of exceptions and to tell you the truth, it is a difficult problem. It is twofold: First, if the programs you exempt ARE in fact infected with one of the viruses that can delete your drive, they will be able to deliver their virus payload. Second, if you don't exempt some of those programs, some of them may NOT have proper error checking when they try to delete temporary files or alter resources, so sometimes they crash when DelProtect or Tracker blocks the corresponding action. There is no way to prevent a crash from such a badly programmed application. The safest strategy is to ALWAYS check a program for viruses with the latest AntiVirus programs, BEFORE you put in in the corresponding exceptions file. However, please understand that the two INITs operate independently, so we are dealing with two exception files: One for Tracker and one for DelProtect. (Messages containing the keyword "hdelete('file',0)" come from DelProtect. (So in this case edit the "DelProtect Exceptions" file to exclude an application.) Anything else comes from Tracker.) You should NOT add programs to the exceptions files unless a program is dysfunctional under Tracker or DelProtect.

If you are using programs that delete the Desktop Database files (such as TechTool or TechTool Pro) please disable both INITs by booting with exceptions off before you use those programs. Otherwise, problems and/or crashes will occur. If you are using disk utility software, such as Norton Disk Doctor, or Speed Disk, please, also disable the INITs. Needless to say that if you install any new software with custom installers that manipulate files, you also need to disable them. Particularly if those installers create temporary files. If you experience problems with Conflict Catcher, set Conflict Catcher to load before Tracker and DelProtect.

If you see a message from DelProtect the first time you edit a document (such as a SimpleText file for example) this happens because DelProtect detects a delete action of a "Recent Documents" alias on the Apple Menu. You can either put the program in the "DelProtect Exceptions" or you can turn off the "Show Recent Items" option in the Apple Menu Options Control Panel, to stop that from happening.

There is also another unlikely possibility, that some Extension in your Extension Folder actually legally attempts resource changes to other files during boot time. ~ATM is an example. If you have ~ATM in your Extensions Folder, it may issue 'DRVR' changes to itself. Due to the fact that Tracker cannot identify the offender in this case because it happens at boot time, it reports that 'Something in Memory" is attempting a change to some file. You could if you wanted exempt even this (see below *), but i do not recommend it. There are some viruses out there that can transfer themselves from Extension to Extension at boot time, so it is safest to know if ANY Extension is making changes during boot. At most, the report from Tracker concerning ~ATM, for example, will be a minor annoyance. You should not worry about it. Should you see many more messages as the Finder loads that lots of changes were attempted during boot, that would be reason for concern.

If a virus attempts to delete your hard drive, the DelProtect INIT will most likely crash, but at least it will stop the virus from erasing your drive. If you see ANY application taking unusually long times upon launch, shut it down using CTL-OPTN-SHIFT-ESC, and see what DelProtect tells you. If you see any messages from DelProtect, the application made an attempt to delete some of your files.

Finally, should you like to test the effectiveness of either INIT, you can perform the following little experiment: To test Tracker, either delete ResEdit for example from its exceptions file and reboot, or rename it to something else. Then open a sample resource file, and try to add, say, a 'CODE' resource. Tracker won't let you do that, and ResEdit will report an error. To test DelProtect, find an application that has a Delete file command in its menus (Virex and Norton Anti-Virus for Macintosh have such a menu), and try to delete a file. If the application name is not in the exceptions file, DelProtect will not let you delete that file.

WARNING! Tracker and DelProtect contain special invisible characters at the beginning of their name so that they load first. If you see ANY OTHER EXTENSION loading before Tracker or DelProtect, it will be very suspicious and Tracker or DelProtect may not be able to protect you fully. Unless of course the extension is a special extension that you know NEEDS to load first like GateKeeper, SAM Intercept, Disinfectant INIT or such (Some software may need to load first in order to be operational. Conflict Catcher may be such). However i don't recommend using combinations of virus Intercept programs. Just use one and ignore the others. (I was using GateKeeper until I created Tracker.) I personally recommend SAM Intercept. Its the most powerful, but also hard to configure.

(*) If you have extensions like ~ATM which give you headaches because they legally modify things at startup, here's how you can configure Tracker to ignore them: Open the "Tracker Exceptions" file and include the string: "Something in Memory" in the file. This way, Tracker will ignore extensions that modify things at boot time. WARNING!!! If you do this, Tracker loses 1/2 of its functionality, since it will ignore ALL Extensions. This means that if one or more of your extensions is infected by a virus, Tracker will not protect you from the virus they contain, and the virus may spread into other extensions as well. However, the application protection part will still work as expected.

Back to Programming

Web Analytics

Valid HTML 4.01 Transitional