edski@mot.UUCP (Ed Skinner) (10/09/85)
A note in the Phoenix BBS user's group newletter warns of the program; "EGABTR" Ostensibly, it's some sort of demo. But, in fact, IT DESTROYS YOUR HARD DISK ON PURPOSE! Seeking some protection against such malevolence, I asked a couple of folks what if anything they did to protect themselves. (At least EGABTR tells you that it zapped your disk - after the fact. An even more heinous one would simply do the damage, and never tell you - Is this what the Prolock "worm" did when released?) Responses were; 1) Don't try "free" software on a hard disk system. Take it to a floppy disk based machine to "try it out." Of course, this isn't 100% safe as the program may simply not do anything bad until a hard disk is available. 2) When "testing" a new program, use "SETUP" from the diagnostics disk to temporarily tell your system that you have only drive A, or drives A and B (floppies). This sounds like an easy thing to do, but I'm not convinced - The disk is still there, and a program which mucks with the hardware might get around this one. 3) WARNING: THE FOLLOWING PROCEDURE WILL PROBABLY VOID ANY WARRANTY. Cut the "drive select" wire to the hard disk, and install a switch so that the disk can be physically disabled. (I do not have the details on this, and do not know if this is really practical. Has anyone tried it? Did the change introduce any extraneous problems? Where did you locate the switch?) This is safer than #2 because the software cannot "get around" the switch. However, as with #1, a "smart evil" program could simply wait till a hard disk is available before doing its damage. 4) WARNING: THE FOLLOWING PROCEDURE WILL PROBABLY VOID ANY WARRANTY. (Can this be done?) Add a "write protect" switch to the hard disk. Then, the disk can be "protected" when new software is being tried. The disk is "available" but cannot be written. If a program is not supposed to be writing to the disk, and you get a "write error" message, then you know something funny is going on. If not, then the program may or may not be safe. (Same problem as #1, but would require a smarter "baddie" to remain hidden.) 5) WARNING: THE FOLLOWING PROCEDURE WILL PROBABLY VOID ANY WARRANTY. (Can this be done?) Add a "write protect" switch to the hard disk, AND add a latch and an LED to indicate any attempted writes: This will a) prevent programs from writing to the disk, and b) give you a way of detecting write attempts even if the program tries to deny the attempt. 6) (The "exhaustive" solution) Make a complete "track by track" copy of the hard disk. (This is NOT a DOS BACKUP, but rather a specialized copy that'd require custom software.) Then, run the suspect program. Third, compare the hard disk, track by track, to the backup copy. Differences would indicate some mucking around! Comments? Please Email directly, and I will summarize for the net. -- ------------------------------------------------------------------------------- ihnp4!allegra!seismo!terak!mot!edski Ed Skinner, Motorola, 2900 S Diablo Way, Tempe Az 85282, (602)438-3064