edski@mot.UUCP (Ed Skinner) (10/09/85)
A note in the Phoenix BBS user's group newletter warns of the program;
"EGABTR"
Ostensibly, it's some sort of demo. But, in fact,
IT DESTROYS YOUR HARD DISK ON PURPOSE!
Seeking some protection against such malevolence, I asked a couple of folks
what if anything they did to protect themselves. (At least EGABTR tells
you that it zapped your disk - after the fact. An even more heinous one
would simply do the damage, and never tell you - Is this what the Prolock
"worm" did when released?)
Responses were;
1) Don't try "free" software on a hard disk system. Take it to a floppy
disk based machine to "try it out." Of course, this isn't 100% safe
as the program may simply not do anything bad until a hard disk is
available.
2) When "testing" a new program, use "SETUP" from the diagnostics disk to
temporarily tell your system that you have only drive A, or drives A
and B (floppies). This sounds like an easy thing to do, but I'm not
convinced - The disk is still there, and a program which mucks with
the hardware might get around this one.
3) WARNING: THE FOLLOWING PROCEDURE WILL PROBABLY VOID ANY WARRANTY.
Cut the "drive select" wire to the hard disk, and install a switch so
that the disk can be physically disabled. (I do not have the details
on this, and do not know if this is really practical. Has anyone
tried it? Did the change introduce any extraneous problems? Where
did you locate the switch?) This is safer than #2 because the software
cannot "get around" the switch. However, as with #1, a "smart evil"
program could simply wait till a hard disk is available before doing
its damage.
4) WARNING: THE FOLLOWING PROCEDURE WILL PROBABLY VOID ANY WARRANTY.
(Can this be done?) Add a "write protect" switch to the hard disk.
Then, the disk can be "protected" when new software is being tried.
The disk is "available" but cannot be written. If a program is not
supposed to be writing to the disk, and you get a "write error"
message, then you know something funny is going on. If not, then
the program may or may not be safe. (Same problem as #1, but would
require a smarter "baddie" to remain hidden.)
5) WARNING: THE FOLLOWING PROCEDURE WILL PROBABLY VOID ANY WARRANTY.
(Can this be done?) Add a "write protect" switch to the hard disk,
AND add a latch and an LED to indicate any attempted writes: This
will a) prevent programs from writing to the disk, and b) give you
a way of detecting write attempts even if the program tries to deny
the attempt.
6) (The "exhaustive" solution) Make a complete "track by track" copy of
the hard disk. (This is NOT a DOS BACKUP, but rather a specialized
copy that'd require custom software.) Then, run the suspect program.
Third, compare the hard disk, track by track, to the backup copy.
Differences would indicate some mucking around!
Comments? Please Email directly, and I will summarize for the net.
--
-------------------------------------------------------------------------------
ihnp4!allegra!seismo!terak!mot!edski
Ed Skinner, Motorola, 2900 S Diablo Way, Tempe Az 85282, (602)438-3064