whirt@cup.portal.com (William Bill Hirt) (04/17/89)
I'm posting this for a friend who does not have net access. E-Mail responses would be fine. Subject: AmigaDOS LOCK command; how safe is it? Having read in a previous post from CATS (Bryce?), that the IRQ virus uses the trackdisk.device directly to get around any protection bits stored with a file, it has left me wondering about the safety of using the AmigaDOS LOCK command. Can LOCK protect a FFS partition from this type of event (since it uses Hddisk.device instead of trackdisk.device), or does the direct use of any low-level device (such as trackdisk, hddisk, or even jdisk (w/the FFS "hack")) circumvent the protection claimed by LOCK? If so, then am I to assume that Lock is instead ear- marked as protection from operator mistakes (Delete SYS: ALL)? If this is the case, is it a viable project for v1.4 without slowing [31m-- more -- [36m [Kthe system to a crawl? My reason for asking is that if LOCK does indeed offer protection in this way, I am planning to LOCK my SYS: partition which will contain not only Workbench files/utilities, but my applications programs as well. I will then partition off another area to be used for data files. I would appreciate (very much so!) any information on this before I go to the trouble of re-formatting and re-partitioning an 80 megabyte drive. (Please note that I plan on making my DH0: partition microscopic in size, and transfer control immediately to the FFS partition(s), thereby (hope- fully) leaving minimal room for viri to incubate...) Thanks! (P.S.: I'm using an A2090a controller w/ST506 drives if that has any bearing on this matter.)
erd@tut.cis.ohio-state.edu (Ethan R Dicks) (04/18/89)
In article <17304@cup.portal.com> whirt@cup.portal.com (William Bill Hirt) writes: > >Having read in a previous post from CATS (Bryce?), that the IRQ virus >uses the trackdisk.device directly to get around any protection bits >stored with a file, it has left me wondering about the safety of using >the AmigaDOS LOCK command. [ stuff deleted for brevity ...] >to the trouble of re-formatting and re-partitioning an 80 megabyte drive. >(Please note that I plan on making my DH0: partition microscopic in size, >and transfer control immediately to the FFS partition(s), thereby (hope- >fully) leaving minimal room for viri to incubate...) As I recall the discussion, YES, Lock is effective against the IRQ virus. It would probably be best to use the password feature of Lock to prevent any future device from overriding or releasing the Lock. As for a microscopic DH0: partition... that is not the right approach to take with this virus. You always did want a small DH0: partition, only containing the barest essentials needed to mount a FFS partition and transfer control to it. Having a small DH0:, even if Locked will not affect the behavior of the virus. Remember, the IRQ opens the file ":s/startup-sequence" not "s:startup-sequence" which allows it to affect *ANY* file structured device which AmigaDOS knows about. Exec level devices like trackdisk.device and hddisk.device do not enter into this scheme, only DOS level devices like DH0: and DF0: do. This is why Lock is effective. Also remember that the IRQ will infect ":c/Dir" not "c:Dir" allowing it to infect the :c directory on your *current* device, whatever that is (including RAM: and RAD:) Having your C: on a Locked partition is wise. Assuming that a Locked DH0: will protect you is NOT! Quick summary: the IRQ opens :s/startup-sequence to find the name of the first file to infect. If the virus cannot infect the file whose name appears on the first line of :s/startup-sequence, it tries to infect :c/Dir. *** The IRQ infects files on your *CURRENT* device, not on an absolute path *** Hope this makes it clear, -ethan -- Ethan R. Dicks | ###### This signifies that the poster is a member in Software Results Corp| ## good sitting of Inertia House: Bodies at rest. 940 Freeway Drive N. | ## Columbus OH 43229 | ###### "You get it, you're closer."
andy@cbmvax.UUCP (Andy Finkel) (04/19/89)
In article <17304@cup.portal.com> whirt@cup.portal.com (William Bill Hirt) writes: > >I'm posting this for a friend who does not have net access. E-Mail responses >would be fine. > >Subject: AmigaDOS LOCK command; how safe is it? > The reason for LOCK is to protect yourself from yourself... you can lock a partition so you can't accidently FORMAT it, for example. A virus probably wouldn't even notice you've locked a partition. -- andy finkel {uunet|rutgers|amiga}!cbmvax!andy Commodore-Amiga, Inc. "There is no programming problem that cannot be solved by proper "application of the Delete command." Any expressed opinions are mine; but feel free to share. I disclaim all responsibilities, all shapes, all sizes, all colors.