XRJDM@SCFVM.GSFC.NASA.GOV (Joe McMahon) (06/24/91)
On Thu, 20 Jun 91, Lee Ratzan asked: >A user wants to know if locking Disinfectant on a hard disk will >prevent it from being itself infected from a virus emanating >from an infected floppy. No, but it's not necessary to do that anyway. See below. >The issue is whether we can trust a resident locked copy of >Disinfectant to remain clean even if the hard disk on which it resides >becomes infected. Yes, you can. Disinfectant has two methods of dealing with attempted viral attacks on itself. First, its resource map is locked, meaning that Disinfectant's resources can't be diddled with by unsophisticated viruses; several of the older viruses are smart enough to unlock the file it it is locked, but are not smart enough to deal with a locked resource map. Second, Disinfectant verifies itself at startup, and will refuse to operate if it finds that it has been corrupted. I know of no virus smart enough to break into it as yet. >I have advocated that since we have no automatic virus checking >software which is activated upon disk insertion or start up and since >anyone can use the machine, the only way to be absolutely certain that >integrity has not been compromised each morning is to boot up first >with a trusted disk and run the trusted disk copy of Disinfectant >against the hard disk files. This is a reasonable procedure, especially since it really doesn't take that long, and it is definitely safe. You might want to consider augmenting Disinfectant with Gatekeeper and Gatekeeper Aid as well. This would help in stopping WDEF/CDEF infections, as Gatekeeper Aid checks disks as they are inserted. --- Joe M.