padgett%tccslr.dnet@uvs1.orl.mmc.com (Padgett Peterson) (03/08/91)
>From: "Kamran Farahi" <KAMRAN@Vax2.Concordia.CA> >Subject: Stoned Again (PC) >We lost everything because of the low-level format, do we have to go >through this each time we get infected or is there a way to recover >the data? Certainly the data can be recovered (I play with viruses a lot and have NEVER had to do a low level reformat - yet), it just requires a certain amount of skill and procedure. Frisk's software as well as several others (MACE I think) routinely save the partition table information and someone good can recover a thoroughly trashed partition table-boot record in about an hour even without any backups. If the FATs are gone, it still can be done but takes longer (how much depends on how fragmented the disk is and a few other things). But I have not seen any disk that was still physically sound and had not been overwritten that could not be recovered if important enough. (sometimes even if overwritten and damaged but that's expensive). >From: "Jeroen W. Pluimers / Jeroen Smulders" <FTHSMULD@rulgl.LeidenUniv.nl> >Subject: Re: How to disable boot up from A: (PC) >A may-be solution is to use an encreption method on the hard-disk for >which the user has to us a password, or modify your BIOS to disable >floppy-disk booting. These methods are very tricky and only suitable >for people that know what they are doing. That's what the commercial vendors are for. Modifying the BIOS is not only tricky (do-able though) but requires the ability to blow a new prom (though use of EE-PROMs have been tossed around before. The big thing is that you do not store all of the information in the PROM, just the executable code. Choice selection is done with non-volatile RAM (thats what the CMOS is for) so updates do not have to be a problem unless the code is poorly designed. GM puts all of their automotive control programs into a couple of big PROMs and puts the table look-ups and car configuration data on a smaller UV-PROM. This way they can use the same program for the entire car line. Something goes wrong or a revision comes out, the just change one chip. >>The "scan on floppy insertion" is >>possible (and should be a part of any good protection scheme) on the >>PC, it just hasn't been done yet.... >In the PC that is rather difficult. It is possible if you dig into DOS >very deep. This would be incompatible for many DOS versions. It is a >very good idea however, but the PC doesn't give a signal when a new >disk inserted. Only a changeline-signale if the drive door has been >opened. I did not say it is easy but nothing like writing a device driver for a VAX. It CAN be done though and need not take up much code. One possibility would be an intercept on any floppy access. Another would be a ten byte check every few milliseconds. Neither requires anything that has not been in DOS since version 2 and if done at the BIOS level will not impact any MS-DOS compatable O/S. - ------------------------------------------------------------------------- >From: Peter Arien <LAAAA43@cc1.kuleuven.ac.be> >Subject: vshield V75 and QEMM 5.00 (PC) >Trying to loadhi vshield gives a 'not enough memory to load hi' >message. How comes, when I've got 31K and 96K free high memory? >Installing vshield with the /SWAP option gives a 'loadhi EXEC error' >on all the following loadhi's VSHIELD is compressed. When executed it expands to occupy much more memory than LOADHI expects. Since with /SWAP it only occupys 4k, just load it low (I have over 630k free on my 386 clone). - -------------------------------------------------------------------------- Philosophy: My feeling is that the purpose of this forum is to spread knowlege of malicous software, first so that users will not be suprised, second so that the vulnerabilities of the various platforms can be exposed, and thirdly so that people can make intelligent choices concerning protection. Whether or not something is "difficult" or "easy" has nothing to do with the question "is it possible", computer people are famous for is doing the impossible on pizza and twinkies. It was summed up the best by Burt Reynolds in "Smokey and the Bandit" (UA 1977): "...because they said it couldn't be done". - ----------------------------------------------------------------------------- Sorry about the mixed subjects Anthony, but it is difficult to split and send multiple messages on our "baroque" system. Padgett