71435.1777@CompuServe.COM (Bob Bosen) (03/01/91)
>From Volume 4 Issue 28: >Ed. I saw one product which seems (IMHO) to come close to this- >PC/DACS by Pyramid (note: I have no affiliation with them...) >It provides boot protection, optional hard disk encryption >(required to prevent absolute sector access), username/password >protection, file access control, etc. Anyone with experience >with this, or similar, systems care to comment? Yes. I know from direct, first-hand experience with PC/DACS that the "boot protection" is so easy to defeat as to provide only the illusion of protection. While it might prove an impediment to some viruses, the two different versions I tested during 1988 and again in 1990 yielded easily to attacks using only readily- available software tools brought in on a bootable diskette. As I write this I don't have the specific version or release numbers of PC/DACS that we broke on these occasions, but we DID verify that the company promotional literature being published at the time was contrary to our findings. With regard to impeding viruses by these techniques, there is an interesting twist that has not, up to now, been brought to light in what I've read. Note that PC security programs that attempt boot protection (Including SafeWord PC-Safe II from my company) generally try to be "transparent" to non-offending application programs. They relocate the partition table or boot sector logic and they intercept requests to access these disk areas and re-vector them to the relocated copies of the original. Thus a utility program (or a virus) that tries to access the partition table is transparently vectored to the re-located copy, and unless sophisticated special steps are taken, it can't tell the difference. A virus could then infect the relocated area without even being aware of the existence of the security package. Security based on software techniques of this type is voodoo security and should not be trusted. (I say this even though I offer a package with these "features" myself.) Without hardware modification, only ENCRYPTION can provide any kind of real security. I make and stand by the same statement with regard to file access control, username/password protection, etc. Unless based on sophisticated hardware modification or encryption, it's all based on a foundation of sand and cannot stand up to the efforts of even routine users armed with readily-available utilities. As to encryption, the "user transparency" twist applies here too. Long experience in the marketplace has clearly shown that if encryption is not user transparent, user's won't use it. So PC/DACS, SafeWord PC-Safe, and the other leading PC security products all assert encryption transparently. That's great from the standpoint of file confidentiality. Files are automatically encrypted as authorized users write them, and they are automatically decrypted as authorized users read them. Unfortunately from the standpoint of viral contamination, the encryption process is also transparent to a virus acting inside a program run on behalf of an authorized user. Thus viral spread is generally unimpeded in such systems, regardless of what the PC security vendors would have you believe! I fail to see the relationship between encryption and absolute sector access to which you allude. Just because sectors or files on a disk are encrypted, how am I prevented from issuing commands to the disk controller? And if the encryption is transparent, any software (malicious or not) should be unaware of the encryption if it is operating on behalf of an authorized user. I am not trying to trash the notion of PC security packages. Indeed, I design, produce, and market such packages. I just want to set the record straight. A lot of DIS-information has been spread around. None of these PC security packages are magic. All can help in some areas, and those few that are strong enough to enforce true security are based on ENCRYPTION or HARDWARE or BOTH. On top of that encryption or hardware foundation, it is possible to assert useful file access rights or viral detection and removal, but beware of the claims of ALL the vendors. Also, be VERY VERY suspicious about the strengths of any encryption algorithms used. I could tell some amazing horror stories here.... But 'nuff said. - -Bob Bosen- Enigma Logic Inc. 2151 Salvio Street #301 Concord, CA 94520 Tel: (415) 827-5707 FAX: (415) 827-2593 Internet: 714435.1777@COMPUSERVE.COM