SANTO@SENECA.BITNET (12/11/90)
In response to CON_JDC@SELWAY.UMT.EDU's query about boot protection: We have a package called Protec which includes software boot protection. It is good against users trying to do damage to the hard disk intentionally. However, an advanced user who wants to do some real harm can do a low-level format quite easily. Regarding virus protection, when a student boots from a floppy and tries to access the hard disk, an "Invalid drive specification" message is shown. It does everything that was stated in your message, EXCEPT, it does not protect against most computer viruses. Two viruses which I have seen infect a Protec'ted hard disk include the Stoned and the Ping Pong B virus. Both of these boot sector viruses infect the hard disk and I would assume any other boot sector/partition table virus would do the same. The hard disk, however, would be protected from COM and EXE infecting viruses since DOS doesn't know that the hard disk is there. When booting from a "Stoned" infected floppy diskette, the virus in fact disappears. It is not present in the hard disk partition table. I have not checked to see if this virus stays memory resident. I do know that he Stoned virus was definitely there because physical sector 7 contains the original partition table, an effect of infecting the hard disk. I suspect that there are two partition tables and that the appropriate one is selected when booting from a hard disk or a floppy. The Ping Pong virus does something totally different. When booting from a "Ping Ponged" diskette, the virus gets copied to the boot sector et cetera like normal. Trying to boot from the hard disk later, the machine is unable to boot. If you try to boot and then put in any number of floppy diskettes, the diskettes will all become infected. If you boot from a clean floppy you can access the hard disk but the volume label shows garbage and a FAT error occurs (some major side effects!). Cleaning the hard disk will restore everthing to normal. I'm not a DOS expert and maybe someone can explain to me why these things are happening but I figure the virus doesn't care if drive C: is a DOS disk or not. Because of the boot protection, anything should think that the hard disk is not there except for software manipulating physical sectors. A low-level format and Norton Utilities can both see the hard disk. I would assume that viruses read and write physical sectors. This is not a direct response to your question but rather an overview of what happens when boot protection is employed. Hope this helps. Santo Nucifora SANTO@SENECA.BITNET