pc2d+@ANDREW.CMU.EDU (Philip Edward Cutone, III) (11/29/90)
Just a thought, What kind of impact would say, renaming com and exe files to something else while not being used. Then at least viri that scan the disk looking for those files to infect would find no hosts in which to reside. I used a somwhat simmilar method that had the added advantage of "increasing" my disk space. All programs were zipped when not in use. When needed, I ran a program that would unzip them into a temp directory and run a file called "go.bat" that would just run the program. (or set up directories, whatever would be needed) As far as I know, no viri infect zips, (boy I hope I am not giving any nasty projects for these jerks) and any program run will be deleted after its use, keeping the original copy untouched. And data files would also be stored in a zip file automatically by go.bat when finished. Of course, the zipped files should be cleaned to begin with, otherwise memory resident viri could affect other programs operation with unpredictable results. Anyone see problems with this method? (other than speed of execution, since it needs to be uncompressed) Philip Cutone pc2d@andrew.cmu.edu cutone@slave.psc.edu cutone@cpwscb.psc.edu
woody@chinacat.Unicom.COM (Woody Baker @ Eagle Signal) (12/01/90)
pc2d+@ANDREW.CMU.EDU (Philip Edward Cutone, III) writes: > Just a thought, > > What kind of impact would say, renaming com and exe files to > something else while not being used. Then at least viri that scan the > disk looking for those files to infect would find no hosts in which to You can patch command.com to accomplish this. Using Norton utilites search through command com for exe com and bat strings. Change them to whatever you wish. The rename your files accordingly. Be aware however, that some programs spawn or run other programs and they may assume exe or com extensions. These will fail. I have a slightly diffrent technique. I have a Tallgrass 1040I tape drive. A marvelous drive, this little jewel is a 40 meg drive that has a installable device driver that makes it look like up to 5 hard drives. I currently have 4 6.9 meg drives and one about 14 meg. I keep nearly all my stuff arced up and stored on the tape. When I need something, I go un arc it from the tape (any dos command will work and you can open the tape files from any language) and load it to my hard disk. If I don't need it later, I just delete it. NOW: some viruses probably look at the file format to determine what it is. you can look for the signature at the front of the file to determine if it is an exe file. Dos will run a com file if you rename it as an exe file, or an exe file if you rename it as a com file. It can figure things out, so there is no reason to assume that a virus cannot do it. Cheers Woody
frisk@rhi.hi.is (Fridrik Skulason) (12/03/90)
pc2d+@ANDREW.CMU.EDU (Philip Edward Cutone, III) writes: >Just a thought, > > What kind of impact would say, renaming com and exe files to >something else while not being used. Then at least viri that scan the >disk looking for those files to infect would find no hosts in which to >reside. This would be practically useless, as the majority of viruses these days is not of the direct-action kind, but infect programs on execution instead. Besides, renaming files can lead to various problems, in the case of packages where one program attempts to run another one - you might have to patch many of the programs you use. I used a somwhat simmilar method that had the added advantage >of "increasing" my disk space. All programs were zipped when not in >use. When needed, I ran a program that would unzip them into a temp >directory and run a file called "go.bat" that would just run the >program. (or set up directories, whatever would be needed) As far as I >know, no viri infect zips, (boy I hope I am not giving any nasty >projects for these jerks) and any program run will be deleted after >its use, keeping the original copy untouched. This provides nearly the same level of security as not using the hard disk for programs, but running all software from write-protected diskettes. That is, you cannot prevent viruses from entering your system, if you obtain an infected program from somewhere, but you can prevent it from spreading. One problem, however, is that you cannot zip COMMAND.COM, so you would have to boot from a write-protected floppy, and insert the system disk as needed. >And data files would also be stored in a zip file automatically by go.bat >when finished. But they could have been corrupted before that. >Of course, the zipped files should be cleaned to begin with, otherwise >memory resident viri could affect other programs operation with >unpredictable results. Then why bother to zip them - if you assume you can clean the programs to start with, you gain nothing extra by zipping the files. Cleaning will not protect you from new viruses, and there are much simpler methods to deal with all the known ones, namely on-the fly scanning of all programs, as they are executed. - -- Fridrik Skulason University of Iceland | Technical Editor of the Virus Bulletin (UK) | Reserved for future expansion E-Mail: frisk@rhi.hi.is Fax: 354-1-28801 |
Otto.Makela@jyu.fi (Otto J. Makela) (12/06/90)
frisk@rhi.hi.is (Fridrik Skulason) writes:
[on running software from zip files]
One problem, however, is that you cannot zip COMMAND.COM, so you would
have to boot from a write-protected floppy, and insert the system disk
as needed.
I've wondered why DOS-on-ROM has never been a big hit in Europe.
When I was in the US last June, I was sold a PC/AT that I only afterwards
realized had DOS 3.31 (supports 32M+ partitions) on ROM. I mean, they
didn't even bother to advertise this feature separately.
Of course updates are a bit more difficult, but I think the added speed and
security compensate quite well.
(In case you are wondering, it had BIOS support for reading CONFIG/AUTOEXEC
from the hard disk instead from the ROM :-)
- --
/* * * Otto J. Makela <otto@jyu.fi> * * * * * * * * * * * * * * * * * * */
/* Phone: +358 41 613 847, BBS: +358 41 211 562 (CCITT, Bell 24/12/300) */
/* Mail: Kauppakatu 1 B 18, SF-40100 Jyvaskyla, Finland, EUROPE */
/* * * Computers Rule 01001111 01001011 * * * * * * * * * * * * * * * * */