RADAI@HUJIVMS.BITNET (Y. Radai) (08/09/90)
Michael Greve wrote that his machines have become infected with the
4096 even though the hard disks are protected with Disk Manager.
Several people reacted by saying that Disk Manager is disk partition-
ing software, not anti-viral software.
Well, I don't think Michael is that far off. True, Disk Manager is
disk partitioning software. But it includes an option to make a par-
tition READ-ONLY. In principle, this should prevent infection of any
file on such a partition. Of course, since this is only software pro-
tection, it can probably be circumvented. But I think that it should
be effective against all current file viruses, including the 4096.
So if this option has actually been used on one of the partitions,
files *on that partition* should be protected against the 4096.
Note that I said that it should be effective against *file* viruses.
I don't recall if it's possible, under Disk Manager, to arrange for
the boot sector to be in the read-only partition. If it is, then this
should also work against ordinary boot-sector viruses. However, it
won't work against partition-record viruses, like the Stoned (= Mari-
juana) and EDV.
Y. Radai
Hebrew Univ. of Jerusalem, Israel
RADAI@HUJIVMS.BITNET
(Note new address)aslakson@uunet.UU.NET (Brian Aslakson) (08/12/90)
RADAI@HUJIVMS.BITNET (Y. Radai) writes: > Michael Greve wrote that his machines have become infected with the >4096 even though the hard disks are protected with Disk Manager. >Several people reacted by saying that Disk Manager is disk partition- >ing software, not anti-viral software. I was one. > Well, I don't think Michael is that far off. True, Disk Manager is >disk partitioning software. But it includes an option to make a par- >tition READ-ONLY. In principle, this should prevent infection of any >file on such a partition. Of course, since this is only software pro- >tection, it can probably be circumvented. But I think that it should >be effective against all current file viruses, including the 4096. >So if this option has actually been used on one of the partitions, >files *on that partition* should be protected against the 4096. At this point I would normally suggest that you call Ontrack and talk to them. However, given your location, I'm willing to call them for you with any specific questions. I'd like to point out first that even if you use READ-ONLY, it is designed for normal write operations, and a virus which ignore this will probably get around this. (I'll check if you ask me too). Second, if you use their software for a purpose it was never intended for (I did ask already) and you get surprised, don't even consider blaming anyone but yourself. Ontrack's Disk Manager is not virus protection software! I use McAfee's products, myself. Brian Aslakson - -- Macintosh related: mac-admin@cs.umn.edu All else: aslakson@cs.umn.edu
RADAI@HUJIVMS.BITNET (Y. Radai) (08/21/90)
Brian Aslakson writes: >I'd like to point out first that >even if you use READ-ONLY, it is designed for normal write operations, >and a virus which ignore this will probably get around this. (I'll >check if you ask me too). Second, if you use their software for a >purpose it was never intended for (I did ask already) and you get >surprised, don't even consider blaming anyone but yourself. Ontrack's >Disk Manager is not virus protection software! First of all, I'd like it to be clear that I was not recommending Disk Manager as an anti-viral product, but merely pointing out that Michael Greve's reference to DM as hard-disk protection was not as absurd as it apparently sounded to some readers (some of whom may have been unaware of the possibility of making a partition read-only when using DM). Secondly, the fact that DM was not designed for anti-viral purposes does not necessarily mean that the read-only option can't be useful in preventing infection by file viruses. Now if the protection were im- plemented by setting the read-only bit of each file in the protected partition, then you'd be right, for almost every virus clears this bit before trying to infect the file. But DM uses a device driver to con- trol all access to the logical drive, and that's a different story. True, it might still be possible to circumvent this protection, but I think it would be a lot harder. It should also be taken into account that very few virus writers would bother trying to write code to by- pass a particular anti-viral program unless that program were used on a very large percentage of computers. Y. Radai Hebrew Univ. of Jerusalem, Israel RADAI@HUJIVMS.BITNET