mallett@uunet.UU.NET (Bruce Mallett) (09/28/89)
Seems to me that virus infestation in companies could be controlled through a little bit of dicipline and with the help of a modified hard disk controller. The scheme is to partition the hard disk into an executable partition and into a data partition. All executables are kept on the bootable, outer partition. The modified disk controller has: switches which indicate the last track number of this outer partition a switch out the back to enable/disable writes to this outer partition. Probably a rotary requiring a screw-driver or other tool to change. In a corporate environment where systems are controlled I would think that this would work quite well. Virus software must be able to write to executables to spread, and they would not be able to since the partition containing them is hardware protected. Without hardware assist, software is always defeatable so no software solution is going to guarantee protection against all infestations. Dicipline is needed in several areas: administration to ensure that systems get properly setup, environments defined correctly, etc.; software packages must not maintain/modify data out of their executable directories; users must not fiddle with the switch nor import foreign, unknown software (by write-enabling the partition), etc. Note that programs run from the floppy can still wreak havoc to the un- protected partition, but they cannot spread via the HD. Is this workable? [Ed. There is at least one commercial product that does exactly that, but it's name escapes me.]
time@oxtrap.oxtrap (Tim Endres) (09/29/89)
Virus infection is not *spread* via hard disks. Floppies and modems are the *movement* medium. I am not sure what advantage this read only hard disk has over simply monitoring the checksum of an application. More importantly, not all computer systems have "read-only" executables. Most notably, the Macintosh stores code in the resource fork of an application, which is *frequently* modified. The move to distributed execution from file servers is slowly changing this, but it remains an issue. We have a program, that once run against an executable, makes it IMPOSSIBLE for a virus to infect that application and be executed. Infection is still possible, but the application will never execute again, thus stopping propogation. This is simply a check sum of the executable set up in a way to inhibit execution once infection has occurred. The use of a quick key word entered by the user at run time prevents the virus from "intelligently" by-passing the check sum. This solves only one facet of the problem, but a large facet it be.