flint@gistdev.gist.com (Flint Pellett) (11/27/90)
I would guess that other people have faced this problem, so maybe someone can recommend a solution: Situtation: I have a system that get used by myself (for real work), by my wife (for accounting) and by my kids (to play games). A while ago I found out my son (7th grade) brought a diskette home from school and plugged it in and ran some stuff on it: ACK! So we had a big discussion about viruses and how he shouldn't do that again, but I would guess that only a certain part of that sunk in. He also inadvertently deleted the contents of a directory once (a little knowledge is dangerous) meaning I had to spend the time recovering it from backups. What I need is the ability to write-protect the C: drive, while leaving the D: drive read-write: then I could leave the binaries I don't want changed on C: and leave datafiles for things like games on D:. (Actually I have drives up to I:, and they are all on one 300MB disk: I'd like to be able to pick-and-choose which drives would be write protected.) Ideally, at boot-up time it would prompt me for a password, and if I gave it then C: would be read-write, if I didn't, it would be read-only. The only stuff I have seen similar to this write-protects all your hard drives, which is not helpful unless I were to restrict the kids to running off the floppies. I'm not worried about trying to protect myself from someone intentionally breaking in, I only need to protect myself from inexperience. The only thing I know of that would really work is always booting under UNIX and using VPIX-- but it would be nice if there were a solution for when I boot up under DOS. Any ideas? -- Flint Pellett, Global Information Systems Technology, Inc. 1800 Woodfield Drive, Savoy, IL 61874 (217) 352-1165 uunet!gistdev!flint or flint@gistdev.gist.com
ted@polyof.poly.edu (Theodore S. Kapela, Staff) (11/30/90)
In article <1027@gistdev.gist.com> flint@gistdev.gist.com (Flint Pellett) writes: > [text deleted] >What I need is the ability to write-protect the C: drive, while leaving >the D: drive read-write: then I could leave the binaries I don't want [text deleted] >-- >Flint Pellett, Global Information Systems Technology, Inc. >1800 Woodfield Drive, Savoy, IL 61874 (217) 352-1165 >uunet!gistdev!flint or flint@gistdev.gist.com There is no *ABSOLUTE* way to prevent writing to a hard drive, short of making hardware modifications. For what it sounds like you want, though, there is a suitable method, but it requires writing a device driver. You will need to catch INT 13H and monitor all attempts to write. Would would have a table of tracks (or ranges of tracks) that can not be written to. Any time an attempt is made to write to one of these tracks, your routine can return a write-protect error and IRET. You may include a short routine as part of the initialization code to ask for a password, and set a flag if the correct password is entered. (You could also write a short utility than can set a flag within the driver itself in memory to enable/disable writing to hard drive. You could then keep the only copy (AND A BACKUP, in a separate place) where only you know (or put a password routine in this utility also). When you do (or did) partition the physical drive, you told fdisk (or Disk Manager, or the like) what range of cylanders are part of each partition. By not allowing a write to a specified range of tracks (actually cylanders), you can effectively write protect a partition. Note that if you DO use Disk Manager (or the like), be sure you FULLY understand its method of operation, or you could end up with an inaccessible hard drive which will require re-partitioning (=lost data). ALSO - If you boot from a floppy that does not load this device driver, well, you could kiss the whole scheme goodbye. It will (obviously) only work while the driver is loaded. True, you could modify the partition table/boot sector as some programs do, which would effectively make the drive inaccessible unless you boot from it or a specific floppy. You could also modify the ROM BIOS (=burning new ROMS) which will prevent booting from a floppy, unless it has some specific disk ID (ie: dos, unix, etc.) Someone could then, still, conceivably write the required ID to the correct place on the disk and wammo! - a bootable floppy! Just remember, the more you modify, the more risk there is that you will end up with an inaccessible drive, requiring repartitioning. -- .............................................................................. Theodore S. Kapela (516) 755-4299 [Voice, Days] ted@polyof.poly.edu (516) 473-7746 [FAX] "Another brilliant mind corrupted by education"
devolder@matt.ksu.ksu.edu (Eric DeVolder) (11/30/90)
In article <1027@gistdev.gist.com> flint@gistdev.gist.com (Flint Pellett) writes: > >I would guess that other people have faced this problem, so maybe someone >can recommend a solution: > >Situtation: > >[stuff deleted] >What I need is the ability to write-protect the C: drive, while leaving >the D: drive read-write: then I could leave the binaries I don't want >changed on C: and leave datafiles for things like games on D:. >(Actually I have drives up to I:, and they are all on one 300MB disk: >I'd like to be able to pick-and-choose which drives would be write >protected.) Ideally, at boot-up time it would prompt me for a password, >and if I gave it then C: would be read-write, if I didn't, it would be >read-only. The only stuff I have seen similar to this write-protects >all your hard drives, which is not helpful unless I were to restrict >the kids to running off the floppies. I'm not worried about trying to >protect myself from someone intentionally breaking in, I only need to >protect myself from inexperience. > >The only thing I know of that would really work is always booting under >UNIX and using VPIX-- but it would be nice if there were a solution for >when I boot up under DOS. Any ideas? >-- >Flint Pellett, Global Information Systems Technology, Inc. >1800 Woodfield Drive, Savoy, IL 61874 (217) 352-1165 >uunet!gistdev!flint or flint@gistdev.gist.com I just recently created a program called RmDriv that will disable (and enable) any drive on your DOS system. This program would work well in your case: you simply run this program to disable any drive (A-Z) before your son, or anybody else has a chance to alter or destroy your files. If you are interested, let me know. Eric DeVolder devolder@ksuvm.ksu.edu
hollen@megatek (Dion Hollenbeck) (11/30/90)
In article <1027@gistdev.gist.com> flint@gistdev.gist.com (Flint Pellett) writes: > >I would guess that other people have faced this problem, so maybe someone >can recommend a solution: >What I need is the ability to write-protect the C: drive, while leaving >the D: drive read-write: then I could leave the binaries I don't want >changed on C: and leave datafiles for things like games on D:. >(Actually I have drives up to I:, and they are all on one 300MB disk: >I'd like to be able to pick-and-choose which drives would be write >protected.) I am using Disk Manager by ONTRAK and it has just these capabilities. When preparing your partitions (yes, you will need to backup and restore to use it) you specify whether partitions are R, W, R/W and whether they are bootable (supports multiple opsys). You can start out specifying R/W, load all your software and then go back and modify the partition information to make one or more write only. You can create up to 24 partitions. I got this software with my hard disk and it works wonderfully. I am now contacting the company to get the latest version. The phone is 800-752-1333. You can order directly or ask for a distributor locally which will be cheaper. List price is $125. -- Dion Hollenbeck (619) 455-5590 x2814 Megatek Corporation, 9645 Scranton Road, San Diego, CA 92121 uunet!megatek!hollen or hollen@megatek.uucp
bussiere@terre.DMI.USherb.CA (Luc Bussieres) (12/02/90)
In article <1990Nov29.172401.15268@polyof.poly.edu> ted@polyof.poly.edu (Theodore S. Kapela, Staff) writes: > [text deleted] >ALSO - If you boot from a floppy that does not load this device driver, well, >you could kiss the whole scheme goodbye. It will (obviously) only work >while the driver is loaded. True, you could modify the partition table/boot >sector as some programs do, which would effectively make the drive >inaccessible unless you boot from it or a specific floppy. Do you know where I can find a program that do modify the partition table. I need it to really protect the hard drives on our PCs. The students are always erasing files or reformating them. -- Luc Bussieres ---- Analyste - Dep. de Mathematiques et Informatique Universite de Sherbrooke Internet : bussiere@dmi.usherb.ca Tel: (819) 821-7981