chrisb@hubcap.clemson.edu (Chris Behrens) (11/21/90)
The setup: I run a computer lab on campus which is clobbered by the Stoned and Ping Pong viruses. I want to create a startup program which will allow the user to be able to use a diskette or not. I want to disable the disk drive if they don't want to use it because the only to use it will be to have their disk scanned for viruses. Is there a program/utility which will allow me to disable the disk drive ??? (A: and B: are in the same physical drive) I guess it should not allow reading from or writing to the drive. That would help. I have checked all the pertinent directories at Simtel/WUArchive and have found nothing with a description to fit the need. Thank You. Chris Behrens ChrisB@Hubcap.Clemson.Edu
hrbaan@cs.ruu.nl (Hayo Baan) (11/21/90)
In <11754@hubcap.clemson.edu> chrisb@hubcap.clemson.edu (Chris Behrens) writes: ->Is there a program/utility which will allow me to disable the disk ->drive ??? (A: and B: are in the same physical drive) Try this : ASSIGN a=c b=c that way all the acceses to drive A: and B: will go to drive C:. this excludes however some programs like FORMAT (check the manual for this). -- +------------------+-----------------------------------------------------+ | Hayo R. Baan | E-Mail : hrbaan@cs.ruu.nl | | Oudwijkerlaan 34 |-----------------------------------------------------| | 3581 TD UTRECHT | | | The Netherlands | A program is like a nose; | | | Sometimes it runs, sometimes it blows. | | Tel. 030-515586 | | +------------------+-----------------------------------------------------+
smsmith@hpuxa.ircc.ohio-state.edu (Stephen M. Smith) (11/22/90)
hrbaan@cs.ruu.nl (Hayo Baan) writes: >In <11754@hubcap.clemson.edu> chrisb@hubcap.clemson.edu >(Chris Behrens) writes: > >>The setup: I run a computer lab on campus which is clobbered by the >>Stoned and Ping Pong viruses... [deletions] >>Is there a program/utility which will allow me to disable the disk >>drive ??? (A: and B: are in the same physical drive) > >Try this : >ASSIGN a=c b=c >that way all the acceses to drive A: and B: will go to drive C:. this excludes >however some programs like FORMAT (check the manual for this). The drawback about including the "assign" command in your autoexec.bat file is that anybody who knows anything about DOS can just enter "ASSIGN" and the system will reset itself. Thus it is a solution, but really only a temporary solution. There are three things here that need to be addressed. First you need to be concerned about the spreading of viruses at the hands of the ignorant. Second you need to realize that there are the few who will try to bypass your security reasons for one reason or another and will inadvertently spread a virus. Third, there is a possibility that someone will try to *place* a virus in a machine. Dealing with the first concern should be your immediate goal. There are a variety of ways of doing this, including TSR's which scan memory or will bar attempts to change executable files on the hard disk. In addition, if you have WordPerfect on the hard disk, for example, you can have a shell which invokes it via a batch file which will first check the student's disk for viruses before WordPerfect is loaded. The draw- back about this is they may not have a disk, or they may not want to use that particular drive (if the machine has both 5.25 and 3.5 inch drives), or they may have more than one disk that needs to be checked. Another thing you should do is to hide and write protect appropriate files on the hard drive (you probably have already done this). This will not work against a number of viruses, so a TSR is probably the best way to go. As far as somebody getting around your protection schemes...anybody with a fair knowledge of DOS will be able to do it. If you have a shell that keeps people from messing around with the hard disk, all a person has to do is to do a warm boot and hit control-break as the system is coming up and this will abort any batch file you have created to install protective shells, virus-scanning TSR's, etc. (I do this all the time at my university and it allows me to do whatever I want to the system even though they are very careful about keeping hackers from using their own software). Remember, when booting up, a computer will always check drive A: for a system disk, so anybody with a DOS disk will be able to bypass any security measures (unless of course you can change the ROM/BIOS). The most practical way of dealing with viruses then is to try to keep them from being spread by ignorant users. A simple shell with limited DOS commands and a virus-scanning TSR should do the trick, but I doubt if it would be practical to try to keep the students from *using* the A: or B: drives. S. "Stevie" Smith \ + / <smsmith@hpuxa. \+++++/ " #*&<-[89s]*(k#$@-_=//a2$]'+=.(2_&*%>,,@ ircc.ohio-state. \ + / {7%*@,..":27g)-=,#*:.#,/6&1*.4-,l@#9:-) " edu> \ + / BTW, WYSInaWYG \ + / --witty.saying.ARC
zama@ellis.uchicago.edu (iftikhar uz zaman) (11/22/90)
I have an XT with space for only two drives. I have decided that I'd like to keep a 3.5" 720K and my HD. Problem: When I hook the 3.5" in to the final connection on the FD controller cable it shows up as drive A: but it can only format the 720K disks as 360K ones. When I hook it up to the middle connector on the FD controller cable, I have no A:, and drive d: works as a 720K drive just fine (I use driver.sys, DOS 3.3). Is there a way to get the 3.5" drive to be the A: drive *and* format the 3.5" disks at 720K? E-mail if this is too stupid a question to have been asked on the net... Thanks a lot. Iftikhar
kd@doc.ic.ac.uk (K Dryllerakis) (11/22/90)
In article <11754@hubcap.clemson.edu> you write: |> The setup: I run a computer lab on campus which is clobbered by the |> Stoned and Ping Pong viruses. I want to create a startup program which |> will allow the user to be able to use a diskette or not. I want to |> disable the disk drive if they don't want to use it because the only to |> use it will be to have their disk scanned for viruses. |> |> Is there a program/utility which will allow me to disable the disk |> drive ??? (A: and B: are in the same physical drive) |> I guess it should not allow reading from or writing to the drive. That |> would help. |> I have checked all the pertinent directories at Simtel/WUArchive and |> have found nothing with a description to fit the need. |> |> Thank You. |> Chris Behrens |> ChrisB@Hubcap.Clemson.Edu |> How about trying the simplest thing of all? Use the DOS ASSIGN command, to assign drives A and B to drive C. From then on all information from and to drives A and B will be rerouted to drive C. Hope it helps, K J Dryllerakis Department of Computing Imperial College kd@UK.AC.IC.DOC D D Dept. of COmputing
leonard@qiclab.uucp (Leonard Erickson) (11/23/90)
Try adding the line: drivparm=/d:0 /f:2 to config.sys (basicly, the part after the = should look like your DRIVER.SYS line) If you get unrecognized command, stick 3 ctrl-A characters in immediately after the =. (This is needed to get around a "bug" in some DOS3.3x versions). If this doesn't work you are stuck. -- Leonard Erickson ...!tektronix!reed!percival!bucket!leonard CIS: [70465,203] "Oregon Guild Gold Card -- don't leave home without it!"
devolder@matt.ksu.ksu.edu (Eric DeVolder) (11/27/90)
In article <11754@hubcap.clemson.edu> chrisb@hubcap.clemson.edu (Chris Behrens) writes: >The setup: I run a computer lab on campus which is clobbered by the >Stoned and Ping Pong viruses. I want to create a startup program which >will allow the user to be able to use a diskette or not. I want to >disable the disk drive if they don't want to use it because the only to >use it will be to have their disk scanned for viruses. > >Is there a program/utility which will allow me to disable the disk >drive ??? (A: and B: are in the same physical drive) >I guess it should not allow reading from or writing to the drive. That >would help. >I have checked all the pertinent directories at Simtel/WUArchive and >have found nothing with a description to fit the need. > >Thank You. >Chris Behrens >ChrisB@Hubcap.Clemson.Edu > Yes! There is now a program available to do this!! I wrote it this weekend, and I have tested it under msdos 3.3 and msdos 4.0 and above. It is a simple program called RmDriv that will disable (and enable) any disk drive. If you are interested, let me know. Hopefully, if i get alot of response, I'll see if I can post it to simtel.
reeves@dvinci (Malcolm Reeves) (11/29/90)
>>>Is there a program/utility which will allow me to disable the disk >>>drive ??? (A: and B: are in the same physical drive) You could disable the floppy drive with the internal dip switches and have it boot on c: ..... This is inconvenient if you need to load new software or transport files but it works Ok if the machine is networked. I didn't read the original message so if this is irrelevant or duplicates previous replies I apologize.
blue@techunix.BITNET (Baruch Cochavy) (11/30/90)
There is only one way to disable A: and B: all together:
1. Modify the FD board so it will decode a different address.
2. Modify the BIOS to have a controlled access to the FD services.
Viri can only access what is know and common. BIOS services are common
enough, but a clever one can access the FD controller directly. Only way
to be safe, then, it to change the environment so that those assumptions
needed for the virus to work are gone.
Now, this does have some drawbacks: some of DOS utilities do
work based upon these assumptions. I argue, however, that those are not
the one a regular student needs ...
--
Baruch Cochavy | Disk space -- | blue@techunix.BITNET
Technion | the final frontier ! | blue@techunix.technion.AC.IL
Haifa 32000 | | phone: (972)-4-292904
ISRAEL | | (972)-4-387520