[comp.sys.ibm.pc.misc] Need to disable A: and B:

chrisb@hubcap.clemson.edu (Chris Behrens) (11/21/90)

The setup:  I run a computer lab on campus which is clobbered by the
Stoned and Ping Pong viruses. I want to create a startup program which
will allow the user to be able to use a diskette or not. I want to
disable the disk drive if they don't want to use it because the only to
use it will be to have their disk scanned for viruses. 

Is there a program/utility which will allow me to disable the disk
drive ??? (A: and B: are in the same physical drive)
I guess it should not allow reading from or writing to the drive. That
would help.
I have checked all the pertinent directories at Simtel/WUArchive and
have found nothing with a description to fit the need.

Thank You. 
Chris Behrens
ChrisB@Hubcap.Clemson.Edu
 

hrbaan@cs.ruu.nl (Hayo Baan) (11/21/90)

In <11754@hubcap.clemson.edu> chrisb@hubcap.clemson.edu (Chris Behrens) writes:

->Is there a program/utility which will allow me to disable the disk
->drive ??? (A: and B: are in the same physical drive)

Try this :
ASSIGN a=c b=c
that way all the acceses to drive A: and B: will go to drive C:. this excludes 
however some programs like FORMAT (check the manual for this).



-- 


+------------------+-----------------------------------------------------+
| Hayo R. Baan     | E-Mail : hrbaan@cs.ruu.nl                           |
| Oudwijkerlaan 34 |-----------------------------------------------------|
| 3581 TD  UTRECHT |                                                     |
| The Netherlands  | A program is like a nose;                           |
|                  | Sometimes it runs, sometimes it blows.              |
| Tel. 030-515586  |                                                     |
+------------------+-----------------------------------------------------+

smsmith@hpuxa.ircc.ohio-state.edu (Stephen M. Smith) (11/22/90)

hrbaan@cs.ruu.nl (Hayo Baan) writes:

>In <11754@hubcap.clemson.edu> chrisb@hubcap.clemson.edu 
>(Chris Behrens) writes:
>
>>The setup:  I run a computer lab on campus which is clobbered by the
>>Stoned and Ping Pong viruses... [deletions]
>>Is there a program/utility which will allow me to disable the disk
>>drive ??? (A: and B: are in the same physical drive)
>
>Try this :
>ASSIGN a=c b=c
>that way all the acceses to drive A: and B: will go to drive C:. this excludes 
>however some programs like FORMAT (check the manual for this).

The drawback about including the "assign" command in your autoexec.bat
file is that anybody who knows anything about DOS can just enter
"ASSIGN" and the system will reset itself.  Thus it is a solution, but
really only a temporary solution.

There are three things here that need to be addressed.  First you need
to be concerned about the spreading of viruses at the hands of the
ignorant.  Second you need to realize that there are the few who
will try to bypass your security reasons for one reason or another
and will inadvertently spread a virus.  Third, there is a possibility
that someone will try to *place* a virus in a machine.

Dealing with the first concern should be your immediate goal.  There
are a variety of ways of doing this, including TSR's which scan memory
or will bar attempts to change executable files on the hard disk.  In
addition, if you have WordPerfect on the hard disk, for example, you can
have a shell which invokes it via a batch file which will first check
the student's disk for viruses before WordPerfect is loaded.  The draw-
back about this is they may not have a disk, or they may not want
to use that particular drive (if the machine has both 5.25 and 3.5
inch drives), or they may have more than one disk that needs to be
checked.  

Another thing you should do is to hide and write protect appropriate 
files on the hard drive (you probably have already done this).  This
will not work against a number of viruses, so a TSR is probably the
best way to go.

As far as somebody getting around your protection schemes...anybody
with a fair knowledge of DOS will be able to do it.  If you have
a shell that keeps people from messing around with the hard disk,
all a person has to do is to do a warm boot and hit control-break as
the system is coming up and this will abort any batch file you have
created to install protective shells, virus-scanning TSR's, etc.
(I do this all the time at my university and it allows me to do
whatever I want to the system even though they are very careful
about keeping hackers from using their own software).

Remember, when booting up, a computer will always check drive A:
for a system disk, so anybody with a DOS disk will be able to bypass
any security measures (unless of course you can change the ROM/BIOS).
The most practical way of dealing with viruses then is to try to
keep them from being spread by ignorant users.  A simple shell with
limited DOS commands and a virus-scanning TSR should do the trick,
but I doubt if it would be practical to try to keep the students
from *using* the A: or B: drives.

S. "Stevie" Smith \  +  /
<smsmith@hpuxa.   \+++++/    " #*&<-[89s]*(k#$@-_=//a2$]'+=.(2_&*%>,,@
 ircc.ohio-state. \  +  /      {7%*@,..":27g)-=,#*:.#,/6&1*.4-,l@#9:-)  "
 edu>             \  +  / 
 BTW, WYSInaWYG   \  +  /                              --witty.saying.ARC

zama@ellis.uchicago.edu (iftikhar uz zaman) (11/22/90)

I have an XT with space for only two drives.  I have decided that I'd
like to keep a 3.5" 720K and my HD.   Problem: When I hook the 3.5"
in to the final connection on the FD controller cable it shows up
as drive A: but it can only format the 720K disks as 360K ones.
When I hook it up to the middle connector on the FD controller cable,
I have no A:, and drive d: works as a 720K drive just fine (I use
driver.sys, DOS 3.3).

Is there a way to get the 3.5" drive to be the A: drive *and* format
the 3.5" disks at 720K?

E-mail if this is too stupid a question to have been asked on the
net...

Thanks a lot.

Iftikhar

kd@doc.ic.ac.uk (K Dryllerakis) (11/22/90)

In article <11754@hubcap.clemson.edu> you write:
|> The setup:  I run a computer lab on campus which is clobbered by the
|> Stoned and Ping Pong viruses. I want to create a startup program which
|> will allow the user to be able to use a diskette or not. I want to
|> disable the disk drive if they don't want to use it because the only to
|> use it will be to have their disk scanned for viruses. 
|> 
|> Is there a program/utility which will allow me to disable the disk
|> drive ??? (A: and B: are in the same physical drive)
|> I guess it should not allow reading from or writing to the drive. That
|> would help.
|> I have checked all the pertinent directories at Simtel/WUArchive and
|> have found nothing with a description to fit the need.
|> 
|> Thank You. 
|> Chris Behrens
|> ChrisB@Hubcap.Clemson.Edu
|> 

	How about trying the simplest thing of all? Use the DOS ASSIGN
command, to assign drives A and B to drive C. From then on all
information from and to drives A and B will be rerouted to drive C.

Hope it helps,

K J Dryllerakis
Department of Computing
Imperial College
kd@UK.AC.IC.DOC
  
D
D
Dept. of COmputing 

leonard@qiclab.uucp (Leonard Erickson) (11/23/90)

Try adding the line:
	drivparm=/d:0 /f:2

to config.sys (basicly, the part after the = should look like your DRIVER.SYS
line)

If you get unrecognized command, stick 3 ctrl-A characters in immediately
after the =. (This is needed to get around a "bug" in some DOS3.3x versions).
If this doesn't work you are stuck.

-- 
Leonard Erickson		...!tektronix!reed!percival!bucket!leonard
CIS: [70465,203]

"Oregon Guild Gold Card -- don't leave home without it!"

devolder@matt.ksu.ksu.edu (Eric DeVolder) (11/27/90)

In article <11754@hubcap.clemson.edu> chrisb@hubcap.clemson.edu (Chris Behrens) writes:
>The setup:  I run a computer lab on campus which is clobbered by the
>Stoned and Ping Pong viruses. I want to create a startup program which
>will allow the user to be able to use a diskette or not. I want to
>disable the disk drive if they don't want to use it because the only to
>use it will be to have their disk scanned for viruses. 
>
>Is there a program/utility which will allow me to disable the disk
>drive ??? (A: and B: are in the same physical drive)
>I guess it should not allow reading from or writing to the drive. That
>would help.
>I have checked all the pertinent directories at Simtel/WUArchive and
>have found nothing with a description to fit the need.
>
>Thank You. 
>Chris Behrens
>ChrisB@Hubcap.Clemson.Edu
> 

Yes!  There is now a program available to do this!!  I wrote it this weekend,
and I have tested it under msdos 3.3 and msdos 4.0 and above.  It is a simple
program called RmDriv that will disable (and enable) any disk drive.  If you
are interested, let me know.  Hopefully, if i get alot of response, I'll see
if I can post it to simtel.

reeves@dvinci (Malcolm Reeves) (11/29/90)

>>>Is there a program/utility which will allow me to disable the disk
>>>drive ??? (A: and B: are in the same physical drive)

You could disable the floppy drive with the internal dip switches and
have it boot on c: ..... This is inconvenient if you need to load new
software or transport files but it works Ok if the machine is networked.
I didn't read the original message so if this is irrelevant or duplicates
previous replies I apologize.

blue@techunix.BITNET (Baruch Cochavy) (11/30/90)

There is only one way to disable A: and B: all together:

1. Modify the FD board so it will decode a different address.
2. Modify the BIOS to have a controlled access to the FD services.

Viri can only access what is know and common. BIOS services are common
enough, but a clever one can access the FD controller directly. Only way
to be safe, then, it to change the environment so that those assumptions
needed for the virus to work are gone.

        Now, this does have some drawbacks: some of DOS utilities do
work based upon these assumptions. I argue, however, that those are not
the one a regular student needs ...
--
Baruch Cochavy |   Disk space --           |  blue@techunix.BITNET
Technion       |      the final frontier ! |  blue@techunix.technion.AC.IL
Haifa 32000    |                           |  phone:  (972)-4-292904
ISRAEL         |                           |          (972)-4-387520