| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 3517.1 | Forward to Enrico! | MSGAXP::MCCULLER | | Wed Nov 16 1994 11:28 | 13 |
|
I strongly support this approach. Although it is not necessarily
"leadership innovation", the logic presented is very hard to dispute.
At a minimum, the CMOS default should be the hard drive for bootup,
where the greatest chance of virus infection is resident. The base
note should be forwarded by the author to Enrico. I suspect he will
find the message presented clear and initiate the action to have his
people examine this approach.
Good thinking from our PC SECURITY notesfile moderator.
Mac (who worries about virus infection daily)
|
| 3517.2 | | KAOFS::B_VANVALKENB | | Wed Nov 16 1994 11:32 | 12 |
| Sounds good but would it be more robust if there was a virus
checker in PROM that could be activated by hardware on startup ???
That way the difference would appear invisible to the end user but
the added value could still be there.
PROM update could be made available yearly at a small charge. : )
Brian V
|
| 3517.3 | | QUARK::LIONEL | Free advice is worth every cent | Wed Nov 16 1994 11:42 | 10 |
| Our Celebris line can already do this.
* Boot-device sequence selections:
A: drive followed by C: drive
C: drive followed by A: drive
C: Drive only
Or are you saying that our systems should ship with "C only" the default?
Steve
|
| 3517.4 | How 'bout some more flash? | FPTVX1::CUSHMAN | Bob Cushman | Wed Nov 16 1994 12:39 | 5 |
| .0, .3 are a good start, but I second .2 also. Having an "embedded"
virus scan in startup firmware has some definite advantages. Instead
of a new prom however, you might want to consider having the virus
signatures on flash allowing for easy updates whenever a new signature
file becomes available.
|
| 3517.5 | | PASTIS::MONAHAN | humanity is a trojan horse | Wed Nov 16 1994 13:58 | 12 |
| I would defer to Phil on this point, but i believe virus scanners
1) tend to be large
2) need updating more than once per year
3) sometimes give false positives
4) are usually proprietary
All of these would indicate that putting them in PROM on a machine
might be undesirable.
I don't use PCs much, but the suggestion in the base note sounds
good to me.
|
| 3517.6 | Simple request | MINOTR::BANCROFT | | Wed Nov 16 1994 14:25 | 23 |
| >> I would defer to Phil on this point, but i believe virus scanners
(I know Dave Monahan, and he need not defer to anybody )
Dave is quite right:
1) tend to be large and the TSR "VIRSTOP" uses memory (I at least) am
short on.
2) need updating more than once per year - in fact about 6 times a
year.
3) sometimes give false positives - right
4) are usually proprietary - would need whole new licensing for US to
ship machines OR would need us to UPSIZE to set up an anti-virus
lab, and you can imagine that is not likely.
REALLY all I now think is needed is the CMOS to be set to boot C:
first then A: as the default, with an option - like control A held
down during bootup to boot off A: first.
All of these would indicate that putting them in PROM on a machine
might be undesirable.
I don't use PCs much, but the suggestion in the base note sounds
good to me.
|
| 3517.7 | | QUARK::LIONEL | Free advice is worth every cent | Wed Nov 16 1994 14:31 | 4 |
| I read in the IBMPC-94 file that the boot sector on Celebris PCs can be
write-protected, which is a great idea (I'll be sure to do this on mine).
Steve
|
| 3517.8 | how do you spell PROPRIETARY? | OFOS02::GINGER | Ron Ginger | Wed Nov 16 1994 19:18 | 12 |
| This is exacty the kind of thinking that got us the Rainbow, then all
the tandy-DEC pcs.
This is a COMPATIBLE world. customers dont want vendor specific 'fixes'
that dont work like a 'real' machine.
Think about all the PC support folks around the world - the outside
world, not at DEC- that would be confused by a PC that didnt 'work
right' when you booted it.
We are finally getting to where we build a PC that is INDUSTRY
COMPATIBLE. Lets dont go backward now.
|
| 3517.9 | Please explain | CSC32::MORTON | Aliens, the snack food of CHAMPIONS! | Wed Nov 16 1994 19:32 | 8 |
| Re .8
Ron,
I can't see where the proposals are non-compatable with the
industry standard, but are an enhancement. Please explain your
concerns, I'd really like to understand...
Jim Morton
|
| 3517.10 | BIOS's already do this! | BBPPDR::ROWELL | Paul Rowell @BBP - TMC UK | Wed Nov 16 1994 19:34 | 10 |
| A colleague recently bought an industry standard motherboard to build
his own PC. The interesting thing was that as part of the BIOS you
could intercept any call to change the boot sector on the hard disk and
have a warning saying "Something is writing to the boot sector on your
hard disk do you want to proceed?"
I like the idea of being able to overide C: only boot by pressing a
key.
-Paul
|
| 3517.11 | | BHAJEE::JAERVINEN | Ora, the Old Rural Amateur | Thu Nov 17 1994 07:22 | 9 |
| re .10: This feature is even in my (almost) noname motherboard in my
home PC...
In fact, most modern BIOSes have the ability to define the boot
sequence (the classical A: first, then C:, or vice versa, or C: only).
If I read .0 correctly, the main suggestion is to enable booting A:
using a special key combination at startup. This would obviously be a
bit more comfortable than going to setup - but if booting from A: is
regarded the excetption anyway, what's the big deal?
|
| 3517.12 | | PLAYER::BROWNL | The InfoHighway has too many side-roads. | Thu Nov 17 1994 07:41 | 16 |
| Additionally, the proposal in .0 is to stop virii. It won't. Given
that, as previously explained, the facility to keep A: out of the loop
is there on most machines anyway, the only thing this proposal does is
to enforce that as a default. Hmmm.
Most PCs are infected through an infected floppy in A: or perhaps B:.
Not booting from a floppy will only prevent a very small number of
infections by virii that infect the host on boot. Irrespective of when
or from where the PC was booted, it's just as infected if an infected
floppy is inserted to the floppy drive and referenced. Besides, how
does making it the default stop users from over-riding it?
No, I don't see the point in this. I'd rather see users given a free
licence to McAfee or some similar anti-virus software.
Cheers, Laurie.
|
| 3517.13 | | BOXORN::HAYS | I think we are toast. Remember the jam? | Thu Nov 17 1994 11:48 | 7 |
| RE: 3517.12 by PLAYER::BROWNL "The InfoHighway has too many side-roads."
Or give users a real OS, like WindowsNT or VMS or UNIX, that has a file
system with protections and such what.
Phil
|
| 3517.14 | More Phil | MINOTR::BANCROFT | | Thu Nov 17 1994 12:16 | 43 |
| >> Most PCs are infected through an infected floppy in A: or perhaps B:.
Yup, the only other normal vector is the net, and 90% of what I see as
current Digital infections are simple boot sector type.
NOTE: there ARE multipartate viruses which have both boot and file
(parasitic) forms. I have never seen one at Digital. Most viruses I
see are the FORM virus, with very few others, mostly Boot Sector.
>> Irrespective of when
>> or from where the PC was booted, it's just as infected if an infected
>> floppy is inserted to the floppy drive and referenced.
Viruses attempt to infect when their code is executed, they are just
computer programs. Boot sector sector viruses come in from diskettes
when the diskette is (intentionally or unintentionally) booted. File
(also called parasitic) viruses infect when the host program is run.
Companion viruses are too uncommon to discuss. Multipartate viruses
can infect when either the infected boot sector or file is run.
The FORM, boot sector virus is the main virus I see at Digital.
>> Besides, how does making it the default stop users from over-riding it?
It does not. When was the last time you needed to boot from the A:
drive? I see a fair proportion of the Digital virus infections, and
every one of the boot sector ones which we have clearly traced came in
from UNINTENTIONAL booting of the infected diskette. Remember most of
Digital infections are boot sector.
A simple boot sector virus infected diskette will NEVER - NIE MALS - JAMAIS
- NUNCA infect your system unless you boot it!
>> No, I don't see the point in this. I'd rather see users given a free
>> licence to McAfee or some similar anti-virus software.
I currently supply the latest F-PROTECT from MINOTR::USER6:[VIRUS].
In MINOTR::USER6:[SECURITY]
FAQ.VIRUSL is an outstanding list of answers to frequently asked
virus questions
ANTI-VIRUS-HANDBOOK.PS is a postscript two part book on anti-virus
information.
They are available for copy over the net.
NOTE: All I want to do is decrease Digital virus infections. The stuff
about "marketing advantages" is to try to interest management
as they control the real power ($) to get things done.
|