Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw
From: 71435.1777@CompuServe.COM (Bob Bosen)
Newsgroups: comp.virus
Subject: Boot Sector/Partition Table Protection (PC)
Message-ID: <0005.9102281544.AA01581@ubu.cert.sei.cmu.edu>
Date: 27 Feb 91 19:22:36 GMT
Sender: Virus Discussion List <VIRUS-L@LEHIIBM1>
Lines: 30
Approved: krvw@sei.cmu.edu

Referring to the idea of inserting viral detection code very early in
the bootstrap sequence by modifying the partition table, Padgett
Peterson writes:

>I hope that this will stimulate some activity on the part of the
>vendors to provide such protection -- it is not difficult to write,
>but for me, I would no longer consider any product complete unless
>some such form of low level protection was included.

I'm sorry, but it would just be too easy to fake the "all clear"
message generated by any such technique.

I agree that some form of low level protection is necessary but I fear
that defensive code hiding in partition tables will be much more
vulnerable to attack than MY preferred method: periodically
bootstrapping from a "sterile" boot diskette that is kept isolated from
every other usage. If I never use that boot diskette in any machine
executing any code that didn't COME from that diskette, then it CAN't
be corrupted. Period. End of discussion. That's the ultimate low-level
protection.

Bob Bosen
Enigma Logic Inc. (Producers of SafeWord VIRUS-Safe [Now Shareware])
2151 Salvio Street #301
Concord, CA  94520
USA

Tel: (415) 827-5707
FAX: (415) 827-2593
Internet: 715435.1777@COMPUSERVE.COM