hardware assist virus protection?

Discussion in 'Virus Information' started by james, Oct 4, 2009.

  1. james

    james Guest

    Is there such thing as a hardware write-protected SATA drive that I can
    install windows and apps (while write protection is disabled) and then flip
    the switch to make it a read-only drive? This would make it impossible for
    the OS to get infected, along with other hardware protection such as bios
    write-protection. This is assuming windows vista or 7 will boot up on a
    read-only drive.

    Obviously I will also have a second drive for swapping and storing data
    files.
     
    james, Oct 4, 2009
    #1
    1. Advertisements

  2. james

    1PW Guest

    Hello James:

    Although it /is/ a good idea on paper, it would only be viable on your
    HDD that contained strictly data/documents.

    The HDD holding the OS requires write permissions because of all the
    process you don't normally see that support a running system.
     
    1PW, Oct 4, 2009
    #2
    1. Advertisements

  3. I've never heard of such a thing, but there's a lot I don't know.
    It would make it impossible for software to modify what is there, but
    the OS is as much an environment as it is a bunch or files on disk. The
    OS can still be "infected" but the malware can't be using that drive to
    persist after a reboot.
    Why not just make some disk image files to restore from?
    I'm not sure that Windows has the capability for utilizing a swap
    partition or drive other than the boot drive. No read/write means no
    swapping.

    What you seem to want is a good recovery plan. Rather than trying to
    protect the OS from modification, just keep a recent disk image (or
    three) for quick recovery. Things other than malware can ruin your day
    just as easily as malware can. Then, it is *still* important to avoid
    malware because all you have addressed so far is "persistence" and not
    addressed what damage can be done *during* a session.
     
    FromTheRafters, Oct 4, 2009
    #3
  4. james

    james Guest

    Is there such thing as a hardware write-protected SATA drive that I can
    Perhaps it's time microsoft work on win7 so that it can support such
    configuration (booting on read only drive)?
    Of course hard drive makers and motherboard makers also need to support by
    adding write-protection in hardware.

    This would go a long way towards reducing virus and malware.
     
    james, Oct 4, 2009
    #4
  5. As for a virus, it need not "persist" by modifying the OS - it need only
    be reinstantiated by you (or your OS) executing an "infected" program.
    Some non-viral malware can also modify (infect) program files to get
    themselves reinstantiated after a reboot.

    The simple principle of least privilege would go a long way too - but
    for the users' reluctance.
     
    FromTheRafters, Oct 4, 2009
    #5
  6. james

    Leythos Guest

    Actually, many devices already have this type of method - our Thin
    clients that provide either Nix or Win as a platform allow the user to
    read/write during their session and then, when they logout it restores
    from a diskless image - you can write configurations and install apps
    and then write them to the image, but it will refresh each time the user
    is done with the session.

    There are also snake oil applications that restore your system every
    time you boot.
     
    Leythos, Oct 4, 2009
    #6
  7. james

    1PW Guest

    Hello Leythos:

    ....and with a stretch of the imagination, the OP could be fairly well
    served with one of many Linux flavored LiveCDs. However, I've never
    come across a comprehensive Windows based LiveCD. Pity.
     
    1PW, Oct 4, 2009
    #7
  8. james

    Leythos Guest

    We've got a BUNCH of Windows CE machines that reload each boot, they
    have the ability to run IE, VNC, and some apps, if you get one with a
    disk it can reload from that and allow you to install more apps.
     
    Leythos, Oct 4, 2009
    #8
  9. From: "james" <>

    | Is there such thing as a hardware write-protected SATA drive that I can
    | install windows and apps (while write protection is disabled) and then flip
    | the switch to make it a read-only drive? This would make it impossible for
    | the OS to get infected, along with other hardware protection such as bios
    | write-protection. This is assuming windows vista or 7 will boot up on a
    | read-only drive.

    | Obviously I will also have a second drive for swapping and storing data
    | files.


    No. The OS must Read/Write to areas within %WINDIR%\system32, etc.
     
    David H. Lipman, Oct 5, 2009
    #9
  10. james

    Virus Guy Guest

    I would speculate that most infectors these days don't actually infect
    operating-system files as they exist on the hard drive - they get
    modified after being loaded into system memory.

    Even during sessions when the OS isin't performing a "windoze update" ?

    Other than crap like the event logs (which is useless for 99% of people
    who never look at it) what other files are we talking about?

    It would be nice if Windoze did have a concept of a %WINDIR%\Static32
    that you could allocate to a separate drive with physical, external R/W
    control, preferably it would also be the boot drive. If the OS ever did
    need to modify the contents of the static drive, it would simply flash a
    message asking the user to flip the r/w switch.
     
    Virus Guy, Oct 5, 2009
    #10
  11. If they wish to persist (i.e. survive a reboot) they will want some part
    of themselves to be executed somewhere in the startup axis. Since the
    startup axis involves the boot drive, this is a likely target. Even the
    so-called "rootkits" which do modify the executable image rather than
    the file on disk must have a component that executes prior to the
    loading of the target executable image. How to get this program running
    in time to modify the image? Modify "something" in the startup axis to
    call it earlier than the target gets called.

    This whole 'read only boot disk' topic is more about thwarting the
    persistence of malware between sessions than it is about 'in session'
    malware.

    [...]
     
    FromTheRafters, Oct 5, 2009
    #11
  12. From: "Virus Guy" <>


    | I would speculate that most infectors these days don't actually infect
    | operating-system files as they exist on the hard drive - they get
    | modified after being loaded into system memory.


    | Even during sessions when the OS isin't performing a "windoze update" ?

    | Other than crap like the event logs (which is useless for 99% of people
    | who never look at it) what other files are we talking about?

    | It would be nice if Windoze did have a concept of a %WINDIR%\Static32
    | that you could allocate to a separate drive with physical, external R/W
    | control, preferably it would also be the boot drive. If the OS ever did
    | need to modify the contents of the static drive, it would simply flash a
    | message asking the user to flip the r/w switch.

    You said... "I would speculate that most infectors these days don't actually infect..."
    Yes, but a good percentage do indeed "trojanize" legitimate files.
     
    David H. Lipman, Oct 6, 2009
    #12
  13. james

    Uri Guest

    Hi ,

    no , but why not a hardware firewall ....

    aldo some people are trying to experiment with such devices

    have a nice day
     
    Uri, Oct 11, 2009
    #13
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.