[ale] Virus in Linux

Keith R. Watson keith.watson at gtri.gatech.edu
Fri May 24 08:20:11 EDT 1996


At 12:47 AM 5/24/96, you wrote:
>You can protect your master boot record from a dos boot infector in the
>diskette boot record by turning off boot from A or A/C to C/A in your
>CMOS/BIOS.  Everyone has forgotten to remove a diskette from the A: drive
>and this is the most common way a machine gets hosed.  Some of these viruses
>like the Monkey will cypher your partition tables.  Others will write on 1
>or more sectors besides the boot record.  The popular FORM will write itself
>to the System boot record usually assuming that the 1st partition is a DOS
>partition.  99.9% of all viruses in the wild are PC DOS programs.
>
>Arthur, IBMAV support and CERT

Highly recommended but be aware that this doesn't work on all systems. The
way this feature works is that the system will try to boot from a valid hard
drive before trying to boot from a floppy drive. The question is, what's a
valid hard drive?

On most systems a valid hard drive is one that has an entry in the CMOS type
table. Meaning that you have set one or more hard drives on your system
using a hard drive type number in the CMOS setup. On newer systems you can
define your own type using type number 46 or 47 or both, depending on the
system.

So where's the problem? Many controllers, such as SCSI, require you to set
the drive type in CMOS to 'none'. As a result the system does not think it
has a valid hard drive at boot so it boots from floppy if one is left in the
drive even though there may be a valid SCSI hard drive and controller.

Gak! Now what? Simple, test your system first before trusting it. Set your
system to boot from C: then A: and try it. You also may be one of the lucky
few who have a system that allows you to disable floppy boot out right. In
this type of system you can say, only boot from a valid hard drive, even
SCSI, and never boot from floppy even if the hard drive is not there.

Assume nothing. Test everything.


happy hardware hacking,
keith

My preferred programming language is solder.
-------------

Keith R. Watson                        GTRI/AIST
Computer Services Specialist IV        Georgia Institute of Technology
keith.watson at gtri.gatech.edu           Atlanta, GA  30332-0816
404-894-0836






More information about the Ale mailing list