funsec mailing list archives
RE: eWeek: Government-Funded Startup Blasts Rootkits
From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rMslade () shaw ca>
Date: Thu, 27 Apr 2006 14:54:26 -0800
Date sent: Thu, 27 Apr 2006 11:23:28 +1200 From: Nick FitzGerald <nick () virus-l demon co uk>
There have been various "hardware antivirus" (or more generically "security") products. All of these that I've ever seen plug in between the IDE controller and IDE drive (I think there were a few very early ones that worked with pre-IDE drives too) and, if you had to describe their operation in just a few words (what, me??) you'd say they were "hardware partition access managers".
Interesting. I reviewed three different hardware AVs (that I recall), and none were related to the drive controllers, although all provided similar functions. I think the first I heard about was the Watchdog Armor card from Fischer. It provided boot protection (preventing floppy boot, which wasn't all that hard otherwise) and hardware encryption performance. As far as I can remember it just plugged into a normal slot, and had nothing to do with the drive cabling. (Watchdog itself did operation restriction, changed detection, and encryption.) The next that I actually tested was Western Digital's Immunizer. It relied on their (then new) system controller chip, and was operation restricting in order to prevent tampering with memory or writing to certain areas of the disk. It was built into the system board. The less said about the product the better: it never shipped. (WD also stiffed me on the contract for the review, and changed the conditions several times. I eventually did a rush job on it for their launch, working basically around the clock over a weekend, and got next to nothing.) The Rising Anti-Virus Card (RAVC) was an activity monitor on a card. Again, it plugged into a normal slot, and didn't touch the drive cables. (Trend's PC-Cillin originally came with a hardware dongle, and I've still got one of that vintage. However, it really didn't affect the operation.) ====================== (quote inserted randomly by Pegasus Mailer) rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org In Germany they came first for the Communists, and I didn't speak up because I wasn't a Communist. Then they came for the Jews, and I didn't speak up because I wasn't a Jew. They came for the trade unionists, and I didn't speak up because I wasn't a trade unionist. Then they came for the Catholics, and I didn't speak up because I was a Protestant. Then they came for me, and by that time no one was left to speak up. - Martin Neimoeller http://victoria.tc.ca/techrev/rms.htm _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: eWeek: Government-Funded Startup Blasts Rootkits, (continued)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Drsolly (Apr 26)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Larry Seltzer (Apr 26)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Drsolly (Apr 26)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Roger Thompson (Apr 26)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Drsolly (Apr 26)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Rob, grandpa of Ryan, Trevor, Devon & Hannah (Apr 27)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Blanchard_Michael (Apr 26)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Drsolly (Apr 26)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Nick FitzGerald (Apr 26)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Drsolly (Apr 26)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Rob, grandpa of Ryan, Trevor, Devon & Hannah (Apr 27)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Nick FitzGerald (Apr 28)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Rob, grandpa of Ryan, Trevor, Devon & Hannah (Apr 28)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Kevin McAleavey (Apr 27)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Larry Seltzer (Apr 25)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Barrie Dempster (Apr 25)
- Re: eWeek: Government-Funded Startup Blasts Rootkits Technocrat (Apr 25)