RE: eWeek: Government-Funded Startup Blasts Rootkits

["Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rMslade () shaw ca>]

Date sent:              Thu, 27 Apr 2006 11:23:28 +1200
From:                   Nick FitzGerald <nick () virus-l demon co uk>

> There have been various "hardware antivirus" (or more generically 
> "security") products.  All of these that I've ever seen plug in between 
> the IDE controller and IDE drive (I think there were a few very early 
> ones that worked with pre-IDE drives too) and, if you had to describe 
> their operation in just a few words (what, me??) you'd say they were 
> "hardware partition access managers".

Interesting.  I reviewed three different hardware AVs (that I recall), and none were 
related to the drive controllers, although all provided similar functions.

I think the first I heard about was the Watchdog Armor card from Fischer.  It 
provided boot protection (preventing floppy boot, which wasn't all that hard 
otherwise) and hardware encryption performance.  As far as I can remember it just 
plugged into a normal slot, and had nothing to do with the drive cabling.  
(Watchdog itself did operation restriction, changed detection, and encryption.)

The next that I actually tested was Western Digital's Immunizer.  It relied on their 
(then new) system controller chip, and was operation restricting in order to 
prevent tampering with memory or writing to certain areas of the disk.  It was 
built into the system board.  The less said about the product the better: it never 
shipped.  (WD also stiffed me on the contract for the review, and changed the 
conditions several times.  I eventually did a rush job on it for their launch, working 
basically around the clock over a weekend, and got next to nothing.)

The Rising Anti-Virus Card (RAVC) was an activity monitor on a card.  Again, it 
plugged into a normal slot, and didn't touch the drive cables.

(Trend's PC-Cillin originally came with a hardware dongle, and I've still got one of 
that vintage.  However, it really didn't affect the operation.)

======================  (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca     slade () victoria tc ca     rslade () computercrime org
In Germany they came first for the Communists, and I didn't speak
up because I wasn't a Communist.  Then they came for the Jews,
and I didn't speak up because I wasn't a Jew.  They came for the
trade unionists, and I didn't speak up because I wasn't a trade
unionist.  Then they came for the Catholics, and I didn't speak
up because I was a Protestant.  Then they came for me, and by
that time no one was left to speak up.           - Martin Neimoeller
http://victoria.tc.ca/techrev/rms.htm
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.