RE: eWeek: Government-Funded Startup Blasts Rootkits

[Nick FitzGerald <nick () virus-l demon co uk>]

Rob, grandpa of Ryan, Trevor, Devon & Hannah, to me:

> > There have been various "hardware antivirus" (or more generically 
> > "security") products.  All of these that I've ever seen plug in between 
> > the IDE controller and IDE drive (I think there were a few very early 
> > ones that worked with pre-IDE drives too) and, if you had to describe 
> > their operation in just a few words (what, me??) you'd say they were 
> > "hardware partition access managers".
>
> Interesting.  I reviewed three different hardware AVs (that I recall), and none were 
> related to the drive controllers, although all provided similar functions.

I reviewed one while at VB -- forget the name and can't be bothered 
looking it up right now, but it was made by a UK outfit (based 
somewhere in Scotland?) and worked as described in my earlier message.

Around the same time another "drive interceptor" was being quite 
heavily advertised/PR'ed in several of the security magazines (VB 
doesn't take advertising so we didn't see it).  Also, another very 
similar device, sold under various OEM versions, but I think most 
widely known as "Sherriff" or "Drive Sherriff" or "Data Sherriff" or 
something similar (at least in the US) works in (much) the same way 
(based on skimming the manual of one in a CompUSA or similar...).

Of course, in MFM days (not sure if there is an IDE equivalent -- 
anyone??) there was the old trick of cutting (or was it pulling to 
zero?) the "write enable" line in the drive cable...


Regards,

Nick FitzGerald

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.