funsec mailing list archives
RE: eWeek: Government-Funded Startup Blasts Rootkits
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Sat, 29 Apr 2006 00:07:24 +1200
Rob, grandpa of Ryan, Trevor, Devon & Hannah, to me:
There have been various "hardware antivirus" (or more generically "security") products. All of these that I've ever seen plug in between the IDE controller and IDE drive (I think there were a few very early ones that worked with pre-IDE drives too) and, if you had to describe their operation in just a few words (what, me??) you'd say they were "hardware partition access managers".Interesting. I reviewed three different hardware AVs (that I recall), and none were related to the drive controllers, although all provided similar functions.
I reviewed one while at VB -- forget the name and can't be bothered looking it up right now, but it was made by a UK outfit (based somewhere in Scotland?) and worked as described in my earlier message. Around the same time another "drive interceptor" was being quite heavily advertised/PR'ed in several of the security magazines (VB doesn't take advertising so we didn't see it). Also, another very similar device, sold under various OEM versions, but I think most widely known as "Sherriff" or "Drive Sherriff" or "Data Sherriff" or something similar (at least in the US) works in (much) the same way (based on skimming the manual of one in a CompUSA or similar...). Of course, in MFM days (not sure if there is an IDE equivalent -- anyone??) there was the old trick of cutting (or was it pulling to zero?) the "write enable" line in the drive cable... Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: eWeek: Government-Funded Startup Blasts Rootkits, (continued)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Larry Seltzer (Apr 26)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Drsolly (Apr 26)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Roger Thompson (Apr 26)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Drsolly (Apr 26)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Rob, grandpa of Ryan, Trevor, Devon & Hannah (Apr 27)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Blanchard_Michael (Apr 26)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Drsolly (Apr 26)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Nick FitzGerald (Apr 26)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Drsolly (Apr 26)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Rob, grandpa of Ryan, Trevor, Devon & Hannah (Apr 27)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Nick FitzGerald (Apr 28)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Rob, grandpa of Ryan, Trevor, Devon & Hannah (Apr 28)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Kevin McAleavey (Apr 27)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Larry Seltzer (Apr 25)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Barrie Dempster (Apr 25)
- Re: eWeek: Government-Funded Startup Blasts Rootkits Technocrat (Apr 25)