funsec mailing list archives
RE: eWeek: Government-Funded Startup Blasts Rootkits
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 27 Apr 2006 11:23:28 +1200
Drsolly to Blanchard_Michael () emc com to Drsolly:
Remember Thunderbyte?It Thunderbyte similliar to the Apple II card CopyIIplus? I remember years ago there that CopyIIplus card that would copy any program disk to disk I believe, regardless of copy protection too :-)It was a hardware antivirus.
Are we remembering differ things? The Thunderbyte I remember was very much software, written initially by Frans Veldman of the Netherlands and joined later by Righard Zweinenberg. In the mid-90s it was bought up by Norman and by 1999 (or earlier?) Norman stopped shipping updates for it, much to the disappointment of its hardcore users. There have been various "hardware antivirus" (or more generically "security") products. All of these that I've ever seen plug in between the IDE controller and IDE drive (I think there were a few very early ones that worked with pre-IDE drives too) and, if you had to describe their operation in just a few words (what, me??) you'd say they were "hardware partition access managers". In a few more words, once setup and configured, they block, and/or re- direct writes to "protected" partitions to "reserved" space on the disk and redirect reads to those same disk locations to the "temporary" record in reserved space. On (hardware) reset, the reserved space and table of re-directed locations is cleared and the machine "restarts clean". Such product often allow for three types of partitions -- completely immutable ones (where writes will simply be prevented), temporarily mutable ones (as described above) and totally mutable ones (for storing user data, possibly for TEMP, and such). Such devices have sporadically been popular with some schools and other "public access" providers, but they are pretty shockingly bad as an "antivirus" (or general malware) "solution", given that "data" files (which, in a productive environment you generally want users to be able to save _and keep_) can be malicious, and that more and more the purpose of malware is to steal your data (e.g. harvest Email addresses, steal identity information) and/or steal your network bandwidth (spamming, spam relaying, proxying, warez storage, etc). As briefly described, these new PCI devices are probably nothing like the above (and if that was all they are, the government just wasted a bunch of money re-inventing a largely disfunctional wheel!). Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: eWeek: Government-Funded Startup Blasts Rootkits, (continued)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Justin Polazzo (Apr 25)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Larry Seltzer (Apr 25)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Drsolly (Apr 26)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Larry Seltzer (Apr 26)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Drsolly (Apr 26)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Roger Thompson (Apr 26)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Drsolly (Apr 26)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Larry Seltzer (Apr 25)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Rob, grandpa of Ryan, Trevor, Devon & Hannah (Apr 27)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Justin Polazzo (Apr 25)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Blanchard_Michael (Apr 26)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Drsolly (Apr 26)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Nick FitzGerald (Apr 26)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Drsolly (Apr 26)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Rob, grandpa of Ryan, Trevor, Devon & Hannah (Apr 27)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Nick FitzGerald (Apr 28)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Rob, grandpa of Ryan, Trevor, Devon & Hannah (Apr 28)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Kevin McAleavey (Apr 27)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Larry Seltzer (Apr 25)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Barrie Dempster (Apr 25)
- Re: eWeek: Government-Funded Startup Blasts Rootkits Technocrat (Apr 25)