Guardian (c) ------------ Version 1 by G&G Computer Services 39 Cathy Circle Portsmouth, RI 08271 ... The highest form of generalship is to balk the enemys' plans; the next best is to prevent the junction of the enemys' forces; the next in order is to attack the enemys' army in the field; and the worst policy of all is to besiege walled cities .... Sun Tzu, The Art of War Introduction: ------------- As of late there has been a vicious war going on. Its battlefield - computer storage media; its army - the untold number of computer viruses; and its generals - those sick minds who find joy in inflicting civilian casualties. Being a war, we should seek advice from the man who wrote the book on it. The man was Sun Tzu and the book was 'The Art of War'. Written 2,500 years ago its truths still apply today in our world of high tech viruses. In the above quote we find good advice on how to best fight this gorilla war known as viruses. As Sun Tzu states '... the worst policy of all is to besiege walled cities ...'. This statement is very true for even if the identity of the person who created the virus becomes known, it does not guarantee that others will be swayed to stop if he is made an example of. Therefore to try and rid ourselves of viruses by assaulting the perpetrator himself becomes impossible. Another less desirable way to stop this onslaught is to '... attack the enemys' army in the field ...'. There are many programs that will do this, by checking program code for instruction sets unique to viral attacks. Yet they can only spot known viral strains and can be easily fooled by merely moving a few key instructions around. Thereby the virus is again reborn to create havoc on the battlefield. Sun Tzu also states '... the next best is to prevent the junction of the enemys' forces ...'. Again there are programs that fall into this category. They try to stop viruses by restricting access to any storage media (i.e.. computer disks). Their shortcoming is that they assume the virus will always use BIOS/DOS interrupts to handle all disk I/O. While stopping many viral strains, ones that use low level direct disk access through the disk controller can not be stopped through this method. Finally Sun Tzu states '... The highest form of generalship is to balk the enemys' plans ...'. Therefore according to Sun Tzu the best way to defeat this viral army is to snatch the victory for which they strive for. For their final goal is to make our data useless to us. All else that a virus may do to our programs is nothing it is what they do to our data that is more important. For if we can stop them from doing this then we have won the battle. And so this is where Guardian (c) comes into the picture. Guardian is a boot sector protection program which, run at the end of each computer session will protect a disks' boot sector. It will also keep a virus from using the program stored in the boot sector to propagate itself. It should also be noted here that if the boot sector of a floppy disk is damaged, by using another system disk we can access the damaged disk, but if the boot sector of a hard disk is sufficiently damaged then DOS will refuse to acknowledge the existence of the disk leaving only one recourse - reformatting! Disclaimer: ----------- Guardian is provided 'as is' without warranty of any kind, either expressed or implied. The entire risk as to the quality and performance of the program is with the user and should the program prove defective, the user and not the authors will assume the entire cost of all necessary remedies. None of the authors warrant that the functions contained in the program will meet any users requirements or that the operation of the program will be error-free or uninterrupted. G&G, its employees, and associates claim no responsibility for any damages incurred during use of this product. System Requirements: -------------------- Guardian will run on all 100% compatible IBM machines. System requirements: 128 KB of memory. Preparing Guardian for use : ---------------------------- 1.) Add the directory name of which Guardian is stored into the DOS PATH command (see your DOS manual for more information on the PATH command). 2.) Access the disk that you want Guardian to protect (i.e.. 'C:' for the c drive). 3.) Type 'Guardian' at the DOS prompt. At this point Guardian will read the boot sector of the default disk and make a copy of it to the file BOOT.DAT. Guardian will also report the basic disk information to the screen similar to the following: Guardian (c) G&G Computer Services Boot sector report for C: Jump instruction : 0xeb 0x34 0x90 System Id : DOS 3.0 Bytes per sector : 512 Sectors per cluster : 4 Reserved sectors at beginning : 1 Copies of FAT : 2 Max Number of root directory entries : 512 Total number of sectors : 41735 Format ID : 0xf8 Number of sectors per FAT : 41 Number sectors per track : 17 Number of sides (heads) : 4 Number of special reserved sectors : 17 This report is provided for your information only. (There are many good books on the market that will explain each entry, for such explanations are beyond the scope of this document). Also note that the boot sector program (other than the initial jump instruction) is not displayed. Using Guardian : ---------------- At the end of each computer session before turning off the computer type 'Guardian' at the DOS prompt while on the disk drive you wish to check. Guardian will once again read the boot sector and compare it to the information in the file BOOT.DAT. It will then create a report screen similar to the following: Guardian (c) G&G Computer Services Boot sector report for C: Jump instruction : 0xeb 0x34 0x90/0xeb 0x34 0x90 System Id : DOS 3.0/DOS 3.0 Bytes per sector : 512/512 Sectors per cluster : 4/4 Reserved sectors at beginning : 1/1 Copies of FAT : 2/2 Max Number of root directory entries : 512/512 Total number of sectors : 41735/41735 Format ID : 0xf8/0xf8 Number of sectors per FAT : 41/41 Number sectors per track : 17/17 Number of sides (heads) : 4/4 Number of special reserved sectors : 17/17 No change in boot sector detected. The following information is in the format of '/'. Again this is provided for your information only. If through accident, malicious intent, or act of GOD the boot sector was changed/damaged then Guardian will immediately react. First it will inform the user that the boot sector has been changed. Secondly it will ask if the user wishes to change the boot sector to what is in the saved data file (old boot sector). If at this point the user responds with a yes then Guardian will replace the boot sector with the saved information, if no then Guardian will not change the boot sector. *Note for advanced users only* If the disk information has not changed then the program data has changed. If you would like to see if the change was the work of a virus trying to copy itself then answer no to the replace prompt. After returning to the DOS prompt copy the file BOOT.DAT to BOOT.OLD and then rerun Guardian. Guardian will then make a new BOOT.DAT file from the information in the boot sector. Rename the new BOOT.DAT file to BOOT.COM and use debug to disassemble it. Then after you are done with debug delete BOOT.COM and rename the BOOT.OLD back to BOOT.DAT. Run Guardian and answer yes to the replace prompt. If the user has changed the boot sector then he should delete the file BOOT.DAT from the disk and run Guardian to resave the new information. Files ----- The following files listed below should have been included in the ZIP file: GUARDIAN.EXE - the executeable file README.TXT - this file ORDFRM - the registration form Miscellaneous: -------------- This product is shareware and may be distributed freely. If you find it of use after a reasonable test period, please send $35.00 (U.S. FUNDS) per copy to: G&G Computer Services 39 Cathy Circle Portsmouth, RI 02871 When you register your copy, you will be placed on the update list. Once on the list, you will be notified of updates to this product and the release of new products from our company. For any questions, problems, or suggestions call by modem : - Ups and Downs BBS Portsmouth, RI 1-(401)-683-5961 or - Swat BBS Swansea, Mass 1-(508)-675-8503 and leave feedback to the sysop. Both of the above Bulletin Boards support 300/1200/2400 Baud and and operate 24 hours - 7 days a week.