T H E G U A R D I A N U P D A T E Version 1.93 - October, 1993, June, 1994 --------------------------------------------------------------------------- This update contains corrections to the Reference Guide and provides supplemental information which became available after the Reference Guide was printed. Note that several file name changes have occurred in this update. See the Version History below for more details. --------------------------------------------------------------------------- * * * * I m p o r t a n t N o t i c e * * * * Version 1.93 or later of The Guardian cannot be used to unlock a disk which was locked by Version 1.92 or earlier. For more details, read the section on Version 1.93 in the Version History below in this Update file. --------------------------------------------------------------------------- * * * * Notice to Registered Users * * * * Your registration serial number is contained in the master configuration file, GUARDIAN.MRE. We recommend you replace the file that came with your Shareware version. Be advised, however, that when you do this, all installation parameters will be reset to their default values - including the master password, "guardian". When you replace the file, you should immediately change the password(s) to what you are currently using. --------------------------------------------------------------------------- * * * * Notice to Users of DOS Version 5 and later * * * * 4/92 The DOS installation procedure supplied in version 5 will normally create a CONFIG.SYS file containing a SHELL statement which tells DOS to look for its COMMAND.COM command interpreter in a directory called DOS. In addition, it will normally set up entries for programs or device drivers for such things as SETVER and possibly HIMEM and identify them as residing in that DOS directory. In this kind of configuration, with versions of The Guardian prior to 1.92, you would have to re-configure it if you wanted to be able to boot your computer from your hard disk while it is locked. (You would have to remove any references in the CONFIG.SYS file to the DOS directory, plus any programs in that directory that are needed at start-up time would have to be moved to the root directory.) If your disk contains a directory called DOS, Version 1.92 does not lock it. If you have a configuration like that described above, you can still access the DOS directory while the disk is locked and therefore you can still boot the computer. If you do want that directory to be locked, you should change the name of it to something else such as DOS3, DOSS, etc. Caution: Now when a disk is locked, all programs and/or files in the DOS directory are available to use. Make sure there isn't anything in that directory that you want to be "locked". UPDATE.TXT; Page 2 It is a good idea to review the contents of the CONFIG.SYS file to make sure you aren't calling in extraneous programs. For example, the program SETVER allows you to "send a message" to any application program that makes it think it is actually running under a different version of DOS. In order to do this, you must make an explicit entry in the SETVER table. If you aren't doing this, you don't even need the program, and since it is a resident program, you are wasting memory resources. --------------------------------------------------------------------------- * * * * New Version 2 * * * * Version 2 of The Guardian was released in June, 1992 and is available directly from Marcor Enterprises (i.e. it is not available as shareware). (As of November, 1994 the current version is 2.22) It has a windows style "interface" with pull down menus, pop up message windows, and includes mouse support. Among its many new features is the ability to selectively leave unlocked any combination of files and/or directories, lock or unlock multiple disks in one operation, customize the sign-on screen and the "locked disk" message file, multiple security levels, automatically park the heads of a disk after locking it, and control over several operational parameters. It includes a new program which allows you to lock or unlock disks directly from the DOS command line (and therefore from a batch file). The registration fee for version 2 is $49.95 plus $4.00 s/h ($6.00 outside the continental United States) plus applicable sales tax. For more information on its other features, please contact Marcor Enterprises. Version 2.22 also contains a stand alone program which allows you to encrypt individual files for additional protection. It uses The Guardian's configuration file to determine whether a password is required to encrypt a file, and if so, the password used to encrypt any given file (or the master password) is also required to unencrypt it. * * * * Getting Started * * * * 3/93 The file named TG.OVL is, in reality, an executable program. It is named this way to prevent a new user from running it before reading the documentation, a situation which can have dire consequences. It is a sign- on program which is designed to be invoked by the AUTOEXEC.BAT file (or the temporary command interpreter, TGCMD.EXE, if you are a registered user). When this program runs, it displays a sign-on menu and asks for a password. If you don't provide a valid password within three tries, it automatically locks your disk. (There are conditions described below in this update document under which it does not lock a disk.) In order to use this program, do the following three steps: 1. Run the main program, TGM.EXE, and select Change parameters, then View all passwords. The program will ask for the master password which should be "guardian" (without the quotes and all lower case or small letters - passwords are case sensitive). DO NOT CHANGE THIS MASTER PASSWORD YET. If you wish, you can add a password of your own at this time. When the sign-on program runs, it will accept any of the passwords that have been assigned. If the master password is not "guardian", you have an ILLEGAL COPY; YOU SHOULD NOT USE ANY OF THE PROGRAMS and should contact Marcor UPDATE.TXT; Page 3 Enterprises immediately. We are in Indianapolis, Indiana, U.S.A. and can be reached at (317) 876-9376. 2. Be sure you have a copy of TGM.EXE and GUARDIAN.MRE on a separate diskette, preferably one that is "bootable" (i.e. has a copy of DOS on it). If you used the INSTALL procedure that is provided, it should have made such a copy. 3. Rename TG.OVL to TG.EXE. Now that you are certain you know the master password or have added your own, you can safely run the program. Once you are familiar with how the programs work, you can safely change the master password to anything of your own choosing. But DON'T FORGET IT; WRITE IT DOWN and store it in a safe place. --------------------------------------------------------------------------- 8/91 Anyone who registers The Guardian will receive a bonus program along with the registered versions of the main programs. This program, TGCMD.EXE, can be used as a momentary command interpreter (e.g. a substitute for the COMMAND.COM that comes with DOS) which will further enhance the security protection of The Guardian. The documentation for The Guardian explains that if you add the command TG.EXE to your AUTOEXEC.BAT file, the sign-on menu will appear whenever you start or re-boot your computer, thus forcing a person to enter a valid password before he can use the computer. While most people don't realize it, it is possible to interrupt the AUTOEXEC procedure and potentially bypass the running of the sign-on program, even if the "TG" command is the very first entry in the AUTOEXEC.BAT file. Of course, a person would only have a reason to try this if he knew before he turned on the computer that there was something in the AUTOEXEC.BAT file that he wanted to override. This temporary command interpreter, provided to registered users, offers a way to safely prevent such an interruption. TGCMD.EXE can be specified in the CONFIG.SYS file as the initial command interpreter in place of COMMAND.COM. It will automatically execute the sign-on program, TG.EXE, and, assuming a correct password is entered, then transfer control to the "primary" command interpreter (normally COMMAND.COM). With this configuration, it is not possible to bypass the execution of the sign-on program. This program is offered only to registered users because it is only of any value to you if you are routinely using The Guardian, in which case, you are legally obligated to register it anyway. It has no effect on the functionality of the principle programs. 4/91 With version 1.8 of The Guardian, a modest restriction has been added to unregistered copies of the system. Despite stern warnings about reading the documentation BEFORE running any of the programs, many people have simply copied the programs to their hard disk and run program TG.EXE to "see what it would do" - and they got a nasty surprise when the program locked their disk because they didn't know the default master password. Effective with this release, when the master password is "guardian" as UPDATE.TXT; Page 4 originally distributed, and you are using an unregistered version, the program TG.EXE will not lock the disk as a result of an incorrect password. It will tell you this and then proceed to go through its alarm procedure as if the disk had been locked, but it won't actually lock it. Once you set up your own passwords, the program is fully functional. You can still intentionally lock a disk using program TGM.EXE. --------------------------------------------------------------------------- Another important consideration ..... The paragraph below discusses where The Guardian looks on the disk for its master configuration file, GUARDIAN.MRE. That paragraph applies only to versions of The Guardian prior to 1.93, version 1.93 with a program file date earlier than June, 1994, or if you are running a version of DOS lower than 3.0. If you have DOS 3.0 or later and the program files have a date of June, 1994 or later, then when you run a program, it knows where the program is located and automatically switches to that drive/directory. By doing this, the potential complications described below are avoided. When the program ends, it automatically switches back to the drive and directory which were current when the program was started. If the configuration file really isn't there, the program displays a message that it can't find the file and asks if you want to create one rather than doing so automatically. It also displays the path to the directory where it thinks the file should be. If you tell it you don't want to create a new file, the program simply quits. The reference manual states that The Guardian looks in its own directory for its master configuration file, GUARDIAN.MRE. Under some circumstances, this could be confusing. What it really does is look in the CURRENT directory. This could have some very significant implications. If you choose to leave all the programs in a sub-directory, such as SECURE, then, when you want to add instructions to your AUTOEXEC.BAT file to execute program TG.EXE, do it this way: cd\; cd SECURE; TG; cd\. DO NOT put cd\; SECURE\tg in this file. The Guardian would look for GUARDIAN.MRE in the root directory, and, since it isn't there, would automatically create a new one with default values - including a new master password of "guardian" - NOT the one you assigned in the SECURE subdirectory. If you want to put the program TGM.EXE in the root directory so it won't get locked, move BOTH the program and the file GUARDIAN.MRE to the root directory. Then, what you put in the AUTOEXEC.BAT file to execute program TG.EXE is cd\; SECURE\tg. (The uppercase/lowercase isn't important; also the use of semi- colons in the examples is just for readability - in the actual file, you would put each command on a separate line.) 5/90 Documentation clarification Chapter 3, Locking/Unlocking a Disk, describes the process for intentionally locking or unlocking a disk on any drive (program TGM.EXE). After selecting a drive, you are asked for an authorization code and are given three opportunities to provide the correct password (see the documentation for more detail). If you fail in three attempts, the request is denied, and you are returned to the master menu - nothing has been done in terms of locking or unlocking the disk. It is important to understand the difference between this action in this program, TGM.EXE, and the actions in the sign-on program, TG.EXE. If, in the sign-on program, TG.EXE, you fail to provide the correct password in three tries, the UPDATE.TXT; Page 5 program automatically locks the CURRENT drive - which might not be the drive where the program is located. (This is also described in Chapter 2, Logging on to a System.) Also, remember that once the sign-on program has been started, there is only one way out - provide the correct password (unless, of course, you turn off your computer). If you don't provide the correct password, the disk is locked and the keyboard is disabled. * * * * Version History * * * * Version 1.93 - 10/93, 6/94 This version contains some of the design technology originally developed for the non-shareware version 2 of The Guardian. It results in a more rigidly controlled environment during the actual process of locking and unlocking a disk. The visible effect of this is that if files are added to a disk while it is locked, or if a disk is only partially unlocked, then when the disk is completely unlocked, the program is able to recognize what has happened and ignore what in earlier versions was considered a discrepancy. Those discrepancies would cause the program to issue messages about the possibility of an error condition. Stated in simpler terms, this program is "cleaner" than earlier versions. The control file which contains the information for unlocking a disk is now called GUARD19.CTL instead of !!!.###. Since it is a hidden file, you would normally not even realize its existence. In addition, when a disk is unlocked, the information in this file is saved in a file called GUARD19.BAK (also a hidden file). If some sort of error condition arises, that prevents the successful unlocking of a disk, this file can be reinstated as GUARD19.CTL to make The Guardian think the disk is locked. In addition to being hidden, these files are marked read-only. This BAK file is saved so it is POSSIBLE to reuse it; it is NOT RECOMMENDED without the assistance of Marcor Enterprises. * * * C A U T I O N * * * Because of these new locking techniques and different file names, Version 1.93 or later cannot be used to unlock a disk which was locked with an earlier version of The Guardian. Also, if you add files to a disk while it is locked, you should take care not to give them the same name as a file that was in the root directory of the disk before it was locked. When the disk is unlocked, you will end up with duplicate entries in your root file directory. This greatly confuses DOS; if you tell DOS to delete a file that has a duplicate entry, DOS will delete BOTH files. If you need to add a file with a duplicate name, we recommend you first create a directory which is known not to duplicate a directory immediately below the root directory. Then add your file in that directory. This way DOS will be able to distinguish one from the other. This version also contains instructions to force DOS to properly update the file directory entry for the GUARD19.CTL file when it has completed locking a disk. In some computers containing disk data caching, there is a remote possibility that a timing conflict could arise and cause the control file UPDATE.TXT; Page 6 to become corrupted. This has never been reported for any of the 1.x versions of The Guardian, but there were a few reports of this happening when version 2 was first released. You must be running DOS version 3.3 or later for this feature to be in effect. Finally, the program now automatically switches to the drive and directory in which the program is located. This way it can always find its configuration file (GUARDIAN.MRE) containing passwords. If it can't find its configuration file, it asks for permission to create one and displays the path in which it is searching. Version 1.92 - 6/92, 3/93 The only change is that now when you lock a disk, if the program finds a directory called DOS, it does not lock it, but does mark the directory "hidden". This change was made to accommodate users of DOS version 5 and later which normally depends on the availability of that directory to "boot" from a hard disk. This change applies to all versions of DOS, not just version 5 and later. Remember that now any program or file in a directory called DOS is still available for use while a disk is locked. If you don't want this directory left unlocked, change its name to something other than DOS. In addition, the program will not lock a directory called GUARDIAN if it finds one. If you use the supplied INSTALL procedure, it will install the programs in a directory called GUARDIAN. This way, if you inadvertently lock a disk, you can still get to the programs to unlock it. Version 1.91 - 1/92 This update corrects several minor errors. If some problem were to occur while one of the programs is running and the lock control file, !!!.###, gets created but has no data (i.e. has a length of 0), the program would still read data off the disk and try to use it for passwords and lock status. This usually resulted in the program rejecting any password entered to unlock a disk even though it wasn't locked in the first place. When you deliberately lock or unlock a disk, program TGM forces you to enter a valid drive letter by setting a range of letters based on the number of drives installed or set by your CONFIG.SYS file. If the number of drives is a multiple of 16 (it often is 32 if a computer is on a network), the program, in doing some logical "masking", would calculate the number of drives to be zero and would set the letter range to "A-@". (In the ASCII numbering system the "@" character is numerically one less than "A".) If you change the master password and then attempt to lock a disk using that new password without first quitting the program, the new password would not be set properly in memory even though the program correctly updated the master configuration file, GUARDIAN.MRE. Now it works correctly. UPDATE.TXT; Page 7 Version 1.90 - 8/91 Version 1.90 of The Guardian contains two changes which, individually are fairly minor but, in conjunction with each other, provide for significantly simpler operation. When combined with the temporary command interpreter provided to registered users, it also greatly improves security protection. When a disk is locked, The Guardian now leaves "unlocked" ANY of its own programs/files that it finds in the root directory, which now includes the sign-on program, TG.EXE, and the command interpreter, TGCMD.EXE. The other change is that the sign-on program, TG.EXE, now checks the lock status of the disk before it displays the sign-on menu. If it is already locked, it accepts only the master password or the password that was used to lock the disk and then automatically unlocks the disk. This means that, if you register the program and use the new command interpreter, you can lock the disk before you turn off the computer, and, when you turn it back on, the disk is automatically unlocked as part of the normal start up process. If you prefer not to have the "Installation" name displayed as part of the sign-on menu, select the parameters option in program TGM.EXE and delete the contents of the Installation field. Program TG.EXE will then not display anything when it displays the sign-on menu. C A U T I O N Do not use version 1.90 or later of The Guardian to unlock a disk that was locked with an earlier version. The name of the "readme" file that is placed on a locked disk has been changed from READTHIS.MRE to README.TXT. Also you should not have one of your own files called README.TXT in the root directory. The Guardian will successfully lock and unlock the file, but for an instant during its processing, you will have duplicate entries in your root directory. When The Guardian is all done, it issues a command to DOS equivalent to "DEL README.TXT" and DOS will then erase or delete BOTH files. Version 1.8 - 4/91 This corrects an error which would only occur under very unusual circumstances. If the contents of a disk are altered while it is locked (such as adding a file - which should never be done), then, when you try to unlock the disk, you will get an error message for each locked file whose directory entry has been altered. You are given the opportunity to abort the unlock procedure or continue - normally you would continue. If, however, you press Esc to abort the process, the program would previously go ahead and replace the control file (containing the information for unlocking the remainder of the disk) with a control file indicating the disk was unlocked. Now this control file is left untouched until the disk is completely unlocked. As stated in the documentation, until a disk is completely unlocked, The Guardian considers it locked - thus you cannot lock a disk which has been partially unlocked. In addition, several more cosmetic enhancements have been made. Versions 1.6 - 1.7 9/90 - 11/90 UPDATE.TXT; Page 8 Version 1.6 contains some internal corrections which under very remote circumstances could cause one of the programs to behave erratically. Version 1.7 is primarily a technical upgrade. The internal structure of the program building blocks has been rearranged and much of the source code of the programs has been re-written for greater efficiency for both speed and reduced program size. Also a number of cosmetic enhancements have been added. Version 1.5 - 3/90 Version 1.5 accommodates the enhancements introduced with DOS version 4 which allows you to format a logical disk larger than 30 mb. These same capabilities exist in Compaq's version of DOS 3.3. Included on this distribution disk is a program called DISKINFO.EXE. It merely reads a disk and displays various technical parameters about the disk. If you have any questions about the compatibility of your DOS or disk format with the PC/MS-DOS format, run this program before attempting to lock a disk. If it displays valid information, you will have no problems. If you are not familiar with terms such as clusters and sectors, just verify the total capacity. Also, the standard default number for bytes/sector is 512. If the program displays any 0's or negative numbers, please contact Marcor Enterprises. With version 1.5, a slight change has been made in the way The Guardian locks a disk. Version 1.5 does not lock any files in the root directory that end in the extension .COM or .SYS. This way, if you lock your hard disk, the system is still "bootable" even though all other files are inaccessible (although it will not execute any commands in an AUTOEXEC.BAT file). Also, if it finds its own master menu program, TGM.EXE, in the root directory, it will not lock it. This way, you can, at your option, have your disk set up so that, if or when it gets locked, it is possible to restart your computer and unlock the disk without needing a another hard disk or diskette. Read the reference manual regarding some restrictions and cautions about using this technique. CAUTION: Some large disks use their own software for handling hardware features not supported by some versions of DOS. Frequently this means you need a special file called a device driver which is invoked by your CONFIG.SYS file. If this driver file does not end in an extension of COM or SYS, and if it is not in the root directory, then it will get locked along with other files and will not be available to CONFIG.SYS when you start up your computer. Thus it is possible that you still will not be able to boot your computer when the disk is locked. (6/92 - Version 2 of The Guardian eliminates this potential problem.) * * * * * * * * * * * * * *