home *** CD-ROM | disk | FTP | other *** search
-
- VWPD.386
-
- Virus/Trojan Detector
- Runs in Protected Mode at Ring ZERO. The MOST secure of all the operating
- modes, unlike old style DOS real mode virus detectors. This is the World's
- First Windows Protected Mode Virus Detector. Runs constantly, but with
- low overhead; minimal impact on system performance.
- Includes write protect feature for disk drives(see documentation for VWPD).
- Includes special feature to protect DOS commands and programs from running.
-
-
- Program and documentation file included.
-
-
- ------------------------------------------------------------------------
- Contains new features designed to provide enhanced VIRUS/TROJAN
- protection.
-
-
-
- Version 1.05 has:
- Additional boot sector protection.
- Protect sectors from partition sector to boot sector hard drive zero.
- Fixes for INT 1Ah and CMOS, and the mouse disappearing.
- Fix for access floppy disk hangs machine, requires reset.
- Fix for DOS 5.0, call to PSP:5, if DOS loaded high.
- Fixes for formatting of floppies.
- Hardware trapping of format and reset commands at disk drive controller.
- Attemps to remove system or hidden file attributes.
-
- Modified hard drive protection, protects all hard drives
- from writes, except thru BIOS,
- and ALL formatting (even attempts direct to the controller port).
-
- DOS "VER" command now prints Windows numbers +
- Dos version. (/W3 is highest level of warning, /W2 is next lower).
-
- DOS "VWPD" command prints vwpd version and status message.
-
- DOS "JOIN", "FDISK" command is disabled in Windows.
- ALSO APPEND, SUBST, FORMAT, ASSIGN.
-
- TIME & DATE must be changed from the Windows Control Panel.
- They do not print out current time or date; this will be fixed.
-
- Put in Dummy Command handler for hard disk controller(91h). Useful
- for testing if hard disk controller is protected.
-
- Removed most protection from floppy drives. Some protection to be
- put back in.
-
-
- Version 1.06 has:
- FASTOPEN, APPEND commands is disabled.
- Fix for BUG in 1.05 caused Windows to Hang, when DOS "HELP" command used.
-
-
- See also WSAFE, our program to protect you from running certain DOS
- programs like CHKDSK while Windows is running. Endorsed in Brian
- Livingston's new book "Windows 3 Secrets", as Excellence in Windows
- Shareware.
-
- Incidently about Brian's book on Windows 3 Secrets, run, don't walk
- to get a copy. It is excellent, maybe better than that. (By the way
- I don't make anything from the sale of the book.)
-
-
-
- INSTALLATION
- ------------------------------------------------------------------------
- See instructions for VWPD.DOC
-
-
- In the documentation below, references to VWPD means the new version.
-
-
- TIPS: -------------------------------------------------------------------
-
- If a DOS application tends to cause more messages than you would like,
- try running it in a window. The annoying screen switches that occur
- when a message is displayed, when a Windows application or a DOS full
- screen application are running, WILL NOT occur. (This work around is for
- a poor implementation of message box handling in windows).
-
- In other words if the application causes a lot of messages. WINDOW it
- before you start it.
-
-
- GENERAL
- ------------------------------------------------------------------------
- A warning message is displayed for the following occurances. In most
- cases the message will allow for OK/CANCEL. OK allows the operation
- to proceed as normal. Cancel stops the operation from succeding and
- where necessary forces the application to abort.
-
-
-
- Mild warnings------------------------------------------
-
- Attempts to terminate and stay resident.
-
- Attempting to change the memory allocation strategy.
-
- Attempts to read the hard disk partition table.
-
- Attempting to reboot the system.
-
- Attempting to get the DOS data segment.
-
- Attempting to get the DOS list of lists
-
- Attempting to create a Program Segment Prefix
-
- Attempting to use int 40h, alternate disk handler
-
- Attempting to change an interrupt vector
-
- Some other obscure kinds of activity.
-
-
-
- Intermediat warnings ----------------------------------
-
- Attempt's to write sector one, head ZERO, track ZERO
- any floppy disk. This is the boot sector.
-
- Attempting to get/set the disk handler.
-
-
- SEVERE errors -----------------------------------------
-
- Attempts to clobber the CMOS RAM area.
-
- Attempt's to write sector one, head ZERO, track ZERO
- hard drive. This is the partition sector.
- Also the boot sector, and on hard drive zero, all
- the sectors between the partition and the boot.
-
- Attempts to use FCB's to DELETE ALL file entries.
-
- Attempts to Write to .COM, .EXE or .SYS files.
-
-
-
-
- These measures prevent a virus from Terminating without warning,
- or modifying the disk partition table or adding itself to the boot
- sector on the floppy or HARD disk. (Hard disk boot sector protection
- is a recent addition). Or, modify executable files.
-
-
- This protection ONLY applies when Windows is running in enhanced mode.
-
-
-
- LIST OF Interrupts protected:-------------------------------------------
-
- There is protection from calls to PSP:5.
- INT 13h, 19h, 1Ah, 21h, 26h, 27h, 2Fh, 40h.
-
-
- WARNING MESSAGES--------------------------------------------------------
- If VWPD puts up a warning message this DOES NOT MEAN that a virus
- is at work. In most cases, the application that is running is doing
- something PERFECTLY HARMLESS. However, if you want the operation to FAIL
- use the CANCEL button, else select OK.
-
-
- There are 2 message levels of severity in VWPD. Most warnings will allow
- the operation, if you select OK. In a couple of cases the operation will
- NOT be allowed as it would cause severe damage.
-
- It is necessary at the present time to use your own judgement in deciding
- what is and what is not a virus, in those cases where there is no obvious
- damage being done.
-
- THINGS to Watch out for. Programs attempting to terminate and go resident
- especially if there is an attempt to change the memory allocation STRATEGY.
-
-
-
-
-
-
-
- CAUTIONS: --------------------------------------------------------------
- VWPD has been fixed to trap the backdoor into DOS thru CP/M call at PSP:5 if
- DOS 5.0 has been loaded high.
-
- But, There may be a similar problem with other DOS extender systems. If the
- A20 line is enabled and wrap at 1 megabyte is disabled.
-
- Formatting of floppies should only be done using a Windows application
- such as File Manager. Using DOS format is NOT recommended.
-
-
- TESTED WITH: -----------------------------------------------------------
-
- This latest version has only been tested on DOS 3.30, 5.00,
- under Windows 3.0a. It has been tested with Win3.1-2.
-
- DISK system, using 32 megabyte or smaller logical drives.
-
- It should not be capable of causing or contributing to disk corruption.
- VWPD is basically a filter, that watches for certain kinds of activity.
- It does nothing which should cause you any continuing problems.
-
-
-
- DOS 4.x, 5.x -----------------------------------------------------------
- I think VWPD is safe to use with DOS 5.0, it has been tested with it.
- If you use it with 5.0 suggest you NOT use it if you have logical drives
- larger than 32 megabytes.
-
- If you try it with over 32 megabyte logical drives, it should not be
- capable of causing any damage, but it is possible that you might get
- warning messages that I have not considered.
-
-
-
- DISK Drives: -----------------------------------------------------------
-
- (NOT included in this release!!).
- A program for testing your disk drive is included. It is called TESTDISK.
-
- It will display a report on your screen, and will indicate if VWPD
- will work properly with your disk drive.
-
-
- 2 HARD DISKS: VWPD has not been tested with a system with 2 hard drives.
- It may not provide as complete protection for drive 2 as drive 1.
-
-
-
- VIRUS DETECTOR PROGRAMS ------------------------------------------------
- You may if you want try installing Central Point Software's Virus Detector
- or other such program in conjunction with VWPD. The other detector may
- be installed before Windows is started in which case it will protect all
- activity or it may be installed after a DOS session is started in which
- case it will protect only that DOS session.
-
- Using a second detector like this has not been tested.
-
- Suggest you DO NOT run other detectors at the same time, as they will
- affect performance.
-
-
-
-
-
- PERFORMANCE: -----------------------------------------------------------
- VWPD has been written to minimize it's impact on the overall system
- performance. I believe you will find it is much less of a drag than
- ANY other virus detector available.
-
-
-
- SPECIAL OPTIONS:--------------------------------------------------------
- The option VWPDWarn3 can be placed in the [386enh] section of system.ini.
- The default is TRUE. Setting it equal to false or zero (0), will turn
- off certain warning messages. But you will have less protection.
- (Get List of Lists, Go TSR, Create PSP are presently the only warnings
- turned off).
-
- VWPDWarn3=False ; default is TRUE.
-
-
- A future version of VWPD will allow turning off more warnings, but
- will use a smart system to detect a virus attack.
-
- If Warn3 is off, then Warning level 2 is on. When you type the
- DOS "VER" command, the message displayed will tell you whether the
- warning level is /W3 or /W2. The "VER" command can be used whenever
- you are in a DOS box and at the command line prompt.
-
-
- TESTING: ---------------------------------------------------------------
- A program to test and demonstrate the functionality of VWPD will be
- included in a future release.
-
-
-
- In the meantime, here are some suggested tests that YOU can perform.
-
- Format a floppy disk. Should work ok. Use Windows Format in File Manager.
-
- Copy some files to and from the floppy disk. Should work ok.
-
- Attempt to change the time. Time or Date will display. Cannot change.
- Use Control Panel, to change.
-
- Run Debug. Should give a warning.
- Use the Mem command in DOS 5.0. Should give a warning.
-
-
- Try the DOS commands that have been disabled or modified under
- Windows 386 enhanced mode. Such as: DATE, TIME, JOIN, FDISK, FORMAT, etc.
-
-
- Try the new DOS box command: VWPD.
-
- Use the Norton or PC Tools utilities to change a byte on the disk.
- DON'T try this unless you know what you are doing.
-
-
-
-
- WARNINGS !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-
- FORMATTING of floppies should ONLY be done by File Manager.
- DOS formatters run from a DOS BOX will not work correctly.
- DOS Format is disabled.
-
- DO NOT use VWPD with the high performance file system (HPFS)!
- Has not been tested for the HPFS and it may not work correctly.
-
- An attempt to do so is supposed to result in an explicit warning
- message and Windows will return to the DOS prompt.
-
-
-
-
- ISSUES not properly addressed in this version --------------------------
-
- 1. Protected mode versus real mode operations have not been completely
- resolved.
-
- 2. Consistent information messages appropriate to the level of protection
- needed.
-
- 3. How much more checking to do and what impact it will have on performance.
-
- 4. NMI masking on port 70hex.
-
- 5. DOS commands changed or disabled, do not check for options (CHKDSK /f).
-
-
- PC Magazine AnitVirus Software Review, Oct 29, 1991 p.199
- -------------------------------------------------------------------------
-
- Features Provided by VWPD:
-
- Monitors DOS interrupts
- Protects COMMAND.COM & other .COM files
- Protect Boot Sectors
- Protects Hidden System files
- Protects Partition Table
- Protects .SYS & .EXE files
- Protects CMOS
- Detects on demand
- Uses write traps
- Uses read traps
-
-
-
- FEEDBACK: --------------------------------------------------------------
-
- Feedback and comments are welcome.
-
- Mike Maurice
-
- 503-355-2281
- CIS 71171,47
-
-