home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
FishMarket 1.0
/
FishMarket v1.0.iso
/
fishies
/
151-175
/
disk_154
/
guardian
/
new12.doc
< prev
next >
Wrap
Text File
|
1992-05-06
|
12KB
|
245 lines
************************************************************************
* GUARDIAN v1.2 *
* Antivirus Bootstrap *
* Copyright 1988 by Leonardo Fei, via A. Fava 6, 20125 Milano, Italy *
* Distributed by Transactor (UK) Ltd, Unit2, Langdale Grove, *
* Bingham, Nottinghamshire, England, NG13 8SR *
* *
* IMPORTANT NOTE: This version is not Public Domain, nor Shareware. *
* All rights are reserved to the author. *
* Please respect this copyright notice ...Thanks! *
* *
************************************************************************
The first version of Guardian was written, on impetus, in a few days,
after I discovered that a new virus had infected most of my disks.
Guardian v1.2 has been greatly enhanced, both in terms of security and of
versatility. If you are using Kickstart 1.3 (v34.5) you will find Guardian
v1.2 very useful in helping you do things you couldn't normally do without
it.
"DANGER !!! - I can't succeed in rewriting the bootblock !"
-----------------------------------------------------------
A new feature has been added to Guardian v1.2. After the standard bootblock
has been written to the disk, the newly created bootblock is loaded into the
memory once more, and is compared with the standard one. They should match,
of course. But if they don't, this means that something serious has
happened to the trackdisk device.
-a flag
-------
This is a new v1.2 feature.
Guardian, by default, installs itself in a 'kind' way, saving the
vectors that KickTagPtr and KickMemPtr may contain, but can't
distinguish between a good and a bad boy. The new ram disk (RAMB0),
that comes on the Workbench 1.3 (v34.4) disk, for example, creates a new
entry into both of these vectors. This is a 'good boy'. The 'BYTE
BANDIT' virus, on the other hand, is a 'bad boy' (not to talk about the
impolite way it throws itself into KickTagPtr, shutting the door upon
all the others !). If you don't want the contents of these vectors to
be preserved, you can use the -a (angry) flag when launching Guardian
for the first time. This will force it to clear these vectors before
installing itself, un-mounting other programs that will be flushed
during the reset. If Guardian is already mounted and you launch it with
the -a flag, it will move its entry to the top of the list and remove
all the others from the same. Note that they won't be removed from
memory until the next reset.
Use of the -a flag is usually not required (and not advised, if you are
running something like RAMB0 device, or other programs that use the
resident modules technique to survive through the reset).
A common situation where the -a flag is required is the following one:
Guardian is not installed and you boot with a 'BYTE BANDIT' infected
disk. The virus activates itself, then the startup-sequence is executed
and Guardian launched. If you didn't use the -q flag (more about this
later), you'll get the alert about the Interrupt Vectors. Restore them.
Then launch Guardian again, this time with the -a flag, put a safe disk
into the internal drive and reset with CTRL-AMIGA-AMIGA.
-q flag
-------
A new Guardian v1.2 feature is the ability to check the interrupt
vectors table for values not standard, and the reset capture vectors to
see if they're not empty.
By default, this security operation is performed each time you launch
Guardian, but can be turned off by using the -q (quiet) flag. This
feature was implemented because these are critical points and are used
for virus operations, the first (interrupt vectors) by the 'BYTE BANDIT'
virus, the second (reset capture vectors) by the 'SCA' virus. If you
have one of these virus already in the computer when you launch Guardian,
you'll get one of the two alerts, and you'll be given the chance of
replacing the standard values into the interrupt vectors table, or of
clearing the reset capture vectors.
Usually, you can keep an eye over these vectors, to see that nothing
mess with them, by simply launching Guardian without the -q flag.
If you are running some strange program that alters some of them, you
can force Guardian to ignore the situation by using this flag.
"WARNING !!! - Reset Capture vectors are not empty !"
-----------------------------------------------------
If you are infected by the 'SCA' virus, you can safely eliminate it, by
cleaning the reset capture vectors.
"WARNING !!! - Interrupt vectors are not standard !"
----------------------------------------------------
If you are infected by the 'BYTE BANDIT' virus, you can choose to
replace the standard interrupt vectors, but you won't be necessarily
safe. This depends whether you launched Guardian with the -a flag or
not. If the -a flag was used, first you get the alert about the
IntVectors (replace them!), then Guardian clears the KickTagPtr (thus
eliminating the virus's entry), installs itself and (if launched for the
first time) reset the computer, forcing it to rebuild libraries's offset
tables. This way the virus is flushed also from the trackdisk device.
If you didn't use the -a flag, the resident entry of the virus is
preserved, and the virus can mess with the trackdisk device again. If
this happens, you should either turn off the computer and boot with a
safe disk, or launch Guardian using the -a option and then reset the
machine to flush the virus from the trackdisk device.
-k flag
-------
A new v1.2 feature, is the -k (kill) flag. If for some strange reason
(incompatibility ? not likely !) you wish to get rid of Guardian, you
can do it by using the -k flag. The resident module will be removed
from the list and its memory will be available after the next reset.
Use of the -k flag removes any Guardian version that is currently
active. If you are running with the older v1.1 and want to replace it
with the new v1.2, you need not use this flag. Just launch v1.2.
The latter will replace the first, and will discard it from memory.
Please note that you can't launch v1.1 with v1.2 already in memory,
because this will lead to a reset loop. If you run into this situation,
take out the boot disk from the internal drive, reset with CTRL-AMIGA-
AMIGA and replace the old Guardian with the new version, in all of your
disks.
Special Kickstart 1.3 (v34.5) flags
-----------------------------------
If you are running with Kickstart 1.3 (v34.5), you'll be able to use two
extra flags and four hot-keys. With Kickstart 1.3 (v34.5) you can boot,
not only from the floppy disk, but also from a hard disk and from the
new ram disk (RAMB0). But if you want to boot from the ram disk, you
have to put a not-installed floppy disk into the internal drive or take
the bootable floppy out from the drive during each boot. Guardian lets
you decide whether the bootstrap should test the presence of a bootable
floppy into the internal drive or the presence of the ram disk first.
Usually the strap module tries to boot from the floppy disk first. If
this fails, it tries to boot from ram disk, and if also this fails you
are requested to insert a disk.
-r flag
-------
If you launch Guardian with the -r flag, this order will be changed.
Bootstrap will first attempt to boot from the ram disk, then from the
floppy, and finally it will request the insertion of a disk.
-f flag
-------
You can use the -f flag to bring things back as they used to be: first
try from floppy then from ram.
Hot-keys
--------
If you selected boot from ram disk, and need to force it from the floppy
disk, there are two hot keys implemented for this purpose. As soon as
the power led stop flashing during the reset process, the screen becomes
light grey, and then white. As soon as it becomes white, you can press
the Left AMIGA key to force boot from floppy disk. If you press the
Left ALT key, the boot screen will be displayed and hold until you
release the key, and bootstrap will start from floppy disk.
If, on the contrary, you have selected boot from floppy disk and need to
force it from ram disk, press the Right AMIGA key. If you press the
Right ALT key, the boot screen will be displayed and hold, until you
release the key, and bootstrap will start from ram disk.
The Left/Right ALT keys were implemented to let you check for the
presence of the Guardian label on the boot screen.
Please note that when I say "force boot from.." I mean that the
bootstrap will try to boot FIRST from that device. If this is not
possible, it will still try to boot from the other devices available.
A final word on Kickstart 1.3 (v34.5)
-------------------------------------
I'm not sure whether this Kickstart version is going to be the final
release or not, but since it's widely spread among A1000 users, I've
tuned this Guardian version to work with it. If the official
release will be different, please return this copy, along with its
serial number, to Transactor (UK) Ltd or to the author for prompt
sending of the new Guardian version at the cost of postage only.
We will be able to fulfill this request from registered users only.
Don't forget to enclose you serial number to any communication with us.
A final word about Guardian v1.2r
---------------------------------
To give you a higher degree of safety from viruses, I created Guardian
v1.2r, which is to be installed on the Kickstart disk directly, in place
of the never-used Debug() function. This way, you won't have to care
about the first boot and things like that. If you own an Amiga 1000,
you can use Creator to modify a copy of your original Kickstart
disk. Simply launch this program and follow the instructions. Now you
can use the modified Kickstart disk in place of the original one.
You won't be able to use the -a, -k, -f, and -r flags, because they are
implemented in the startup code of Guardian v1.2, but you can still use
the hot-keys which are controlled by the bootstrap itself. If you
launch Creator to modify a Kickstart 1.3 (v34.5) disk, you'll
be asked to select default boot from Floppy or Ram disk. This selection
will be 'burned' into the Kickstart-resident Guardian code, thus it'll
be used each time you load that modified Kickstart, until you use
Creator on that disk again. I suggest you to set the default
boot from Ram disk, and to use the Left ALT/AMIGA hot-keys when you need
it to happen from floppy disk. When you are running with Guardian into
the Kickstart, you can anyway launch Guardian v1.2 in your startup-
sequences, to test the interrupt and reset capture vectors.
Guardian v1.1 was developed to work on A500/1000/2000, (v1.1r works on
A1000 only), with Kickstart release 1.2 (v33.180).
Guardian v1.2 was developed to work on A500/1000/2000, (v1.2r works on
A1000 only), with Kickstart release 1.2 (v33.180) and 1.3 (v34.5).
Please don't pirate this program. We've kept the price of this software
so low that there's really no point in pirating it. This is more a
service offered to the readers of "Transactor for the Amiga" than a
commercial program on its own. If you've got this as a pirate copy,
please don't spread it further and send 3 pounds (6 USD) to the author
or to Transactor (UK) Ltd. You'll get a disk with the last Guardian
version and a serial number to use for the next upgrade and for general
support about any problem you may have with Guardian. Thanks !
(May 19th 1988)
Leonardo Fei Transactor (UK) Ltd
via A. Fava 6 Unit 2, Langdale Grove
20125 Milano Bingham, Nottinghamshire
Italy England, NG13 8SR
BIX: LFEI