home *** CD-ROM | disk | FTP | other *** search
- Section 4: Operation
-
- Operation of SafeWord Virus-Safe is very simple. Generally, it is best to
- leave the program in Learn mode so it will continuously adapt to your
- operating habits. Learn mode is automatically activated unless you
- specifically disable it.
-
- Once it learns how you want programs examined, examination will take place
- automatically, without alerting you unless it detects changes.
-
- Routine activities
-
- Most SafeWord Virus-Safe activities are absolutely routine in nature, and
- that's good news. Under normal circumstances, when your system is running
- smoothly, you won't be interrupted by a lot of meaningless activity from
- SafeWord Virus-Safe. The program can be invoked in two ways, leading up to
- three distinct activities, as described in the following three subsections.
-
- Batch Mode when SWVSafe is first loaded
-
- As soon as SWVSAFE.COM begins running, it consults the checklist for the
- names of any files that are marked for examination at load time. Typically,
- this would include the files that make up DOS, the files that make up
- SafeWord Virus-Safe, and any critical data (non-program) files that you
- specifically describe using SWVEDIT. Depending on the number of files
- marked and the methods and frequency of examination you choose, this may
- require as long as several minutes, or as little as one second. You
- determine the amount of time that will be dedicated to this load-time
- examination by setting up or modifying the checklist, using the SWVEDIT
- program.
-
- Continuous checkups as you work
-
- Once SWVSAFE completes all load-time checkups described in the checklist, it
- gives control back to you and DOS. From that moment on, it is quietly
- sleeping in the background. It wakes up briefly every time you execute a
- new program. If the name of the program you run is contained in the
- checklist, then SWVSAFE takes whatever action you have specified. If the
- name is not in the checklist, you'll be asked how to proceed unless you've
- turned off learn mode. Your instructions are stored in the checklist so you
- won't have to provide this information again.
-
- When SafeWord Virus-Safe is first installed, the checklist is empty except
- for a few default entries describing the basic files of DOS. As it is used
- in "learn"mode, SafeWord Virus-Safe automatically builds a list of programs
- and the way each is to be examined for viral contamination. Each time you
- execute a program it looks in the checklist to see if and how the program
- should be checked. If the program is not listed in the checklist, a window
- appears on your display, and you are asked a series of questions to
- determine if you want this new program checked, when (either at boot time or
- when the file is executed), how often, and how comprehensively.
-
- Using these techniques, SafeWord Virus-Safe quietly stays active in the
- background, invisibly verifying the digital signatures of all of your
- programs as you use them, and establishing initial signatures on all of your
- programs the first time each is used. As long as these programs are not
- modified or attacked, no alarms are generated. Should a program change, the
- user must determine if there is a good reason why the program should have
- changed. If so, the user can tell SafeWord Virus-Safe to accept the
- current, newly changed status of the program and erase all record of the
- previous configuration. If not, SafeWord Virus-Safe's alert that the
- program has been changed should be interpreted as an indication of
- unauthorized tampering, dangerous error condition, or viral pollution.
-
- Periodic Offline checkups from a sterile DOS diskette
-
- Anytime you want, you can bootstrap your computer from your SafeWord Virus-
- Safe sterile kernel diskette. The checklist file on this diskette should
- contain the names of any programs that are critical to the security of your
- computer, including your hard disk-resident DOS files and SafeWord Virus-
- Safe files. As long as these critical programs on your hard disk remain
- unmodified, you'll receive no alerts from SafeWord Virus-Safe, and you can
- have confidence that your system has not become corrupted since SafeWord
- Virus-Safe was installed.
-
- When SafeWord Virus-Safe alerts you to file changes
-
- Whenever SafeWord Virus-Safe examines a program or data file and determines
- that it has changed, it alerts you. This is done by opening a window on top
- of the display you are viewing. It explains that the file has changed, and
- asks you a series of simple questions in order to determine what, if
- anything, you want to do about the detected change. You have three choices,
- as described in the following subsections.
-
- Choice 1: Ignoring the alert
-
- If you follow the prompts offering you the option to continue the load, you
- can postpone the need to make any kind of decision. SafeWord Virus-Safe
- will allow you to use the changed program, but it will continue to remind
- you about the fact that it has been changed until you take one of the other
- two choices on some future occasion. Your choice is recorded in the
- SafeWord Virus-Safe audit trail file where it will be helpful to a virus
- removal expert should it be necessary to take further aggressive steps.
-
- Choice 2: Authorize the file change (end the alert)
-
- If you follow the prompts offering you the option to update the file's
- signature, SafeWord Virus-Safe will calculate a new authentication signature
- on the file and update its records accordingly. This will cause SafeWord
- Virus-Safe to accept the new file as authorized, and will stop warning you
- about the file change. This option should be selected whenever you know of
- a valid reason for changes in the file. Your choice is recorded in the audit
- trail file, helping you maintain a reliable record of changes to the
- software in your system.
-
- Choice 3: Abort usage of a contaminated program or file
-
- The prompts also give you the option of aborting the attempt to execute the
- changed program. If you are unsure about why the program has changed, this
- is the safest option to choose. If the program has been contaminated due to
- viral attack, trojan horse, or malevolent manipulation, now is the time for
- you to investigate and replace it. We suggest you locate your original
- backup copy of the changed file and restore the changed file with the
- original. This should cause further alerts to cease.
-
- The Audit Trail
-
- SafeWord Virus-Safe records a brief summary of all of its significant
- activities in a file called SWVAUDIT.TRL. This file may be displayed,
- copied, and/or printed whenever it is desired. It is normally marked as
- Read Only to prevent accidental deletion. If you wish to delete or edit the
- file, you will have to temporarily remove DOS's read-only status with the
- DOS ATTRIB command or a disk management utility, such as the Norton
- Utilities. SafeWord Virus-Safe will automatically create a new audit trail
- file if you delete the current one.
-
-
-
-
-
-
-
-
-