home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
JCSM Shareware Collection 1996 September
/
JCSM Shareware Collection (JCS Distribution) (September 1996).ISO
/
uother__
/
guardian.zip
/
GUARDIAN.EXE
/
USER.DOC
< prev
Wrap
Text File
|
1993-10-07
|
31KB
|
628 lines
This document parallels the priinted manul which was published when
Version 1.5 was released. Since then, numerous changes have occurred
as new versions have been released.
Please read the UPDATE.TXT file for information on the more current
versions.
T H E G U A R D I A N
Version 1.50
A disk security system for
IBM PC's and compatibles
R E F E R E N C E G U I D E
TABLE OF CONTENTS
Topic Page
_______________________________________________________________
License Agreement......................2
Introduction...........................4
Getting Started
Installing The Guardian............6
Chapter 1
General............................8
Chapter 2
Logging on to a System.............9
Chapter 3
Locking/Unlocking a Disk..........11
Chapter 4
Changing Configuration Parameters.15
Chapter 5
Helpful Hints/Suggestions.........17
2
_______________________________________________________________
LICENSE AGREEMENT
This product is licensed to you for your personal use or for use in your
business or profession. It is copyrighted by Marcor Enterprises,
Indianapolis, Indiana which retains ownership and all rights to all
materials associated with it. Marcor Enterprises grants you the right to
reproduce, distribute and use copies of this software product, subject to
the limitations specified below, and on the express condition that you do
not receive any payment, commercial benefit, or other consideration for
such reproduction or distribution (except for covering your own costs), or
change this license agreement or the copyright notices which appear in the
software, documentation, and magnetic media.
Limitations
You may make and keep one (1) back-up copy of the software for your
personal use, provided that (i) you copy all the copyright, trademark, and
other information included with this product onto your backup diskette, and
(ii) you are a registered user of this product. Also you may distribute
copies to other persons, but solely for their evaluation (i.e., to decide
whether to continue using the product and therefore register), and provided
that you include all copyright notices and material included in the
original package.
THIS PRODUCT IS LICENSED "AS IS" WITHOUT WARRANTY OF ANY KIND AS TO
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, PERFORMANCE, OR
OTHERWISE. ALL WARRANTIES ARE EXPRESSLY DISCLAIMED. BY USING THIS PRODUCT,
YOU AGREE THAT NEITHER MARCOR ENTERPRISES NOR ANY OFFICERS, DIRECTORS,
EMPLOYEES, SHAREHOLDERS, AFFILIATES, OWNERS, OR OTHER RELATED PARTIES WILL
BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY USE OF OR INABILITY TO USE OR
PERFORMANCE OF THIS PRODUCT, OR FOR ANY DAMAGES WHATSOEVER WHETHER BASED ON
CONTRACT, TORT OR OTHERWISE, EVEN IF WE ARE NOTIFIED OF SUCH POSSIBILITY IN
ADVANCE. (SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF
INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE FOREGOING LIMITATION MAY NOT
APPLY TO YOU.) APPLY TO YOU.)
You may not reverse-engineer, disassemble, modify, decompile or create
derivative works of this product. You acknowledge that this product
includes certain trade secrets and confidential information, all of which
is the copyrighted intellectual property of Marcor Enterprises. All rights
are reserved.
This product must not be sold or otherwise provided as part of a larger
system, or as a part of a more inclusive product or service, without
express written consent and licensing from Marcor Enterprises. The rights
to receive any such financial or other benefit, and to modify the product
3
_______________________________________________________________
or employ its components in any kind of derivative work, are reserved
exclusively by Marcor Enterprises.
This license and your right to use this product is terminated if you fail
to comply with any of the terms or conditions of this license agreement.
Marcor Enterprises
8857 Commerce Park Place
Suite D
Indianapolis, Indiana 46268
(317) 876-9376
Copyright (C) 1989-90, Marcor Enterprises
IBM and IBM PC are registered trademarks of IBM Corporation.
4
_______________________________________________________________
INTRODUCTION
The Guardian is a security system designed to protect an entire disk
(either a hard disk or a floppy disk) against unauthorized use. Individual
files on a disk may or may not be protected by a password mechanism or an
encryption routine. The Guardian uses an algorithm that logically "locks" a
disk so that no files, programs, or directories on the disk may be accessed
regardless of whether they are otherwise secured. The system consists of
two programs: TG.EXE is a program which displays a log-on menu and would
normally be the very first entry in an AUTOEXEC.BAT file and thus the very
first thing that happens when a computer is turned on; TGM.EXE is the main
system support program that provides the ability, among other things, to
unlock a previously locked disk. A spare copy of this program should be
kept on a separate disk from the log-on program because, if it exists only
on the same disk, and the disk gets locked, this program could not be
executed, and you would not be able to unlock the disk. If this happened,
the only way you could use the disk would be to re-format it which would
destroy all data on it. This program also provides the facility for
intentionally locking any selected disk, for selecting different color
combinations, and for changing installation parameters such as passwords.
When a disk is locked by The Guardian, the files on that disk are not
physically altered. What is altered, is the information that tells DOS
where those files are. Once a disk has been locked, under no circumstances
should you try to add any files to the disk or try to rebuild the files
from the raw data recorded in various locations on the disk. Such attempts
could result in the permanent loss of the files that were on the disk
before it was locked.
5
_______________________________________________________________
Anti-Virus Guard
The Guardian has a special feature which detects the possible presence of a
computer virus. Every time you start either of the programs it performs
this check if you have started the program from the drive and directory
where the program resides. If you start it from a different directory
(such as from the root directory and execute the program by entering
GUARDIAN\TGM), the check is not performed. If everything appears to be in
order, a small checkmark is displayed in the lower left corner of the main
menu. If something is wrong, a small "x" will flash at that location.
Should this happen, you should compare the program size and date/time
stamps with the original program on the distribution disk. You should be
able to correct the situation by replacing the suspect program with the
original.
6
_______________________________________________________________
GETTING STARTED
Installing The Guardian
1. Place the distribution disk in Drive A. Set the current or default
drive and directory to where you want to install the system. (For
example C:) If you want to install it in a new sub-directory called
SECURE for example, you can create that sub-directory by entering MD
SECURE; then make that directory the current directory by entering CD
SECURE (or whatever name you have chosen).
Enter COPY A:*.* and press Enter to copy the programs to that
directory. Your distribution disk may have one or more self-extracting
compressed files on it. If it does, it will be explained in a
README.BAT file. If this is the case, you should now execute those
files to extract the appropriate files and/or programs.
2. Now copy the program, TGM.EXE, to a floppy disk using either the
distribution disk as a source or the copy you just made in step 1.
Store this disk in a safe place. This is a very important step. If
you don't do this and the disk containing TG.EXE and TGM.EXE gets
locked, you will not be able to unlock the disk.
3. Add the command TG to your AUTOEXEC.BAT file. This should be the first
entry in the file so that the log-on menu is the first thing that
happens. You can use any text editor or the program EDLIN which is
supplied with DOS and is described in the DOS reference manual. If you
need to create a new file, you could also enter COPY CON: AUTOEXEC.BAT.
Again, refer to your DOS reference manual if you're not familiar with
this procedure.
4. Note: In its operation, The Guardian uses a file called !!!.### which
is stored in the root directory of your disk. Make sure you don't
already have a file with this name before running The Guardian.
TECHNICAL NOTES
The Guardian operates on IBM personal computers and on IBM compatible
computers. It requires DOS vers 2.1 or later, 256K of memory. A hard disk
is recommended.
The first time a disk is locked, certain control information is stored in
the root directory of that disk. If the root directory is full, The
Guardian cannot lock the disk. Normally this should not be a problem
because most hard disks can have at least 512 entries in the root directory
and the root directory is almost never full. If this should happen,
7
_______________________________________________________________
however, you should create one or more sub-directories and move some of
those files to those sub-directories.
8
_______________________________________________________________
Chapter 1
General
The Guardian uses multiple passwords for granting access to a disk. There
can be up to six different passwords, any one of which will be accepted as
a valid authorization. The first password is considered a master password
and has special authority as described later in this manual. The password
file as originally distributed has only one password assigned - the master
password - and its value is "guardian". Note that all passwords are case
sensitive. That is, "guardian", "Guardian", and "GUARDIAN" are all
considered different passwords. Passwords and other configuration
parameters are stored in the current directory of the drive where the
programs are located (the current drive). Normally this would be the same
directory as where the programs are located. If that information is
missing, The Guardian will create a new file and assign default information
- including a master password of "guardian". It will also display a
warning message that this has happened. This, in and of itself, is not
necessarily an error, but constitutes a warning to you that all
installation parameters have been reset to default values.
While the Master Menu is being displayed, you can press Alt-V and a special
screen will be displayed which shows the current version of The Guardian as
well its serial number. Pressing any key will return you to the Master
Menu. If, for any reason, you need to contact us for assistance, you
should have this information available.
9
_______________________________________________________________
Chapter 2
Logging on to a System
When program TG.EXE is run, it displays a log-on menu and asks for a valid
authorization (password). Any one of the six possible passwords will be
accepted and the program simply exits to DOS. As the characters of a
password are entered, the system displays a blank block character to show
how many characters have been entered, but not the characters themselves.
If a wrong password is entered, the computer's speaker is sounded, the
entry is erased, and you are asked to try again. The program will provide
three opportunities to enter a correct password. If a correct entry is not
entered by the third try, the program will automatically lock the disk and
sound a warning siren for 10 seconds along with a warning message that the
authorizations entered were invalid. At this point all files are locked
and the keyboard is disabled. The only thing you can do is reset (re-boot)
the computer or turn it off.
Caution: The disk that is locked is the disk of the current drive, not
necessarily the disk where the program is located. For example, if the
prompt on the screen is C:\> and you enter D:\SECURE\TG (assuming the
program TG.EXE is in fact in a sub-directory called SECURE on drive D:),
then disk C: will be locked, not drive D:. (Note: Earlier versions of DOS
won't allow you to execute a program this way.) Be very careful that you
set up your operating configuration so that you don't risk locking the
wrong disk. (Note: In this example, The Guardian would look for it's
control information in the current (root) directory of drive C:. If it
weren't there, the program would display a warning message and create a new
file with default values - including a master password of "guardian".)
When the disk is locked, The Guardian looks for files in the root directory
ending with the extension .COM or .SYS. If it finds them, they are left
intact. This way, you can still use this disk for starting up DOS. Also,
if it finds its own main program, TGM.EXE, in the root directory, it, along
with its master configuration file, GUARDIAN.MRE, are left intact.
However, all these files are marked hidden, read-only until the disk is
unlocked. While the disk is locked, you cannot make any changes to the
installation configuration parameters - like passwords. Read the section,
Locking a Disk, in Chapter 3 for some cautions about having your system set
up this way.
10
_______________________________________________________________
Chapter 3
Locking/Unlocking a Disk
Master Menu
To intentionally lock a disk or unlock a previously locked disk, invoke the
Master Menu by executing program TGM.EXE. You can either use the cursor
keys to highlight the desired option and press Enter, or you can simply
press the first letter of the option you want. To return to DOS, simply
press Escape and then press "Y" or Enter in response to the question
"Return to DOS?". If you press "N" or Escape, you are returned to the
Master Menu.
Locking a Disk
When the Lock Disk Menu is displayed on the screen, enter the drive letter
of the disk you want to lock and press Enter. The program will then ask
you for authorization. Any of the six available passwords will be
accepted. Remember, if you lock the disk on which The Guardian resides,
you may have to use a spare copy of TGM.EXE on a different disk to unlock
it. Always keep a spare copy of The Guardian in a separate and secure
place.
As explained in Chapter 2, any files in the root directory which have an
extension .COM or .SYS are not locked, although they are marked hidden,
read-only. This also applies to the main Guardian program, TGM.EXE, and
the master configuration file, GUARDIAN.MRE. This way, if your hard drive
(e.g. "C") is locked, it is still possible to "boot" the computer, even
though all other files are inaccessible. If you keep TGM.EXE in the root
directory, you will be able to use it to unlock the disk; if it is in a
sub-directory on this disk, you cannot get to it and must use a spare copy
of the program on another disk. Do not attempt to change any configuration
parameters, such as passwords, while the disk is locked - the program won't
allow it.
As with most security procedures, it's easy to find yourself facing
conflicting objectives. Making a system as easy as possible to use
increases the possibility of reducing the security protection. For example
if you put the program, TGM.EXE, in the root directory, it makes it easier
for you to unlock your disk, but it also gives access to the program to
anyone who knows it's there. Even though the control information is
encrypted, anybody can run the program and try indefinitely to find the
correct password to unlock the disk. Keeping the program in a sub-
directory and on a separate disk adds another step to the unlocking
process, but also increases the security. By having The Guardian not lock
this program file if it's in the root directory, you have the choice of
11
_______________________________________________________________
which way you want to operate - easier use of the system or greater
protection.
After the disk has been locked, an "unlocked" file is placed on the disk
called READTHIS.MRE. You can use the DOS TYPE command to display this
file. It contains a message that the disk has been locked by The Guardian,
and that you should not attempt to add or delete any files on the disk.
When the disk is unlocked, this file is removed.
Unlocking a Disk
When a disk is locked, certain information is recorded which The Guardian
uses for unlocking the disk at a later time. Included in this information
is the master password and, if the disk was locked intentionally, the
password that was used to authorize that locking action. The only way to
unlock a disk is to know the master password or the authorization password
that was in effect at the time the disk was locked. If the current master
password is different from the master password that was in effect when the
disk was locked, the current master password will not work.
When you select the Unlock Disk option, the system asks you first for the
drive letter of the disk to be unlocked and then for the proper
authorization. If the disk was locked as a result of a failed log-on
attempt, the only way to unlock it is to enter the master password that was
in effect when it was locked. If it was locked intentionally, then either
the master password or the password used to authorize the locking action
can be entered. No other passwords are accepted. You are given three
opportunities to enter the correct password. If the correct password is
not entered by the third try, you are returned to the Master Menu.
If, while a disk is locked, someone alters the disk contents, such as
adding a new file, The Guardian will find inconsistencies when it tries to
unlock the disk. If this happens it will display a message that it can not
recover the file it is working on and asks you to either press Enter to
continue or Esc to abandon the unlock attempt. Generally you should press
Enter in order to recover, or unlock, as many files as possible. If you
press Esc, the system abandons its attempt to unlock the disk and returns
you to the main menu. However, the control information about the locked
disk is kept intact so that subsequent unlocking attempts are possible.
While this condition exists, it is impossible to lock the disk again,
because The Guardian will tell you the disk is already locked - at least
part of it is since it has never been completely unlocked. Also, while the
disk is in this condition, the space occupied by the files that could not
be rebuilt and all space occupied by any files in sub-directories cannot be
used. At this point, it is entirely possible that you have irretrievably
lost all those files. If you have access to someone who has expert
knowledge in internal DOS file management, it may be possible to fully
recover the data. The only way to be able to completely unlock the disk is
to get the DOS file directory back in exactly the same condition it was in
immediately after the disk was locked - which is not very probable. If you
12
_______________________________________________________________
have registered your copy of The Guardian, you can call Marcor Enterprises
for telephone assistance.
If the file that can not be recovered has a "?" in the first position of
the file name, the system is trying to recover the information about an
erased file. (When a file is erased or deleted, DOS merely "marks" the
file as having been erased, but doesn't actually erase any data. That is
why there are utility programs available which allow you to "unerase"
files. However don't ever try to "unerase" a file on a disk that has been
locked by The Guardian because it won't work.) In this case of not being
able to recover the control information about an erased file, you probably
have not lost anything other than the ability to ever "unerase" that file,
and can continue with the unlock process.
13
_______________________________________________________________
Chapter 4
Changing Configuration Parameters
Selecting Colors
This menu shows three lines which represent "normal" and "highlighted"
foreground and background color selection and "emphasized" color selection.
The Guardian uses "normal" foreground and background colors for routine
text and "highlighted" colors for pointing to current selections and for
showing pending changes to data. It uses "emphasized" color when certain
additional information is displayed. With the highlight bar on a given
line, use function keys F3 and F4 to select foreground and background
colors respectively for the color type listed on that line. (Note,
however, you cannot assign a separate background color on the "emphasized"
line.) F2 is used to switch between color and monochrome. In monochrome
mode, the color keys select different combinations of white, bright white,
and black. F9 selects border colors.
Function key F10 displays a window with its respective colors. Use the
same keys as described above to select the various window colors. Press
either Enter or F10 to close the window. If you have made changes to the
window colors, pressing Escape will cancel those changes and then close the
window.
If you press Escape while the window is closed (not being displayed), then
all the colors will be reset to what they were when you first selected this
menu. If you press Escape again, you will be returned to the Selection
Menu. When you have made changes and are ready to accept them, press the
Enter key. You will then be asked to confirm the changes before being
returned to the Master Menu.
Changing Parameters
This section allows you to set up or change the installation name that is
displayed on the sign-on menu. As soon as any letter is pressed, the
entire line is highlighted to indicate a pending change. When you have
made the changes you want, press Enter and the new contents of the line are
accepted. If you wish to cancel the changes while the line is highlighted,
simply press Escape and the line is restored to its original value.
On this screen you also have the opportunity to review and change
passwords. You can Add, Change, Remove, and View passwords. To select an
option, press the first letter of the desired action, A, C, R, and V.
There can be up to six passwords, and each password can have up to eight
characters. The first password is also considered the master password and
is the password that is required to view all of the others. Naturally, in
order to change or remove any password, you must first know the password to
14
_______________________________________________________________
be changed or deleted. Passwords are case sensitive; that is, "PWD",
"Pwd", and "pwd" are all considered different passwords. Spaces can be
part of a password, but a password should not end in spaces; when The
Guardian scans or changes passwords, it strips off trailing blanks.
As previously explained, when a disk is locked, information that is
recorded about the locked disk includes the current master password. This
password can always be used to unlock a locked disk, so, while it is
important to protect all passwords, extra care must be taken to properly
protect the master password. When this system is first installed, there is
one password, the master password, already assigned, and it's value is
"guardian". We recommend that, after installing the system, one of the
first things you do is to re-assign your own master password. Make a
record of that password and store it in a safe place.
15
_______________________________________________________________
Chapter 5
Helpful Hints/Suggestions
As pointed out in the section called Technical Notes in the front of this
manual, The Guardian records certain control information in the root
directory when it locks a disk. If the root directory is full, The
Guardian cannot lock the disk.
All disks have a finite limit on the number of files that can reside in the
root directory, even though it is a large number (such as 512 for many hard
disks). It was the introduction of sub-directories in DOS 2.0 that
effectively removed the limit on the total number of files on a disk, but
that limit still exists as far as the root directory is concerned. If the
root directory of your disk is full, or even close to being full, you
should create sub-directories and move most of those files to those sub-
directories. It is nearly impossible to effectively manage that many files
in one place. If this situation does exist on your hard disk, it would be
well worth your time to read about directories in your DOS reference
manual. If you do this, you probably also need to read about the PATH
command and about the AUTOEXEC.BAT file in your DOS manual. When you have
enough files to make the use of sub-directories desirable, it is probably
also desirable for you to use the AUTOEXEC.BAT file and have a PATH command
in it. This can greatly simplify the operation of your computer.
There are two more reasons to minimize the number of files in your root
directory: (1) it increases the security protection of the disk when it is
locked, and (2) the lock/unlock process is faster.
16
_______________________________________________________________
Problems/Suggestions
If you encounter problems in using The Guardian or have suggestions for
improvements that you would like to see incorporated into the system,
please write Marcor Enterprises, 8857 Commerce Park Place, Suite D,
Indianapolis, IN, 46268 or call (317) 876-9376.