Description

This article is from the Computer Viruses FAQ, by Nick FitzGerald n.fitzgerald@csc.canterbury.ac.nz with numerous contributions by others.

41 What can be done with hardware protection? (Computer virus)

Hardware protection can accomplish various things, including: write
protection for hard disk drives, memory protection, monitoring and
trapping unauthorized system calls, etc. Again, no single tool will be
foolproof and the "stronger" hardware-based protection is, the more
likely it will interfere with the "normal" operation of your computer.

The popular idea of write-protection (see D3) may stop viruses
*spreading* to the disk that is protected, but doesn't, in itself,
prevent a virus from *running*.

Also, some existing hardware protection schemes can be easily bypassed,
fooled, or disconnected, if the virus writer knows them well and designs
a virus that is aware of the particular defense.

The big problem with hardware protection is that there are few (if any)
operations that a general-purpose computer can perform that are used by
viruses *only*. Therefore, making a hardware protection system for such
a computer typically involves deciding on some (small) set of operations
that are "valid but not normally performed except by viruses", and
designing the system to prevent these operations. Unfortunately, this
means either designing limitations into the level of protection the
hardware system provides or adding limitations to the computer's
functionality by installing the hardware protection system. Much can be
achieved, however, by making the hardware "smarter". This is double-
edged: while it provides more security, it usually means adding a
program in an EPROM to control it. This allows a virus to locate the
program and to call it directly after the point that allows access. It
is still possible to implement this correctly though--if this program is
not in the address space of the main CPU, has its own CPU and is
connected directly to the hard disk and the keyboard. As an example,
there is a PC-based product called ExVira which does this and seems
fairly secure, but it is a whole computer on an add-on board and is
quite expensive.

Continue to:

• prev: 40 Is it possible to write-protect the hard disk with software only?
• Index
• next: 42 Does setting a file's attributes to READ ONLY protect it from viruses?