Viral Proof Hard Drive? An idea I had while I was cleaning my infected computer :

[tgp1994 0]

Hey everyone.While I was sitting here cleaning my infected computer and browsing Xisto on another, an idea came to me: what if the original operating system install could store its most valuable and critical operating files on a memory chip of the hard drive (regardless to whether it was a platter or SSD drive), then after installing the OS, the user could move a jumper to set that portion of the memory to read-only?One reason that's a nearly foolproof method for preventing the files from being written over with a virus is because that portion is read only! And the only way to change that would be to move a two pin jumper on the hard drive, which fortunately, viruses can't do yet Also, loading the operating system would be very fast for the first part, due to it being on a memory chip (again, regardless of whether it was a platter or SSD drive). Then, suppose you want to make a dual boot or n-boot drive, manufacturers could begin making drives with expanded "os-space" chips, allowing you install the os alongside. Of course, you'd have to trust that OS that it wouldn't install a virus of its own.What do you guys think?

[yordan 10]

That's exactly what you have when you boot off a liveCD.Except the "fast boot" thing, booting off a Linux or Windows LiveCD makes you boot a clean, virus-proof Operating system.And if you try using this, first of all everything is perfect : no virus can install things, if you read an infected mail it has no effect... So, you will see that evrything works correctly, but... you will start to continuously want to add things, add plugins, add software .... Which will be refused.And you will rush back to a standard read/write operating system disk!

[tgp1994 0]

That's exactly what you have when you boot off a liveCD.Except the "fast boot" thing, booting off a Linux or Windows LiveCD makes you boot a clean, virus-proof Operating system.
And if you try using this, first of all everything is perfect : no virus can install things, if you read an infected mail it has no effect... So, you will see that evrything works correctly, but... you will start to continuously want to add things, add plugins, add software .... Which will be refused.
And you will rush back to a standard read/write operating system disk!

That still didn't make much sense.

Why would you want to use a LiveCD as a mainstream operating system?

[yordan 10]

That still didn't make much sense.Why would you want to use a LiveCD as a mainstream operating system?

Precisely in order to test what you are talking about : it's a

foolproof method for preventing the files from being written over with a virus is because that portion is read only

Just use it and you will see what this means having an operating system which does not accept files to be writteN.

[tgp1994 0]

Just use it and you will see what this means having an operating system which does not accept files to be writteN.

Umm, ya... that's my point. Having a drive like the one I suggested would sort of be like that.

[yordan 10]

Umm, ya... that's my point. Having a drive like the one I suggested would sort of be like that.

It would be like that. And that's why I suggest using a LiveCD, because you will see that this way of working will start making you crazy, preventing you to write to the system disk each time a software wants to install something.

[tgp1994 0]

It would be like that. And that's why I suggest using a LiveCD, because you will see that this way of working will start making you crazy, preventing you to write to the system disk each time a software wants to install something.

I think I might have really mistated something, I apologize.

 

What I meant originally was for the hard drive to only keep the core operating system files in a read only portion, while the rest of the hard drive is standard read and write.

[LikMeBalleFM 0]

But still installing software would recuire the OS portion to be "read and write".I think that's what everybody else ment.

[tgp1994 0]

But still installing software would recuire the OS portion to be "read and write".I think that's what everybody else ment.

Installing software shouldn't require that the base OS files be written over.

[yordan 10]

installing a software changes a lot of files inside the base OS. At least the startup configuration files, the list of the programs to be launched at system startup, a lot of items inside the registry, and so on.

[tgp1994 0]

installing a software changes a lot of files inside the base OS. At least the startup configuration files, the list of the programs to be launched at system startup, a lot of items inside the registry, and so on.

I wasn't planning on the registry being read only, although you strike a good point with the startup configuration files.

I think I may have been going in the wrong direction with this idea. Perhaps only security related programs could be stored on the read only portion? They would monitor the system for suspicious activity, meanwhile not getting overwritten themselves.

[yordan 10]

By the way, the idea is correct.And some Unix systems use it.You can create a restricted shell unix user, who simply cannot write things in the system disks.Another example, AIX, a proprietary Unix systems, has all the binary files in /usr, a filesystem in which you should not write anything. So you can easily make /usr a read-only filesystem, so the integrity of the Operatint System is always respected.Unfortunately, Microsoft Windows does not think the job that way.

[tgp1994 0]

By the way, the idea is correct.

And some Unix systems use it.

You can create a restricted shell unix user, who simply cannot write things in the system disks.

Another example, AIX, a proprietary Unix systems, has all the binary files in /usr, a filesystem in which you should not write anything. So you can easily make /usr a read-only filesystem, so the integrity of the Operatint System is always respected.

Unfortunately, Microsoft Windows does not think the job that way.

Ah, I think that's what Microsoft Vista was trying to accomplish, by creating heavily restricted users.

[tansqrx 0]

Interesting idea but I think you are missing some practical problems. I will assume a Microsoft Windows model since I believe that’s what the original post was alluding to.I will agree that the core system files could be protected by setting them to read only. This would have to be a hardware read only switch such as the jumper pin you described because anything that can be accessed by software could also be accessed by malware. Having a super secure software implementation solution doesn’t work because history has shown that if the target is high value enough, it will be broken. But now I ask how you will update Windows on the second and fourth Tuesday of every month. You will have to: 1. shut down the computer2. open the case3. set the jumper4. start Windows again5. apply the update6. Shut down the computer a second time7. Set the jumper to read only again8. Close the case9. Start Windows a second timeThis would get tedious for me as a power user really quick and the average user would just laugh and never enable the read only jumper. Good idea but the nine point process makes this impractical.This would work well against the malware that replaces core Windows files to hide itself. But most malware doesn’t touch the core files, they just use them. Using a file such as a DLL can be done in read only mode or not. Most of the malware usually lives in the user profile area, specifically the temp folders or the browser cache folder. Occasionally it will install itself in the Program Files directory.Setting sensitive areas to read only will deter certain types of attacks but you still have plenty of malware that never even rely on privileged Windows files. The trade off for 1% extra security isn’t worth it.

[tgp1994 0]

Interesting idea but I think you are missing some practical problems. I will assume a Microsoft Windows model since I believe thatâs what the original post was alluding to.
I will agree that the core system files could be protected by setting them to read only. This would have to be a hardware read only switch such as the jumper pin you described because anything that can be accessed by software could also be accessed by malware. Having a super secure software implementation solution doesnât work because history has shown that if the target is high value enough, it will be broken. But now I ask how you will update Windows on the second and fourth Tuesday of every month. You will have to:
1. shut down the computer
2. open the case
3. set the jumper
4. start Windows again
5. apply the update
6. Shut down the computer a second time
7. Set the jumper to read only again
8. Close the case
9. Start Windows a second time

This would get tedious for me as a power user really quick and the average user would just laugh and never enable the read only jumper. Good idea but the nine point process makes this impractical.

This would work well against the malware that replaces core Windows files to hide itself. But most malware doesnât touch the core files, they just use them. Using a file such as a DLL can be done in read only mode or not. Most of the malware usually lives in the user profile area, specifically the temp folders or the browser cache folder. Occasionally it will install itself in the Program Files directory.

Setting sensitive areas to read only will deter certain types of attacks but you still have plenty of malware that never even rely on privileged Windows files. The trade off for 1% extra security isnât worth it.

Ya, true... I'm sure there must be some sort of application for this idea. I.E security software?