can be achieved with only software, using a layered approach.
1) ROM BIOS - password (access control) and selection of boot disk. (Some may consider this hardware.)
2) Boot sectors - integrity management and change detection.
3) OS programs - integrity management of existing programs, scanning of unknown programs. Requirement of authentication values for any new or transmitted software.
4) Locks that prevent writing to a fixed or floppy disk.
As each layer is added, invasion without detection becomes more
difficult. However complete protection against any possible attack
cannot be provided without dedicating the computer to pre-existing or
unique tasks. The international standardization of the world on the
IBM PC architecture is both its greatest asset and its greatest
vulnerability.
D3) Is it possible to write-protect the hard disk with only software?
The answer is no. There are several programs which claim to do that,
but *all* of them can be bypassed using only the currently known
techniques that are used by some viruses. Therefore you should
never rely on such programs *alone*, although they can be useful in
combination with other anti-viral measures.
D4) What can be done with hardware protection?
Hardware protection can accomplish various things, including: write
protection for hard disk drives, memory protection, monitoring and
trapping unauthorized system calls, etc. Again, no tool is foolproof.
The popular idea of write-protection (see D3) may stop viruses
spreading to the disk that is protected, but doesn't, in itself,
prevent a virus from running.
Also, some of the existing hardware protections can be easily
bypassed, fooled, or disconnected, if the virus writer knows them
well and designs a virus which is aware of the particular defense.
D5) Will setting DOS file attributes to READ ONLY protect them from viruses?
No. While the Read Only attribute will protect your files from a few
viruses, most simply override it, and infect normally. So, while
setting executable files to Read Only is not a bad idea, it is
certainly not a thorough protection against viruses!
D6) Will password/access control systems protect my files from viruses?
All password and other access control systems are designed to protect
the user's data from other users and/or their programs. Remember,
however, that when you execute an infected program the virus in it
will gain your current rights/privileges. Therefore, if the access
control system provides *you* the right to modify some files, it will
provide it to the virus too. Note that this does not depend on the
operating system used - DOS, Unix, or whatever. Therefore, an access
control system will protect your files from viruses no better than it
protects them from you.
Under DOS, there is no memory protection, so a virus could disable the
access control system in memory, or even patch the operating system
itself. On the more advanced operating systems (Unix) this is not
possible, so at least the protection cannot be disabled by a virus.
However it will still spread, due to the reasons noted above. In
general, the access control systems (if implemented correctly) are
able only to slow down the virus spread, not to eliminate viruses
entirely.
Of course, it's better to have access control than not to have it at
all. Just be sure not to develop a false sense of security and to
rely *entirely* on the access control system to protect you.
D7) Will the protection systems in DR DOS work against viruses?
Partially. Neither the password file/directory protection available
from DR DOS version 5 onwards, nor the secure disk partitions
introduced in DR DOS 6 are intended to combat viruses, but they do to
some extent. If you have DR DOS, it is very wise to password-protect
your files (to stop accidental damage too), but don't depend on it as
