ProfitPress Mega CDROM2 Shareware Freeware (MSDOS)(1992)(Eng)

home *** CD-ROM | disk | FTP | other *** search

/ ProfitPress Mega CDROM2 …eeware (MSDOS)(1992)(Eng) / ProfitPress-MegaCDROM2.B6I / UTILITY / VIRUS / VTAC48.ZIP / README.DOC < prev next >

Wrap

Text File | 1990-11-17 | 22.5 KB | 645 lines

[[[ ]]] ------- [[[ ----- ]]] ------------------------------------------------------ [[[ ]]] VTAC: PC system security program. [[[ ]]] (C) Copyright 1990 Randolph Beck ---------- [[[ ]]] --------------------------------------------------------- [[ ]] VTAC has been developed to protect PC users, and their data from the growing threat of virus, trojan and other offensive software. Equally important: VTAC is designed to remain completely in the background, without interfering in everyday computing tasks. This system was developed for those who need to be completely sure of data integrity, and yet cannot afford to be encumbered by awkward security procedures. System administrators: Please be sure to read about registration, licensing, operating modes, and about the Alt-"F" key (page 8). TABLE OF CONTENTS -------------------------------- 1. REGISTRATION AND LICENSING 2. QUICK START-UP INSTRUCTIONS Compatibility Information Operating Modes 3. COMMAND SYNTAX 4 & 5 ALERT MESSAGES 6 & 7 ABOUT VTAC General Information memory requirements formatting disks About other disk utilities: EXEC.BAT 8. WHAT TO DO IF VTAC ALERTS in graphics mode Alt-"F" key usage: instead of <Esc> 9. TROUBLESHOOTING 10. STATUS REPORTING WITH ERRORLEVEL CODES 11. EVOLUTION OF VTAC 12. USER RESPONSE FORM (This duplicated in the file REGISTER.TXT.) REGISTRATION AND LICENSING page 1 This is a shareware product and may be copied for free --providing that it is not altered and is transferred with its documentation. I am revising the registration policy, since there has been some confusion over the old one. User registration will now be the same for private and organizational users: * The price is now $5 per user. * Registered users of VTAC or FRISK do not need to re-register to use this version. --- * Users who send $15, or more, will receive a diskette with the most recent version of VTAC and additional utilities. * You may evaluate VTAC as long as necessary before registering. Registered users are entitled to support via mail or CompuServe. (However, I may be out of town until mid-November'90.) If possible, please include a copy or printout of the user registration form which appears at the end of this listing. Randolph Beck VTAC User Registration P.O. Box 56-0487 Orlando, FL 32856-0487 CIS: 72361,753 ---------------------------------------------------------------------------- FILES ON THIS DISKETTE VTAC.COM The VTAC program README.DOC Documentation text file. README.EXE Program to display documentation. PRINTME.BAT Batch file to print documentation. REGISTER.TXT Registration form. QUICK START-UP INSTRUCTIONS page 2 VTAC can be started from the command line. Type: VTAC VTAC is set to mode 2. VTAC mode 2 protects against most unusual disk activity, while allowing normal functions to pass. There should be no perceptible change in standard disk operations. For best results, VTAC should be the last resident program loaded. Hard-disk users may start VTAC from the AUTOEXEC.BAT file. (Your MS-DOS manual will explain the AUTOEXEC.BAT file.) Please ensure that you read further to learn about special cases involving disk-utility programs. ---------------------------------------------------------------------------- COMPATIBILITY VTAC can be run easily on most PC systems, and is compatible with most PC software. It should be disabled before running TAPCIS, Earl Weaver Baseball, Jack Nicklaus's Golf, or VOPT. ---------------------------------------------------------------------------- VTAC OPERATING MODES VTAC may be set to several modes: VTAC 1: Full protection for the disk-drives and operating system. Protects against dangerous disk activity, while allowing normal disk access. Signals when loading resident programs. VTAC 2: Allows many of the disk utility programs to function that would not be permitted under mode 1. Although less strict, mode 2 does contain very effective security algorithms and is the preferred choice for most users. INACTIVE: VTAC may be disabled to allow unusual disk utility programs to function if that program is judged to be "safe". VTAC COMMAND SYNTAX page 3 The operator may use the DOS command-line to change modes. The correct syntax for all VTAC commands is: VTAC [/option] examples: VTAC /S VTAC /2 -------------------------------------------------------------------- VTAC ? Lists the available options. This command does not initialize the VTAC program. VTAC ENABLES VTAC PROTECTION Returns VTAC to mode 1 or 2 --depending upon which mode was previously set. VTAC /1 ACTIVATE MODE 1 VTAC /2 ACTIVATE MODE 2 VTAC /A REPORT THE LAST ALERT Use this after VTAC has alerted while in graphics mode. Please refer below for ERRORLEVEL codes reported. VTAC /C CLEAR LAST ALERT REPORTED BY VTAC /A VTAC /E EXEMPT RESIDENT PROGRAM This function allows VTAC to accept the presence of all recently-loaded resident programs. VTAC /F DISABLE VTAC PROTECTION Use this when a hard-disk needs to be formatted or when special disk utilities are needed that cannot be run in VTAC mode 2. VTAC /S REPORT VTAC STATUS Indicates which mode is set. Please refer below for ERRORLEVEL codes reported. General Alert Messages page 4 BOOT RECORD THREATENED A program is attempting to alter the hard-disk boot-record. COM FILE THREATENED A program has attempted to modify a .COM file. This is a suspected virus operation. DIRECT DISK WRITE ATTEMPTED Disk write operations may only be performed under the strict control of DOS. This message may appear when running certain disk utility programs that need to bypass the operating system. DISKETTE FORMAT ATTEMPTED Floppy disks can normally be formatted by the DOS format command. This message may be displayed if another program tries to format a diskette. Use the EXEC batch file to run this program if it is known to be trustworthy. EXE FILE THREATENED A program has attempted to modify an .EXE file. This is a suspected virus operation. HARD-DISK FORMAT ATTEMPTED VTAC protects against accidental formatting of hard-disks. Use the EXEC batch file if you really do want to format your hard-disk. IRREGULAR DELETE ATTEMPTED A program has tried to delete files in a manner that VTAC interprets as dangerous and unusual. PARTITION TABLE THREATENED A program is attempting to alter the hard-disk partition table. This is a dangerous operation and should occur only during setup and initialization of the hard-disk. SYS-FILE THREATENED A program is attempting to modify a system file. "The program just terminating has become resident in memory." This message is displayed to benefit users of mode 2, who may not otherwise be informed that the program becomes resident. An actual "alert-prompt" is given only when using mode 1. VTAC Mode 1 Alert Messages page 5 The following messages will only appear if VTAC mode 1 is set. READ-ONLY FILE THREATENED A program is attempting to modify a file which has been marked as READ-ONLY. RESIDENT PROGRAM INSTALLING A program is now terminating and will remain resident in memory. Although this operation will be allowed, any future disk activity may now be rejected by VTAC. Use the VTAC /E command to accept these programs after they have been loaded. (VTAC /E is required only when using mode 1.) UNEXEMPTED TSR CONFLICTS The last resident program loaded has not been accepted by VTAC using the VTAC /E command. ---------------------------------------------------------------------------- VTAC Initialization Error The following message can only appear during VTAC initialization. VTAC LOADER CHECK FAILED The VTAC.COM file has been altered in some way. This can also occur if the program's length has been changed during duplication. Use another copy of VTAC.COM. What VTAC does: page 6 VTAC will load into memory and intercept disk activity to enforce proper operating conditions. VTAC will allow: normal disk-drive file handling normal creation of data files normal copying, renaming, and erasing of files regular formatting of floppy disks VTAC will not allow: alteration of programs alteration of system files system-level disk alterations formatting of hard-disks VTAC monitors initialization of resident programs. This will alert if set to VTAC mode 1. Starting with version 4.3: A message will be displayed after the program terminates, to alert users in VTAC mode 2. ---------------------------------------------------------------------------- How much memory does VTAC.COM require? VTAC.COM will use only about five kilobytes (5k), once installed. The rest is used only while loading, and then jettisoned, after use. What happens when VTAC.COM is run more than once? The command structure for VTAC requires that you may be running VTAC.COM again, after loading -- if you wish to change operating modes. But VTAC will remain resident only when it is first loaded. It will not remain resident when it is run a second time. What about formatting diskettes and hard-disks? VTAC monitors the disk format operations very carefully. Floppy-disks may be formatted without intervention. Hard-disks can only be formatted with VTAC disabled. About other disk utilities: page 7 Many disk utilities perform unusual operations that could not be permitted by VTAC while in mode 1. These programs include some of the commercially available utility programs that are used for file recovery. VTAC mode 2 has been developed for this reason. VTAC mode 2 allows many of the disk utility programs to function that would not be permitted under mode 1. Although less strict, mode 2 uses very effective security algorithms and is the preferred choice for most users. ---------------------------------------------------------------------------- Sensitive utility programs can also be run through a batch file, which completely disables VTAC: EXEC.BAT will disable VTAC to allow a disk utility program to run then turn protection back on again. ECHO OFF VTAC /F COMMAND/C %1 %2 %3 %4 %5 %6 %7 %8 %9 VTAC Syntax: EXEC <program> [parameters] eg: EXEC FORMAT C: /S/V page 8 What should I do if VTAC alerts? VTAC will beep when recognizing dangerous activity. Unless the display is in graphics mode, the user will be prompted with a warning message: ------------------------------------------------------------------ VTAC: HARD-DISK FORMAT ATTEMPTED Press ESC to continue ------------------------------------------------------------------ 1) Check what the message means (alert messages are listed elsewhere in this manual). Determine if this alert message is common for the type of program currently running. (As explained earlier, VTAC will alert for disk utility programs that must perform non-standard disk operations --especially when using the more sensitive mode 1.) 2) Press the <Esc> key to acknowledge the warning. VTAC will abort the disk operation. With the one exception of resident program warnings, VTAC will not allow questionable activities to pass. When in mode 1, resident program loads need to be followed by the VTAC /E command. 3) Most programs will then report that the operation has failed. If you do wish to run this program then you should either: try VTAC mode 2; disable VTAC; or use the EXEC batch file. ------------------------------------------ In graphics mode: No message is displayed when the monitor is in graphics mode. VTAC will beep and the disk operation will be prevented. The user should then run VTAC /A to read the last alert message. ------------------------------------------ The Alt-"F" key combination... may be used in place of pressing <Esc> when the warning message is displayed. This will disable VTAC; ignore the warning; and allow the program to continue running unchecked. This is a temporary action; VTAC will automatically return to its previous active mode (1 or 2) when the current program terminates. This should be used ONLY after very careful consideration. THE ALT-"F" OPTION WILL NOT BE SHOWN ON THE SCREEN, in order to conceal it from untrained users. Problems / Troubleshooting page 9 Please report any major problems to the author. If VTAC does not allow floppy-disk FORMAT: Floppy-disk formatting activity is normally approved by VTAC. In the rare event that your version of FORMAT does not pass the strict screening by VTAC, you may create an EXEC batch file to format your diskettes (previously discussed). Example: EXEC FORMAT A: /S Be aware that EXEC.BAT completely deactivates VTAC. If VTAC alerts "FILE THREATENED" when downloading a file via modem: Although this is a rare circumstance, this might occur when downloading a .COM or .EXE file. This has only been known to occur with older communications programs. Select the file you wish to download; Specify a different name to your communications program; Rename the file with the original name and extension. If another resident program will not co-exist with VTAC: Ensure that VTAC is the last resident program loaded. If another resident program still causes problems with VTAC then follow these steps: Load VTAC; Disable VTAC with VTAC /F; Load the other resident program; Then run VTAC /E to re-enable and exempt the other program. ERRORLEVEL STATUS REPORTS page 10 Batch files can use the ERRORLEVEL set by the Status & Alert reports: ------------------------------------------------------------------------ Command: VTAC /S Report VTAC Status Indicates which mode is set. ERRORLEVEL returns are: 0 = not installed 1 = turned off 2 = VTAC mode 2 is set for easy operation 3 = VTAC mode 1 is set for maximum protection example: ECHO OFF VTAC /S IF ERRORLEVEL 2 ECHO VTAC IS ON ------------------------------------------------------------------------ Command: VTAC /A Report the last alert. Use this when VTAC has signaled an alert while in graphics mode. ERRORLEVEL returns are: 0 = not installed 1 = no alerts reported 2 = alert found example: ECHO OFF VTAC /A IF ERRORLEVEL 2 PAUSE VTAC /C Refer to your DOS manual for more information on ERRORLEVEL functions. The Evolution of VTAC page 11 VTAC, as a protective utility is both secure and forgiving. But there were many steps toward these two opposite goals. VTAC was initially developed as MON.COM, by Significant Digits, Inc. A simple tool for protection against viruses, trojan-horses, etc. The problem was that MON would alert for anything unusual -- and there really is a lot of unusual software out there. MON could be temporarily disabled to format a floppy-drive, but users would disable it completely after too many false alarms. MON became FRISK. FRISK was designed to be very discriminating. With further developments, mode 2 was introduced. The resident portion of FRISK was used to create a shareware edition. FRISK version 4.0 became VTAC version 4.0. VTAC contains all the elements of FRISK that could be used in a single stand-alone program. Significant Digits, Inc., a Tennessee corporation, has been dissolved due to my move to Orlando, Florida. I will continue to support all previous versions of FRISK and VTAC in Orlando. version 4.2 * Improved the self-testing procedure. version 4.3 * More improvements for TSR monitoring. While VTAC mode 2 will still not alert for TSR programs, there is now a message displayed during program termination. This allows some degree of TSR monitoring for mode 2, while keeping with mode 2's non-intrusive purpose. version 4.4 * Some internal testing code was removed. version 4.5 * A new alert message, "UNEXEMPTED TSR CONFLICTS", was added. This message appears when an alert may have been caused by a conflict with a resident program. This is intended to remind the user that TSR's should be "exempted" after loading. Since VTAC mode 2 automatically exempts TSR's, this message will only appear when using VTAC mode 1. Most users will never see this. version 4.6 * Mode 1 extends its protection to prevent the Read-Only file attribute from being cleared. This allows the user to mark files for extra protection. Previous versions of VTAC referred to mode 1 and mode 2 as "PRIORITY 1" and "PRIORITY 2". This was a holdover from the original implementation of MON. The term "PRIORITY" has been dropped. version 4.7 * Minor changes for mode 2 functions. version 4.8 * Updated for some trojans that do not use interrupt 21h. VTAC 4.8 USER RESPONSE FORM page 12 Please take a few minutes to fill out as much of this form as possible. 1. What type of computer(s) do you have? _____________________________________________________________ 2. Type of hard-disk system: (if applicable) _____________________________________________________________ 3. Type of video display: _____________________________________________________________ 4. Is VTAC being run on a network? ______ What type? _________________________________________ 5. VTAC is developed to minimize false alarms: Has VTAC alerted on your system? _____________________________________________________________ 6. In which mode do you normally run VTAC? Mode 1___ Mode 2___ No preference___ Additional Comments______________________________________________ _____________________________________________________________ Name__________________________________________________________ Address__________________________________________________________ __________________________________________________________ Your user registration form and registration fee should be sent to: Randolph Beck VTAC User Registration P.O. Box 56-0487 Orlando, FL 32856-0487 This form is listed separately in the file REGISTER.TXT. TRADEMARK ACKNOWLEDGEMENTS IBM is a trademark of International Business Machines MS-DOS is a trademark of Microsoft Corporation ---------------------------------------------------------------------------- Randolph Beck P.O. Box 56-0487, Orlando, Florida 32856-0487