Liren Large Software Subsidy 16

home *** CD-ROM | disk | FTP | other *** search

/ Liren Large Software Subsidy 16 / 16.iso / t / t231 / 1.img / GUARDIAN.EXE / USER.DOC < prev

Wrap

Text File | 1993-10-07 | 30.2 KB | 628 lines

This document parallels the priinted manul which was published when Version 1.5 was released. Since then, numerous changes have occurred as new versions have been released. Please read the UPDATE.TXT file for information on the more current versions. T H E G U A R D I A N Version 1.50 A disk security system for IBM PC's and compatibles R E F E R E N C E G U I D E TABLE OF CONTENTS Topic Page _______________________________________________________________ License Agreement......................2 Introduction...........................4 Getting Started Installing The Guardian............6 Chapter 1 General............................8 Chapter 2 Logging on to a System.............9 Chapter 3 Locking/Unlocking a Disk..........11 Chapter 4 Changing Configuration Parameters.15 Chapter 5 Helpful Hints/Suggestions.........17 2 _______________________________________________________________ LICENSE AGREEMENT This product is licensed to you for your personal use or for use in your business or profession. It is copyrighted by Marcor Enterprises, Indianapolis, Indiana which retains ownership and all rights to all materials associated with it. Marcor Enterprises grants you the right to reproduce, distribute and use copies of this software product, subject to the limitations specified below, and on the express condition that you do not receive any payment, commercial benefit, or other consideration for such reproduction or distribution (except for covering your own costs), or change this license agreement or the copyright notices which appear in the software, documentation, and magnetic media. Limitations You may make and keep one (1) back-up copy of the software for your personal use, provided that (i) you copy all the copyright, trademark, and other information included with this product onto your backup diskette, and (ii) you are a registered user of this product. Also you may distribute copies to other persons, but solely for their evaluation (i.e., to decide whether to continue using the product and therefore register), and provided that you include all copyright notices and material included in the original package. THIS PRODUCT IS LICENSED "AS IS" WITHOUT WARRANTY OF ANY KIND AS TO MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, PERFORMANCE, OR OTHERWISE. ALL WARRANTIES ARE EXPRESSLY DISCLAIMED. BY USING THIS PRODUCT, YOU AGREE THAT NEITHER MARCOR ENTERPRISES NOR ANY OFFICERS, DIRECTORS, EMPLOYEES, SHAREHOLDERS, AFFILIATES, OWNERS, OR OTHER RELATED PARTIES WILL BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY USE OF OR INABILITY TO USE OR PERFORMANCE OF THIS PRODUCT, OR FOR ANY DAMAGES WHATSOEVER WHETHER BASED ON CONTRACT, TORT OR OTHERWISE, EVEN IF WE ARE NOTIFIED OF SUCH POSSIBILITY IN ADVANCE. (SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE FOREGOING LIMITATION MAY NOT APPLY TO YOU.) APPLY TO YOU.) You may not reverse-engineer, disassemble, modify, decompile or create derivative works of this product. You acknowledge that this product includes certain trade secrets and confidential information, all of which is the copyrighted intellectual property of Marcor Enterprises. All rights are reserved. This product must not be sold or otherwise provided as part of a larger system, or as a part of a more inclusive product or service, without express written consent and licensing from Marcor Enterprises. The rights to receive any such financial or other benefit, and to modify the product 3 _______________________________________________________________ or employ its components in any kind of derivative work, are reserved exclusively by Marcor Enterprises. This license and your right to use this product is terminated if you fail to comply with any of the terms or conditions of this license agreement. Marcor Enterprises 8857 Commerce Park Place Suite D Indianapolis, Indiana 46268 (317) 876-9376 Copyright (C) 1989-90, Marcor Enterprises IBM and IBM PC are registered trademarks of IBM Corporation. 4 _______________________________________________________________ INTRODUCTION The Guardian is a security system designed to protect an entire disk (either a hard disk or a floppy disk) against unauthorized use. Individual files on a disk may or may not be protected by a password mechanism or an encryption routine. The Guardian uses an algorithm that logically "locks" a disk so that no files, programs, or directories on the disk may be accessed regardless of whether they are otherwise secured. The system consists of two programs: TG.EXE is a program which displays a log-on menu and would normally be the very first entry in an AUTOEXEC.BAT file and thus the very first thing that happens when a computer is turned on; TGM.EXE is the main system support program that provides the ability, among other things, to unlock a previously locked disk. A spare copy of this program should be kept on a separate disk from the log-on program because, if it exists only on the same disk, and the disk gets locked, this program could not be executed, and you would not be able to unlock the disk. If this happened, the only way you could use the disk would be to re-format it which would destroy all data on it. This program also provides the facility for intentionally locking any selected disk, for selecting different color combinations, and for changing installation parameters such as passwords. When a disk is locked by The Guardian, the files on that disk are not physically altered. What is altered, is the information that tells DOS where those files are. Once a disk has been locked, under no circumstances should you try to add any files to the disk or try to rebuild the files from the raw data recorded in various locations on the disk. Such attempts could result in the permanent loss of the files that were on the disk before it was locked. 5 _______________________________________________________________ Anti-Virus Guard The Guardian has a special feature which detects the possible presence of a computer virus. Every time you start either of the programs it performs this check if you have started the program from the drive and directory where the program resides. If you start it from a different directory (such as from the root directory and execute the program by entering GUARDIAN\TGM), the check is not performed. If everything appears to be in order, a small checkmark is displayed in the lower left corner of the main menu. If something is wrong, a small "x" will flash at that location. Should this happen, you should compare the program size and date/time stamps with the original program on the distribution disk. You should be able to correct the situation by replacing the suspect program with the original. 6 _______________________________________________________________ GETTING STARTED Installing The Guardian 1. Place the distribution disk in Drive A. Set the current or default drive and directory to where you want to install the system. (For example C:) If you want to install it in a new sub-directory called SECURE for example, you can create that sub-directory by entering MD SECURE; then make that directory the current directory by entering CD SECURE (or whatever name you have chosen). Enter COPY A:*.* and press Enter to copy the programs to that directory. Your distribution disk may have one or more self-extracting compressed files on it. If it does, it will be explained in a README.BAT file. If this is the case, you should now execute those files to extract the appropriate files and/or programs. 2. Now copy the program, TGM.EXE, to a floppy disk using either the distribution disk as a source or the copy you just made in step 1. Store this disk in a safe place. This is a very important step. If you don't do this and the disk containing TG.EXE and TGM.EXE gets locked, you will not be able to unlock the disk. 3. Add the command TG to your AUTOEXEC.BAT file. This should be the first entry in the file so that the log-on menu is the first thing that happens. You can use any text editor or the program EDLIN which is supplied with DOS and is described in the DOS reference manual. If you need to create a new file, you could also enter COPY CON: AUTOEXEC.BAT. Again, refer to your DOS reference manual if you're not familiar with this procedure. 4. Note: In its operation, The Guardian uses a file called !!!.### which is stored in the root directory of your disk. Make sure you don't already have a file with this name before running The Guardian. TECHNICAL NOTES The Guardian operates on IBM personal computers and on IBM compatible computers. It requires DOS vers 2.1 or later, 256K of memory. A hard disk is recommended. The first time a disk is locked, certain control information is stored in the root directory of that disk. If the root directory is full, The Guardian cannot lock the disk. Normally this should not be a problem because most hard disks can have at least 512 entries in the root directory and the root directory is almost never full. If this should happen, 7 _______________________________________________________________ however, you should create one or more sub-directories and move some of those files to those sub-directories. 8 _______________________________________________________________ Chapter 1 General The Guardian uses multiple passwords for granting access to a disk. There can be up to six different passwords, any one of which will be accepted as a valid authorization. The first password is considered a master password and has special authority as described later in this manual. The password file as originally distributed has only one password assigned - the master password - and its value is "guardian". Note that all passwords are case sensitive. That is, "guardian", "Guardian", and "GUARDIAN" are all considered different passwords. Passwords and other configuration parameters are stored in the current directory of the drive where the programs are located (the current drive). Normally this would be the same directory as where the programs are located. If that information is missing, The Guardian will create a new file and assign default information - including a master password of "guardian". It will also display a warning message that this has happened. This, in and of itself, is not necessarily an error, but constitutes a warning to you that all installation parameters have been reset to default values. While the Master Menu is being displayed, you can press Alt-V and a special screen will be displayed which shows the current version of The Guardian as well its serial number. Pressing any key will return you to the Master Menu. If, for any reason, you need to contact us for assistance, you should have this information available. 9 _______________________________________________________________ Chapter 2 Logging on to a System When program TG.EXE is run, it displays a log-on menu and asks for a valid authorization (password). Any one of the six possible passwords will be accepted and the program simply exits to DOS. As the characters of a password are entered, the system displays a blank block character to show how many characters have been entered, but not the characters themselves. If a wrong password is entered, the computer's speaker is sounded, the entry is erased, and you are asked to try again. The program will provide three opportunities to enter a correct password. If a correct entry is not entered by the third try, the program will automatically lock the disk and sound a warning siren for 10 seconds along with a warning message that the authorizations entered were invalid. At this point all files are locked and the keyboard is disabled. The only thing you can do is reset (re-boot) the computer or turn it off. Caution: The disk that is locked is the disk of the current drive, not necessarily the disk where the program is located. For example, if the prompt on the screen is C:\> and you enter D:\SECURE\TG (assuming the program TG.EXE is in fact in a sub-directory called SECURE on drive D:), then disk C: will be locked, not drive D:. (Note: Earlier versions of DOS won't allow you to execute a program this way.) Be very careful that you set up your operating configuration so that you don't risk locking the wrong disk. (Note: In this example, The Guardian would look for it's control information in the current (root) directory of drive C:. If it weren't there, the program would display a warning message and create a new file with default values - including a master password of "guardian".) When the disk is locked, The Guardian looks for files in the root directory ending with the extension .COM or .SYS. If it finds them, they are left intact. This way, you can still use this disk for starting up DOS. Also, if it finds its own main program, TGM.EXE, in the root directory, it, along with its master configuration file, GUARDIAN.MRE, are left intact. However, all these files are marked hidden, read-only until the disk is unlocked. While the disk is locked, you cannot make any changes to the installation configuration parameters - like passwords. Read the section, Locking a Disk, in Chapter 3 for some cautions about having your system set up this way. 10 _______________________________________________________________ Chapter 3 Locking/Unlocking a Disk Master Menu To intentionally lock a disk or unlock a previously locked disk, invoke the Master Menu by executing program TGM.EXE. You can either use the cursor keys to highlight the desired option and press Enter, or you can simply press the first letter of the option you want. To return to DOS, simply press Escape and then press "Y" or Enter in response to the question "Return to DOS?". If you press "N" or Escape, you are returned to the Master Menu. Locking a Disk When the Lock Disk Menu is displayed on the screen, enter the drive letter of the disk you want to lock and press Enter. The program will then ask you for authorization. Any of the six available passwords will be accepted. Remember, if you lock the disk on which The Guardian resides, you may have to use a spare copy of TGM.EXE on a different disk to unlock it. Always keep a spare copy of The Guardian in a separate and secure place. As explained in Chapter 2, any files in the root directory which have an extension .COM or .SYS are not locked, although they are marked hidden, read-only. This also applies to the main Guardian program, TGM.EXE, and the master configuration file, GUARDIAN.MRE. This way, if your hard drive (e.g. "C") is locked, it is still possible to "boot" the computer, even though all other files are inaccessible. If you keep TGM.EXE in the root directory, you will be able to use it to unlock the disk; if it is in a sub-directory on this disk, you cannot get to it and must use a spare copy of the program on another disk. Do not attempt to change any configuration parameters, such as passwords, while the disk is locked - the program won't allow it. As with most security procedures, it's easy to find yourself facing conflicting objectives. Making a system as easy as possible to use increases the possibility of reducing the security protection. For example if you put the program, TGM.EXE, in the root directory, it makes it easier for you to unlock your disk, but it also gives access to the program to anyone who knows it's there. Even though the control information is encrypted, anybody can run the program and try indefinitely to find the correct password to unlock the disk. Keeping the program in a sub- directory and on a separate disk adds another step to the unlocking process, but also increases the security. By having The Guardian not lock this program file if it's in the root directory, you have the choice of 11 _______________________________________________________________ which way you want to operate - easier use of the system or greater protection. After the disk has been locked, an "unlocked" file is placed on the disk called READTHIS.MRE. You can use the DOS TYPE command to display this file. It contains a message that the disk has been locked by The Guardian, and that you should not attempt to add or delete any files on the disk. When the disk is unlocked, this file is removed. Unlocking a Disk When a disk is locked, certain information is recorded which The Guardian uses for unlocking the disk at a later time. Included in this information is the master password and, if the disk was locked intentionally, the password that was used to authorize that locking action. The only way to unlock a disk is to know the master password or the authorization password that was in effect at the time the disk was locked. If the current master password is different from the master password that was in effect when the disk was locked, the current master password will not work. When you select the Unlock Disk option, the system asks you first for the drive letter of the disk to be unlocked and then for the proper authorization. If the disk was locked as a result of a failed log-on attempt, the only way to unlock it is to enter the master password that was in effect when it was locked. If it was locked intentionally, then either the master password or the password used to authorize the locking action can be entered. No other passwords are accepted. You are given three opportunities to enter the correct password. If the correct password is not entered by the third try, you are returned to the Master Menu. If, while a disk is locked, someone alters the disk contents, such as adding a new file, The Guardian will find inconsistencies when it tries to unlock the disk. If this happens it will display a message that it can not recover the file it is working on and asks you to either press Enter to continue or Esc to abandon the unlock attempt. Generally you should press Enter in order to recover, or unlock, as many files as possible. If you press Esc, the system abandons its attempt to unlock the disk and returns you to the main menu. However, the control information about the locked disk is kept intact so that subsequent unlocking attempts are possible. While this condition exists, it is impossible to lock the disk again, because The Guardian will tell you the disk is already locked - at least part of it is since it has never been completely unlocked. Also, while the disk is in this condition, the space occupied by the files that could not be rebuilt and all space occupied by any files in sub-directories cannot be used. At this point, it is entirely possible that you have irretrievably lost all those files. If you have access to someone who has expert knowledge in internal DOS file management, it may be possible to fully recover the data. The only way to be able to completely unlock the disk is to get the DOS file directory back in exactly the same condition it was in immediately after the disk was locked - which is not very probable. If you 12 _______________________________________________________________ have registered your copy of The Guardian, you can call Marcor Enterprises for telephone assistance. If the file that can not be recovered has a "?" in the first position of the file name, the system is trying to recover the information about an erased file. (When a file is erased or deleted, DOS merely "marks" the file as having been erased, but doesn't actually erase any data. That is why there are utility programs available which allow you to "unerase" files. However don't ever try to "unerase" a file on a disk that has been locked by The Guardian because it won't work.) In this case of not being able to recover the control information about an erased file, you probably have not lost anything other than the ability to ever "unerase" that file, and can continue with the unlock process. 13 _______________________________________________________________ Chapter 4 Changing Configuration Parameters Selecting Colors This menu shows three lines which represent "normal" and "highlighted" foreground and background color selection and "emphasized" color selection. The Guardian uses "normal" foreground and background colors for routine text and "highlighted" colors for pointing to current selections and for showing pending changes to data. It uses "emphasized" color when certain additional information is displayed. With the highlight bar on a given line, use function keys F3 and F4 to select foreground and background colors respectively for the color type listed on that line. (Note, however, you cannot assign a separate background color on the "emphasized" line.) F2 is used to switch between color and monochrome. In monochrome mode, the color keys select different combinations of white, bright white, and black. F9 selects border colors. Function key F10 displays a window with its respective colors. Use the same keys as described above to select the various window colors. Press either Enter or F10 to close the window. If you have made changes to the window colors, pressing Escape will cancel those changes and then close the window. If you press Escape while the window is closed (not being displayed), then all the colors will be reset to what they were when you first selected this menu. If you press Escape again, you will be returned to the Selection Menu. When you have made changes and are ready to accept them, press the Enter key. You will then be asked to confirm the changes before being returned to the Master Menu. Changing Parameters This section allows you to set up or change the installation name that is displayed on the sign-on menu. As soon as any letter is pressed, the entire line is highlighted to indicate a pending change. When you have made the changes you want, press Enter and the new contents of the line are accepted. If you wish to cancel the changes while the line is highlighted, simply press Escape and the line is restored to its original value. On this screen you also have the opportunity to review and change passwords. You can Add, Change, Remove, and View passwords. To select an option, press the first letter of the desired action, A, C, R, and V. There can be up to six passwords, and each password can have up to eight characters. The first password is also considered the master password and is the password that is required to view all of the others. Naturally, in order to change or remove any password, you must first know the password to 14 _______________________________________________________________ be changed or deleted. Passwords are case sensitive; that is, "PWD", "Pwd", and "pwd" are all considered different passwords. Spaces can be part of a password, but a password should not end in spaces; when The Guardian scans or changes passwords, it strips off trailing blanks. As previously explained, when a disk is locked, information that is recorded about the locked disk includes the current master password. This password can always be used to unlock a locked disk, so, while it is important to protect all passwords, extra care must be taken to properly protect the master password. When this system is first installed, there is one password, the master password, already assigned, and it's value is "guardian". We recommend that, after installing the system, one of the first things you do is to re-assign your own master password. Make a record of that password and store it in a safe place. 15 _______________________________________________________________ Chapter 5 Helpful Hints/Suggestions As pointed out in the section called Technical Notes in the front of this manual, The Guardian records certain control information in the root directory when it locks a disk. If the root directory is full, The Guardian cannot lock the disk. All disks have a finite limit on the number of files that can reside in the root directory, even though it is a large number (such as 512 for many hard disks). It was the introduction of sub-directories in DOS 2.0 that effectively removed the limit on the total number of files on a disk, but that limit still exists as far as the root directory is concerned. If the root directory of your disk is full, or even close to being full, you should create sub-directories and move most of those files to those sub- directories. It is nearly impossible to effectively manage that many files in one place. If this situation does exist on your hard disk, it would be well worth your time to read about directories in your DOS reference manual. If you do this, you probably also need to read about the PATH command and about the AUTOEXEC.BAT file in your DOS manual. When you have enough files to make the use of sub-directories desirable, it is probably also desirable for you to use the AUTOEXEC.BAT file and have a PATH command in it. This can greatly simplify the operation of your computer. There are two more reasons to minimize the number of files in your root directory: (1) it increases the security protection of the disk when it is locked, and (2) the lock/unlock process is faster. 16 _______________________________________________________________ Problems/Suggestions If you encounter problems in using The Guardian or have suggestions for improvements that you would like to see incorporated into the system, please write Marcor Enterprises, 8857 Commerce Park Place, Suite D, Indianapolis, IN, 46268 or call (317) 876-9376.