Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!um-math!sharkey!cfctech!teemc!hpftc!zardoz!henry.jpl.nasa.gov!elroy.jpl.nasa.gov!csun!srhqla!nrcvax!rick From: rick@NRC.COM (Rick Wagner) Newsgroups: comp.sys.ibm.pc Subject: Re: Preventing Floppy Boots Message-ID: <298@nrcvax.NRC.COM> Date: 30 Aug 89 19:21:01 GMT References: <2610@astroatc.UUCP> Reply-To: rick@nrcvax.UUCP (Rick Wagner) Distribution: na Organization: Network Research Corp., Oxnard CA Lines: 51 In article <1989Aug15.183532.27998@ee.rochester.edu> jal@ee.rochester.edu writes: >A friend of mine wants to write a program that would provide some >small security by either preventing people from booting off a >floppy drive or by making the information on the hard-drive unusable >if the system is booted off the floppy. > >This is for DOS and cannot involve significant hardware (like >burning ROMS, cutting wires, etc). Any thoughts would be appreciated. > >This is personal opinion. Well, depending upon your system: IBM's and many (most?) compatables will not boot from the B: drive; so... (a) if you have a dual floppy system, unplug your A: drive. This will leave you with the B: drive to read/write floppies. (b) If it is a single floppy system, use the second drive connector on the flat ribbon cable for the drive; this will accomplish the same thing as (a). Now this assumes a case with a lock, or some other method of locking the case closed. The biggest problem (more of an annoiance) is that the system will report a drive failure for drive A:, probably requiring you to press the F1 key. The advantage is that in the an appropriate system, there is no H/W mods needed, just unplugging a cable, which is a reversable process. Now you still need some software to password protect the hard disk. The comlpexity of this will depend upon how much you trust the people who are allowed to log on. (Do you trust them not to change your config.sys file, say; or delete the security program?). The simplest way would be to write a 'device driver' to ask for a password. It would not really be a driver, but would look like one so it will get loaded at boot time from your config.sys. It can't be in your autoexec.bat file, since that can be aborted with a ^c, dropping whoever back into DOS. A more complex system would involve modifying the boot block, but that would still be at the mercy of someone with a disk-editor. If you don't mind buying some hardware, there are small boards which plug into one of your system slots, and prompt for a password at power-up. This only occurs at power up time, so your logout is a power down. Again, for most of these boards, the case must be locked. -- =============================================================================== Rick Wagner Network Research Corp. rick@nrc.com rick@nrcvax.UUCP 2380 North Rose Ave. (805) 485-2700 FAX: (805) 485-8204 Oxnard, CA 93030 Don't hate yourself in the morning, sleep 'till noon.