Sign in with
Sign up | Sign in
Your question

Advice Please; How to "Quarantine" Hard Drives

Last response: in Storage
Share
Anonymous
a b B Homebuilt system
a b G Storage
August 8, 2004 1:38:35 PM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

Is it really possible to "Quarantine" three system hard drives from a
single hard drive when that hard drive is used for internet related
purposes?(The idea is to keep them from from viruses, hacking, ect.).

Thanks a lot.

Darren Harris
Staten Island, New York.
Anonymous
a b B Homebuilt system
a b G Storage
August 8, 2004 10:08:50 PM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

Searcher7@mail.con2.com (Darren Harris) writes:
>Is it really possible to "Quarantine" three system hard drives from a
>single hard drive when that hard drive is used for internet related
>purposes?(The idea is to keep them from from viruses, hacking, ect.).

There was a retail product called "Hard Drive Sherrif" that might help you.

I always thought a nice product would be a big red switch and a
modification of defrag. You decide, with some assistance from the
software, which files you don't want changed, probably forever.
The software moves all those to one side of "the fence." Things
that you are expecting to change are kept on the other side of "the
fence." When it is finished moving files it asks you to flip the
switch. Then any attempt to write on the wrong side of the fence
results in a disk write error and it doesn't do the write. No
software can then flip that switch, and that is the essential part
of providing that security. (It actually wouldn't be too difficult
for a company to build such a product)

It would seem to me that a substantial fraction of your hard drive
is stuff that you likely very very rarely want to change, and if
something does try to change that then it is almost certainly a
bug or a virus. (Now if Microsoft just didn't need to patch their
code every week we would be set!)
Anonymous
a b B Homebuilt system
a b G Storage
August 9, 2004 5:21:00 AM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

I believe in the past I have seen hard drives with a jumper that write
protects a hard drive (SCSI drives ?)
Maybe you could go into the bios at startup and disable the IDE controller
the drives are connected to.
Or put the drives into an external USB case and leave the drive disconnected
when not in use.

"Darren Harris" <Searcher7@mail.con2.com> wrote in message
news:9437a27c.0408080838.149f95f0@posting.google.com...
> Is it really possible to "Quarantine" three system hard drives from a
> single hard drive when that hard drive is used for internet related
> purposes?(The idea is to keep them from from viruses, hacking, ect.).
>
> Thanks a lot.
>
> Darren Harris
> Staten Island, New York.
Related resources
August 9, 2004 5:22:36 AM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

Darren Harris wrote:

> Is it really possible to "Quarantine" three system hard drives from a
> single hard drive when that hard drive is used for internet related
> purposes?(The idea is to keep them from from viruses, hacking, ect.).
>
> Thanks a lot.
>
> Darren Harris
> Staten Island, New York.

On Linux, you mean?

--
The e-mail address in our reply-to line is reversed in an attempt to
minimize spam. Our true address is of the form che...@prodigy.net.
Anonymous
a b B Homebuilt system
a b G Storage
August 9, 2004 5:22:37 AM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

I'll be using Windows XP. All four drives will be in a single case.
And I really need to be able to access any of the drives on a dime,
but will be spending most of the time using drive "C".

Basically, what I'm looking for is something simular in principle to
the way the "Recycle Bin" works. Data/apps in there cannot be changed.
One would have to restore them first.

Since those "brains" over at Microsoft will never come up with a
secure OS, you'd think that a simple "Quarantine" function would be
incorporated into their products.

Thanks a lot.

Darren Harris
Staten ISland, New York.
Anonymous
a b B Homebuilt system
a b G Storage
August 9, 2004 5:22:37 AM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

I'll be using Windows XP. All four drives will be in a single case.
And I really need to be able to access any of the drives on a dime,
but will be spending most of the time using drive "C".

Basically, what I'm looking for is something simular in principle to
the way the "Recycle Bin" works. Data/apps in there cannot be changed.
One would have to restore them first.

Since those "brains" over at Microsoft will never come up with a
secure OS, you'd think that a simple "Quarantine" function would be
incorporated into their products.

Thanks a lot.

Darren Harris
Staten ISland, New York.
Anonymous
a b B Homebuilt system
a b G Storage
August 9, 2004 8:49:13 AM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

I have not personally done what you are trying to do. That said
simply typed in
" password protect hard drive " on Google and got a ton of hits.
This one looks promising...... http://www.softstack.com/hidedrv.html

Hide and Protect Drives will apparently password protect hard drives,
floppy drives...... even CD and DVD drives. ( BTW....It's $29.95 )

Let us know if you find something better. Good luck!

====================================================================
Searcher7@mail.con2.com (Darren Harris) wrote in message news:<9437a27c.0408080838.149f95f0@posting.google.com>...
> Is it really possible to "Quarantine" three system hard drives from a
> single hard drive when that hard drive is used for internet related
> purposes?(The idea is to keep them from from viruses, hacking, ect.).
>
> Thanks a lot.
>
> Darren Harris
> Staten Island, New York.
Anonymous
a b B Homebuilt system
a b G Storage
August 9, 2004 1:01:41 PM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

Darren Harris wrote:

> I'll be using Windows XP. All four drives will be in a single case.
> And I really need to be able to access any of the drives on a dime,
> but will be spending most of the time using drive "C".
>
> Basically, what I'm looking for is something simular in principle to
> the way the "Recycle Bin" works. Data/apps in there cannot be changed.
> One would have to restore them first.
>
> Since those "brains" over at Microsoft will never come up with a
> secure OS, you'd think that a simple "Quarantine" function would be
> incorporated into their products.

Such a "quarantine" function would be no more reliable than the security of
the OS. While you can't call up a file from the recycle bin and edit it
with Word someone who knows what he's about should be able to alter the
contents regardless--those files aren't really protected in any special
manner.

If you're running 2K/XP I believe you can set policies on the drives that
deny writing to specific users--I know you can do that if you have a domain
going just don't recall if it's possible to do it with workstation working
standalone. That's fairly robust.

_Safest_ bet is to put the files you want to protect on a server that has no
Internet access and then use the security features of the OS on that server
to prevent writing. That way security is handled independently of anything
that happens on your working machine. You can use Linux or BSD on the
server if you can't afford Windows Server or if you feel like doing a
little "sweet talking" you can probably get a 5 user copy of Netware for
Small Business (or whatever they're calling it this week) out of your local
Novell authorized reseller--the 5 user is officially free but available
only through resellers.
>
> Thanks a lot.
>
> Darren Harris
> Staten ISland, New York.

--
--John
Reply to jclarke at ae tee tee global dot net
(was jclarke at eye bee em dot net)
Anonymous
a b B Homebuilt system
a b G Storage
August 9, 2004 6:11:58 PM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

Format the drives as NTFS, set the security permissions "Read" for everybody
and "modify" for Administrators.
Then, to copy files there, you'll need to be logged as an administrator. Any
account will be able to read those files.

To make sure the malware won't be able to install on your computer: never
work as an administrator or a member of Administrators group. Make your user
account "limited user". Then, even some security hole or your own fault will
allow some malware install to run, it won't be able to copy anything to the
system folders and register itself in the OS.

"Darren Harris" <Searcher7@mail.con2.com> wrote in message
news:9437a27c.0408080838.149f95f0@posting.google.com...
> Is it really possible to "Quarantine" three system hard drives from a
> single hard drive when that hard drive is used for internet related
> purposes?(The idea is to keep them from from viruses, hacking, ect.).
>
> Thanks a lot.
>
> Darren Harris
> Staten Island, New York.
Anonymous
a b B Homebuilt system
a b G Storage
August 11, 2004 4:02:06 AM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

I just need a *simple* way to protect 3 out of 4 drives when not in
use, and save to them quickly when I have to. So having to create Zip
drives or getting a server to store my files is not an option. And
paying $30 for an unproven app(wiht very little comments about it on
the net) that *might* protect my drives from hacking and viruses
doesn't seem plausible. And I don't know how it is possible to get 3
out of four drives to recognize me as an "Administrator" with the one
single drive allowing full access.

I guess a firewall should be my first line of defense, but shouldn't I
be able to set up a SCSI system to spin down 3 out of 4 drives until I
access them?

(I guess if there was an easy way to do this, it would be widely
know).

Thanks.

Darren Harris
Staten Island, New York.
*******************************************************************************
"Alexander Grigoriev" <alegr@earthlink.net> wrote in message news:<OCLRc.14188$cK.12214@newsread2.news.pas.earthlink.net>...
> Format the drives as NTFS, set the security permissions "Read" for everybody
> and "modify" for Administrators.
> Then, to copy files there, you'll need to be logged as an administrator. Any
> account will be able to read those files.
>
> To make sure the malware won't be able to install on your computer: never
> work as an administrator or a member of Administrators group. Make your user
> account "limited user". Then, even some security hole or your own fault will
> allow some malware install to run, it won't be able to copy anything to the
> system folders and register itself in the OS.
>
> "Darren Harris" <Searcher7@mail.con2.com> wrote in message
> news:9437a27c.0408080838.149f95f0@posting.google.com...
> > Is it really possible to "Quarantine" three system hard drives from a
> > single hard drive when that hard drive is used for internet related
> > purposes?(The idea is to keep them from from viruses, hacking, ect.).
> >
> > Thanks a lot.
> >
> > Darren Harris
> > Staten Island, New York.
Anonymous
a b B Homebuilt system
a b G Storage
August 11, 2004 6:15:20 AM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

Darren Harris wrote:
> I just need a *simple* way to protect 3 out of 4 drives when not in
> use, and save to them quickly when I have to. So having to create Zip
> drives or getting a server to store my files is not an option. And
> paying $30 for an unproven app(wiht very little comments about it on
> the net) that *might* protect my drives from hacking and viruses
> doesn't seem plausible.

> And I don't know how it is possible to get 3
> out of four drives to recognize me as an "Administrator" with the one
> single drive allowing full access.

You don't. He's telling you how do operate the machine so ALL 'drives' are
as protected as they can be. You should not normally be logged on as an
administrator so that any malicious code you run across then has full
administrator rights to run through the system at will.

Then you can change write rights on the 'protected' drives, or anything
else you want 'protected', so that nothing but an administrator has write
rights and since you will not be logged on as administrator no malicious
code can use your rights to alter them.

> I guess a firewall should be my first line of defense, but shouldn't I
> be able to set up a SCSI system to spin down 3 out of 4 drives until I
> access them?
>
> (I guess if there was an easy way to do this, it would be widely
> know).
>
> Thanks.
>
> Darren Harris
> Staten Island, New York.
August 11, 2004 11:15:10 AM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

Darren Harris wrote:

> I just need a *simple* way to protect 3 out of 4 drives when not in
> use, and save to them quickly when I have to. <snip>

You may not want to hear this, but it's a trivial task in Linux.

Via Samba, you can integrate that with Windows.

--
The e-mail address in our reply-to line is reversed in an attempt to
minimize spam. Our true address is of the form che...@prodigy.net.
Anonymous
a b B Homebuilt system
a b G Storage
August 11, 2004 1:04:09 PM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

Searcher7@mail.con2.com (Darren Harris) wrote in
news:9437a27c.0408102302.7e2838ce@posting.google.com:

> I just need a *simple* way to protect 3 out of 4 drives when not in
> use, and save to them quickly when I have to.

How quick is quickly? How about USB2/Firewire enclosures - and pull the
plug to protect??

Why is a server not an option? speed?

Under Linux just umount them :) 


--
Lordy
Anonymous
a b B Homebuilt system
a b G Storage
August 11, 2004 6:48:29 PM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

Don Taylor wrote:
> Searcher7@mail.con2.com (Darren Harris) writes:
>
>>Is it really possible to "Quarantine" three system hard drives from a
>>single hard drive when that hard drive is used for internet related
>>purposes?(The idea is to keep them from from viruses, hacking, ect.).
>
>
> There was a retail product called "Hard Drive Sherrif" that might help you.
>
> I always thought a nice product would be a big red switch and a
> modification of defrag. You decide, with some assistance from the
> software, which files you don't want changed, probably forever.
> The software moves all those to one side of "the fence." Things
> that you are expecting to change are kept on the other side of "the
> fence." When it is finished moving files it asks you to flip the
> switch. Then any attempt to write on the wrong side of the fence
> results in a disk write error and it doesn't do the write. No
> software can then flip that switch, and that is the essential part
> of providing that security. (It actually wouldn't be too difficult
> for a company to build such a product)
>
> It would seem to me that a substantial fraction of your hard drive
> is stuff that you likely very very rarely want to change, and if
> something does try to change that then it is almost certainly a
> bug or a virus. (Now if Microsoft just didn't need to patch their
> code every week we would be set!)
Gee, that is how the more than 260+ FREE, Open Source, Operating
Systems, and, MAC OSX, all work, NOW! The /ROOT system can ONLY be
changed by the Sys.Admin.! (Unlike XP, which can be cracked, via a
floppy, usb drive, or, through remote access!).

Here ar 190+ LiveCDs to play with!
http://www.frozentech.com/content/livecd.php
Anonymous
a b B Homebuilt system
a b G Storage
August 11, 2004 6:50:53 PM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

"Darren Harris" <Searcher7@mail.con2.com> wrote in message news:9437a27c.0408102302.7e2838ce@posting.google.com...
> I just need a *simple* way to protect 3 out of 4 drives when not in
> use, and save to them quickly when I have to. So having to create Zip
> drives or getting a server to store my files is not an option. And
> paying $30 for an unproven app(wiht very little comments about it
> on the net) that *might* protect my drives from hacking and viruses
> doesn't seem plausible. And I don't know how it is possible to get 3
> out of four drives to recognize me as an "Administrator" with the one
> single drive allowing full access.
>
> I guess a firewall should be my first line of defense, but shouldn't I
> be able to set up a SCSI system to spin down 3 out of 4 drives until I
> access them?

Uhuh, and when exactly did you inform this group that your drives are SCSI?

>
> (I guess if there was an easy way to do this, it would be widely know).

It is, but for you to accept anything and not moan about it, that is the problem.
Or maybe your uncanny ability to misunderstand what you read.

>
> Thanks.
>
> Darren Harris
> Staten Island, New York.
> *******************************************************************************
> "Alexander Grigoriev" <alegr@earthlink.net> wrote in message news:<OCLRc.14188$cK.12214@newsread2.news.pas.earthlink.net>...
> > Format the drives as NTFS, set the security permissions "Read" for everybody
> > and "modify" for Administrators.
> > Then, to copy files there, you'll need to be logged as an administrator.
> > Any account will be able to read those files.
> >
> > To make sure the malware won't be able to install on your computer: never
> > work as an administrator or a member of Administrators group. Make your user
> > account "limited user". Then, even some security hole or your own fault will
> > allow some malware install to run, it won't be able to copy anything to the
> > system folders and register itself in the OS.
> >
> > "Darren Harris" <Searcher7@mail.con2.com> wrote in message news:9437a27c.0408080838.149f95f0@posting.google.com...
> > > Is it really possible to "Quarantine" three system hard drives from a
> > > single hard drive when that hard drive is used for internet related
> > > purposes?(The idea is to keep them from from viruses, hacking, ect.).
> > >
> > > Thanks a lot.
> > >
> > > Darren Harris
> > > Staten Island, New York.
Anonymous
a b B Homebuilt system
a b G Storage
August 11, 2004 8:09:04 PM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

David Maynard <dNOTmayn@ev1.net> wrote in message news:<10hjhs9phn3cg4c@corp.supernews.com>...
> Darren Harris wrote:
> > I just need a *simple* way to protect 3 out of 4 drives when not in
> > use, and save to them quickly when I have to. So having to create Zip
> > drives or getting a server to store my files is not an option. And
> > paying $30 for an unproven app(wiht very little comments about it on
> > the net) that *might* protect my drives from hacking and viruses
> > doesn't seem plausible.
>
> > And I don't know how it is possible to get 3
> > out of four drives to recognize me as an "Administrator" with the one
> > single drive allowing full access.
>
> You don't. He's telling you how do operate the machine so ALL 'drives' are
> as protected as they can be. You should not normally be logged on as an
> administrator so that any malicious code you run across then has full
> administrator rights to run through the system at will.

But since as I said, I'll be working with my "C" drive(and will only
occasionally need to copy to the other three), it seems that I won't
have the freemdom I need with that drive until I login in as an
"Administrator", which of course opens up the other drives to
malicious code.

It seems that you're talking about an all-or-nothing solution, and I
need complete freedom with *one* drive while protecting the others. Or
is there sommething I'm not being told?

> Then you can change write rights on the 'protected' drives, or anything
> else you want 'protected', so that nothing but an administrator has write
> rights and since you will not be logged on as administrator no malicious
> code can use your rights to alter them.

Basically, I'd need for the "C" drive to "see" me as an
"Administrator", but not the other three drives. IS that possible?

Thanks.

Darren Harris
Staten Island, New York.
Anonymous
a b B Homebuilt system
a b G Storage
August 11, 2004 8:10:13 PM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

CJT <abujlehc@prodigy.net> wrote in message news:<4119C77E.8080603@prodigy.net>...
> Darren Harris wrote:
>
> > I just need a *simple* way to protect 3 out of 4 drives when not in
> > use, and save to them quickly when I have to. <snip>
>
> You may not want to hear this, but it's a trivial task in Linux.
>
> Via Samba, you can integrate that with Windows.

Unfortunately, Linux is not an option.

Darren Harris
Staten Island, New York.
Anonymous
a b B Homebuilt system
a b G Storage
August 11, 2004 8:25:24 PM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

> > I guess a firewall should be my first line of defense, but shouldn't I
> > be able to set up a SCSI system to spin down 3 out of 4 drives until I
> > access them?
>
> Uhuh, and when exactly did you inform this group that your drives are SCSI?

2004-08-11 00:02:07 PST

Nevertheless, the system doesn't exist yet. I want to build two with
one of them being SCSI. I haven't decided if the one to be connected
to the internet is to be that one.

What's your point?

> >
> > (I guess if there was an easy way to do this, it would be widely know).
>
> It is, but for you to accept anything and not moan about it, that is the problem.
> Or maybe your uncanny ability to misunderstand what you read.

I understand that you are a troll looking for someone to harass. Find
someone else to start with. There are a lot of other threads.

Darren Harris
Staten Island, New York.
Anonymous
a b B Homebuilt system
a b G Storage
August 11, 2004 11:30:00 PM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

Darren Harris wrote:
> David Maynard <dNOTmayn@ev1.net> wrote in message news:<10hjhs9phn3cg4c@corp.supernews.com>...
>
>>Darren Harris wrote:
>>
>>>I just need a *simple* way to protect 3 out of 4 drives when not in
>>>use, and save to them quickly when I have to. So having to create Zip
>>>drives or getting a server to store my files is not an option. And
>>>paying $30 for an unproven app(wiht very little comments about it on
>>>the net) that *might* protect my drives from hacking and viruses
>>>doesn't seem plausible.
>>
>>
>> > And I don't know how it is possible to get 3
>>
>>>out of four drives to recognize me as an "Administrator" with the one
>>>single drive allowing full access.
>>
>>You don't. He's telling you how do operate the machine so ALL 'drives' are
>>as protected as they can be. You should not normally be logged on as an
>>administrator so that any malicious code you run across then has full
>>administrator rights to run through the system at will.
>
>
> But since as I said, I'll be working with my "C" drive

And what does 'working with' the C drive mean?

>(and will only
> occasionally need to copy to the other three), it seems that I won't
> have the freemdom I need with that drive until I login in as an
> "Administrator", which of course opens up the other drives to
> malicious code.

Your 'plan' opens them to malicious code by leaving your C: drive
completely unprotected, so that it can become infected, and then it infects
the other drives the instant you 'spin them up'.

> It seems that you're talking about an all-or-nothing solution, and I
> need complete freedom with *one* drive while protecting the others. Or
> is there sommething I'm not being told?

You're asking for 'complete freedom', why I don't know, for the drive on
which an infection is most likely since every targeted vulnerability
resides on it, and the one where it matter most, yet want to be
'protected'. Just ain't going to happen.


>>Then you can change write rights on the 'protected' drives, or anything
>>else you want 'protected', so that nothing but an administrator has write
>>rights and since you will not be logged on as administrator no malicious
>>code can use your rights to alter them.
>
>
> Basically, I'd need for the "C" drive to "see" me as an
> "Administrator", but not the other three drives. IS that possible?

Yes. Format them NTFS and then mount/dismount them when needed. Or buy
'removable' drives and 'unplug' them when not needed. Doesn't really matter
because whatever vulnerability you're protecting them from will simply
infect them the moment you activate them.


> Thanks.
>
> Darren Harris
> Staten Island, New York.
Anonymous
a b B Homebuilt system
a b G Storage
August 12, 2004 2:17:50 AM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

Searcher7@mail.con2.com (Darren Harris) writes:
>David Maynard <dNOTmayn@ev1.net> wrote in message news:<10hjhs9phn3cg4c@corp.supernews.com>...
>> Darren Harris wrote:
>> > I just need a *simple* way to protect 3 out of 4 drives when not in
>> > use, and save to them quickly when I have to.
....
>Basically, I'd need for the "C" drive to "see" me as an
>"Administrator", but not the other three drives. IS that possible?

So, asking a question here, what would it take in terms of hardware
between the IDE cable and the drive to make a (non-boot) drive
read-only? Or maybe non-existant? Back in the old ST506/MFM days
I imagine that a switch to disconnect the write signal to the drive
would have done it. The same might be possible with (non-boot) IDE
drives.

And you might be able to accomplish the same with SCSI drives.

Then you don't need any suspicious software to pay for, you don't
need another operating system to use, any attempt to write to the
drive would likely just get an error reported by your OS, and on
the rare occasions you want to write to the drive you close the
switch.
Anonymous
a b B Homebuilt system
a b G Storage
August 12, 2004 2:31:45 AM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

Darren Harris wrote:

> David Maynard <dNOTmayn@ev1.net> wrote in message
> news:<10hjhs9phn3cg4c@corp.supernews.com>...
>> Darren Harris wrote:
>> > I just need a *simple* way to protect 3 out of 4 drives when not in
>> > use, and save to them quickly when I have to. So having to create Zip
>> > drives or getting a server to store my files is not an option. And
>> > paying $30 for an unproven app(wiht very little comments about it on
>> > the net) that *might* protect my drives from hacking and viruses
>> > doesn't seem plausible.
>>
>> > And I don't know how it is possible to get 3
>> > out of four drives to recognize me as an "Administrator" with the one
>> > single drive allowing full access.
>>
>> You don't. He's telling you how do operate the machine so ALL 'drives'
>> are as protected as they can be. You should not normally be logged on as
>> an administrator so that any malicious code you run across then has full
>> administrator rights to run through the system at will.
>
> But since as I said, I'll be working with my "C" drive(and will only
> occasionally need to copy to the other three), it seems that I won't
> have the freemdom I need with that drive until I login in as an
> "Administrator", which of course opens up the other drives to
> malicious code.
>
> It seems that you're talking about an all-or-nothing solution, and I
> need complete freedom with *one* drive while protecting the others. Or
> is there sommething I'm not being told?
>
>> Then you can change write rights on the 'protected' drives, or anything
>> else you want 'protected', so that nothing but an administrator has write
>> rights and since you will not be logged on as administrator no malicious
>> code can use your rights to alter them.
>
> Basically, I'd need for the "C" drive to "see" me as an
> "Administrator", but not the other three drives. IS that possible?

I'm going to give you a rather extreme suggestion that is quite workable and
about as secure as you're going to get with a single machine, but not
particularly simple or cheap. Run your Windows under VirtualPC for OS/2
with Netware 4.1 for OS/2, accessing your additional drives via Netware.
All runs on one box, quite reliable, performance is acceptable on modern
hardware, primary Internet exposure is OS/2 which if not bulletproof (and
OS/2 fans, I didn't say it wasn't bulletproof, just that even if it isn't)
is at least uncommon enough to be below the radar for crackers, you have
Novell's very robust and fine-grained security, you can do your
administration from a separate Windows session that is set up under IPX/SPX
and has no Internet access, so you can turn on and off privilege for your
working session as required, and your working Windows session is isolated
in the VirtualPC sandbox.

Less extreme, you could run your Windows session under VMWare on a Linux
box, with your additional drives accessed via SAMBA. Security is not as
fine-grained as Netware but should be plenty for what you want to do, you
can enable write access when desired from the Linux console without closing
Windows or unplugging anything, again Windows is isolated in a
virtual-machine sandbox, and primary internet exposure is Linux, which
while not below the radar doesn't have a whole heck of a lot of known
exploits extant.

Could also do this with VMware or VirtualPC under Windows, running
"dangerous" activities in the virtual session--this would be more secure
than running it in your console session but Windows would be exposed on the
Net, and there are known exploits that require only exposure. Again you'd
enable or disable write access from the console session.

> Thanks.
>
> Darren Harris
> Staten Island, New York.

--
--John
Reply to jclarke at ae tee tee global dot net
(was jclarke at eye bee em dot net)
Anonymous
a b B Homebuilt system
a b G Storage
August 12, 2004 4:35:05 AM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

On 11 Aug 2004 16:09:04 -0700, Searcher7@mail.con2.com (Darren
Harris) wrote:


>It seems that you're talking about an all-or-nothing solution, and I
>need complete freedom with *one* drive while protecting the others. Or
>is there sommething I'm not being told?

That you're trying to reinvent the wheel to a certain extent,
that having protected data is the whole purpose behind removable
media and/or disconnected backup storage?

The moment you are in a position to access those other drive(s),
so is any virus/etc. If it were simply a matter of "denial" of
access to drives, would viri exist at all? Could we not simply
assign all file transfers to a ramdrive and deny all traditional
physical storage rights?

WinXP should be able to pick up a drive connected to a SCSI IDE
controller if it is powered on, from being off, while system
stays running, providing your SCSI controller also supports this.
In other words, you'd be closing power circuit to drive to use
it, then opening circuit again when done. If you can settle for
manually flipping a switch, it is relatively easy, or you could
go a more complicated route and have software commands to cause a
port to drive a relay to do it.
Anonymous
a b B Homebuilt system
a b G Storage
August 12, 2004 6:23:06 AM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

kony <spam@spam.com> wrote in message news:<reelh095egpsvo4dqf56riq5d13bc16g5v@4ax.com>...
> On 11 Aug 2004 16:09:04 -0700, Searcher7@mail.con2.com (Darren
> Harris) wrote:
>
>
> >It seems that you're talking about an all-or-nothing solution, and I
> >need complete freedom with *one* drive while protecting the others. Or
> >is there sommething I'm not being told?
>
> That you're trying to reinvent the wheel to a certain extent,
> that having protected data is the whole purpose behind removable
> media and/or disconnected backup storage?

But I'm talking about the option of keeping all my data in one
place(case) and protecting it.

I'm not trying to reinvent the wheel. The wheel is inherently faulty.
:-)

> The moment you are in a position to access those other drive(s),
> so is any virus/etc. If it were simply a matter of "denial" of
> access to drives, would viri exist at all? Could we not simply
> assign all file transfers to a ramdrive and deny all traditional
> physical storage rights?

There is no great technological hurdle in hardware manufacturers
making systems that give the user total control over the writing
between drives(without having to power them down), but they will not
do it.

> WinXP should be able to pick up a drive connected to a SCSI IDE
> controller if it is powered on, from being off, while system
> stays running, providing your SCSI controller also supports this.
> In other words, you'd be closing power circuit to drive to use
> it, then opening circuit again when done. If you can settle for
> manually flipping a switch, it is relatively easy, or you could
> go a more complicated route and have software commands to cause a
> port to drive a relay to do it.

Perhaps in the future one will have the option of "flipping a switch"
to quarantine specific drives, keeping them from being written to.

Darren Harris
Staten Island, New York.
August 12, 2004 7:28:49 AM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

Don Taylor wrote:

> Searcher7@mail.con2.com (Darren Harris) writes:
>
>>David Maynard <dNOTmayn@ev1.net> wrote in message news:<10hjhs9phn3cg4c@corp.supernews.com>...
>>
>>>Darren Harris wrote:
>>>
>>>>I just need a *simple* way to protect 3 out of 4 drives when not in
>>>>use, and save to them quickly when I have to.
>
> ...
>
>>Basically, I'd need for the "C" drive to "see" me as an
>>"Administrator", but not the other three drives. IS that possible?
>
>
> So, asking a question here, what would it take in terms of hardware
> between the IDE cable and the drive to make a (non-boot) drive
> read-only? Or maybe non-existant? Back in the old ST506/MFM days
> I imagine that a switch to disconnect the write signal to the drive
> would have done it. The same might be possible with (non-boot) IDE
> drives.
>
> And you might be able to accomplish the same with SCSI drives.
>
> Then you don't need any suspicious software to pay for, you don't
> need another operating system to use, any attempt to write to the
> drive would likely just get an error reported by your OS, and on
> the rare occasions you want to write to the drive you close the
> switch.

As I recall, to read an IDE drive you have to write to its registers.


--
The e-mail address in our reply-to line is reversed in an attempt to
minimize spam. Our true address is of the form che...@prodigy.net.
Anonymous
a b B Homebuilt system
a b G Storage
August 12, 2004 7:28:50 AM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

CJT <abujlehc@prodigy.net> writes:
>Don Taylor wrote:
>> So, asking a question here, what would it take in terms of hardware
>> between the IDE cable and the drive to make a (non-boot) drive
>> read-only? Or maybe non-existant? Back in the old ST506/MFM days
>> I imagine that a switch to disconnect the write signal to the drive
>> would have done it. The same might be possible with (non-boot) IDE
>> drives.

>As I recall, to read an IDE drive you have to write to its registers.

I believe that is true, something like 8 registers make up IDE. You
fill some of those with the block number on the drive and then fill
a command register with a read command. But I've never found any
info on someone trying to protect drives with this, or do other
silly things like display the current block number on the front of
the case, the way some wierd off-brand pc did fifteen years ago.

thanks
August 12, 2004 8:58:45 AM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

Don Taylor wrote:

> CJT <abujlehc@prodigy.net> writes:
>
>>Don Taylor wrote:
>>
>>>So, asking a question here, what would it take in terms of hardware
>>>between the IDE cable and the drive to make a (non-boot) drive
>>>read-only? Or maybe non-existant? Back in the old ST506/MFM days
>>>I imagine that a switch to disconnect the write signal to the drive
>>>would have done it. The same might be possible with (non-boot) IDE
>>>drives.
>
>
>>As I recall, to read an IDE drive you have to write to its registers.
>
>
> I believe that is true, something like 8 registers make up IDE. You
> fill some of those with the block number on the drive and then fill
> a command register with a read command. But I've never found any
> info on someone trying to protect drives with this, or do other
> silly things like display the current block number on the front of
> the case, the way some wierd off-brand pc did fifteen years ago.
>
> thanks

The point is that the logic needed is more significant than simply
pulling down a write signal.

--
The e-mail address in our reply-to line is reversed in an attempt to
minimize spam. Our true address is of the form che...@prodigy.net.
Anonymous
a b B Homebuilt system
a b G Storage
August 12, 2004 2:00:34 PM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

Darren Harris wrote:

> kony <spam@spam.com> wrote in message
> news:<reelh095egpsvo4dqf56riq5d13bc16g5v@4ax.com>...
>> On 11 Aug 2004 16:09:04 -0700, Searcher7@mail.con2.com (Darren
>> Harris) wrote:
>>
>>
>> >It seems that you're talking about an all-or-nothing solution, and I
>> >need complete freedom with *one* drive while protecting the others. Or
>> >is there sommething I'm not being told?
>>
>> That you're trying to reinvent the wheel to a certain extent,
>> that having protected data is the whole purpose behind removable
>> media and/or disconnected backup storage?
>
> But I'm talking about the option of keeping all my data in one
> place(case) and protecting it.
>
> I'm not trying to reinvent the wheel. The wheel is inherently faulty.
> :-)
>
>> The moment you are in a position to access those other drive(s),
>> so is any virus/etc. If it were simply a matter of "denial" of
>> access to drives, would viri exist at all? Could we not simply
>> assign all file transfers to a ramdrive and deny all traditional
>> physical storage rights?
>
> There is no great technological hurdle in hardware manufacturers
> making systems that give the user total control over the writing
> between drives(without having to power them down), but they will not
> do it.

Perhaps there is no demand for this feature?

>> WinXP should be able to pick up a drive connected to a SCSI IDE
>> controller if it is powered on, from being off, while system
>> stays running, providing your SCSI controller also supports this.
>> In other words, you'd be closing power circuit to drive to use
>> it, then opening circuit again when done. If you can settle for
>> manually flipping a switch, it is relatively easy, or you could
>> go a more complicated route and have software commands to cause a
>> port to drive a relay to do it.
>
> Perhaps in the future one will have the option of "flipping a switch"
> to quarantine specific drives, keeping them from being written to.

Perhaps. Personally I would rate the probability of it occurring on par
with the probability that Santa Claus and the Easter Bunny will have a
boxing match in Madison Square Garden. For the two people in the universe
who percieve this need there are ways to accomplish that objective with
software. If you aren't willing to do what you have to to get there then
you don't have a _need_, you have an idle whim.

> Darren Harris
> Staten Island, New York.

--
--John
Reply to jclarke at ae tee tee global dot net
(was jclarke at eye bee em dot net)
Anonymous
a b B Homebuilt system
a b G Storage
August 12, 2004 3:39:11 PM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

David Maynard <dNOTmayn@ev1.net> wrote in message news:<10hleg79uhg4m4b@corp.supernews.com>...
> Darren Harris wrote:
> > David Maynard <dNOTmayn@ev1.net> wrote in message news:<10hjhs9phn3cg4c@corp.supernews.com>...
> >
> >>Darren Harris wrote:
> >>
> >>>I just need a *simple* way to protect 3 out of 4 drives when not in
> >>>use, and save to them quickly when I have to. So having to create Zip
> >>>drives or getting a server to store my files is not an option. And
> >>>paying $30 for an unproven app(wiht very little comments about it on
> >>>the net) that *might* protect my drives from hacking and viruses
> >>>doesn't seem plausible.
> >>
> >>
> >> > And I don't know how it is possible to get 3
>
> >>>out of four drives to recognize me as an "Administrator" with the one
> >>>single drive allowing full access.
> >>
> >>You don't. He's telling you how do operate the machine so ALL 'drives' are
> >>as protected as they can be. You should not normally be logged on as an
> >>administrator so that any malicious code you run across then has full
> >>administrator rights to run through the system at will.
> >
> >
> > But since as I said, I'll be working with my "C" drive
>
> And what does 'working with' the C drive mean?

?!? I assume you don't understand that the "C" drive is the drive that
I want to isolate the other three from or that it is the one that will
be used when connected to the internet, correct?

> >(and will only
> > occasionally need to copy to the other three), it seems that I won't
> > have the freemdom I need with that drive until I login in as an
> > "Administrator", which of course opens up the other drives to
> > malicious code.
>
> Your 'plan' opens them to malicious code by leaving your C: drive
> completely unprotected, so that it can become infected, and then it infects
> the other drives the instant you 'spin them up'.

How is the "C" drive "completely unprotected", when there are
anti-virus and firewall utilities?

> > It seems that you're talking about an all-or-nothing solution, and I
> > need complete freedom with *one* drive while protecting the others. Or
> > is there sommething I'm not being told?
>
> You're asking for 'complete freedom', why I don't know, for the drive on
> which an infection is most likely since every targeted vulnerability
> resides on it, and the one where it matter most, yet want to be
> 'protected'. Just ain't going to happen.

See my last paragraph.

> >>Then you can change write rights on the 'protected' drives, or anything
> >>else you want 'protected', so that nothing but an administrator has write
> >>rights and since you will not be logged on as administrator no malicious
> >>code can use your rights to alter them.
> >
> >
> > Basically, I'd need for the "C" drive to "see" me as an
> > "Administrator", but not the other three drives. IS that possible?
>
> Yes. Format them NTFS and then mount/dismount them when needed. Or buy
> 'removable' drives and 'unplug' them when not needed. Doesn't really matter
> because whatever vulnerability you're protecting them from will simply
> infect them the moment you activate them.

We've been through this already...

Darren Harris
Staten Island, New York.
Anonymous
a b B Homebuilt system
a b G Storage
August 12, 2004 3:51:19 PM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

> >> The moment you are in a position to access those other drive(s),
> >> so is any virus/etc. If it were simply a matter of "denial" of
> >> access to drives, would viri exist at all? Could we not simply
> >> assign all file transfers to a ramdrive and deny all traditional
> >> physical storage rights?
> >
> > There is no great technological hurdle in hardware manufacturers
> > making systems that give the user total control over the writing
> > between drives(without having to power them down), but they will not
> > do it.
>
> Perhaps there is no demand for this feature?

?!? There would be if it were an option.

> >> WinXP should be able to pick up a drive connected to a SCSI IDE
> >> controller if it is powered on, from being off, while system
> >> stays running, providing your SCSI controller also supports this.
> >> In other words, you'd be closing power circuit to drive to use
> >> it, then opening circuit again when done. If you can settle for
> >> manually flipping a switch, it is relatively easy, or you could
> >> go a more complicated route and have software commands to cause a
> >> port to drive a relay to do it.
> >
> > Perhaps in the future one will have the option of "flipping a switch"
> > to quarantine specific drives, keeping them from being written to.
>
> Perhaps. Personally I would rate the probability of it occurring on par
> with the probability that Santa Claus and the Easter Bunny will have a
> boxing match in Madison Square Garden. For the two people in the universe
> who percieve this need there are ways to accomplish that objective with
> software. If you aren't willing to do what you have to to get there then
> you don't have a _need_, you have an idle whim.

The inability to understand what I've written by *some* of the posters
in this thread is astounding.

I saw a problem. I asked if there a particular solution was possible.
And if so, how to do it. The common concensus *seems* to be that it is
*not* possible. Just because I find certain solutions given to be
impractical for me doesn't mean that I am "willing to do what (I) have
to to get there". It has become obvious that it isn't possible to have
the options I want, and I conveyed that it should be, and gave the
reasons. And I gave the reasons why the "proposed" solutions would not
work for me. That's all.

What's is so difficult to understand?

It's a good thing that inovative minds are not on "lock-down" like
that minds of many here.

Darren Harris
Staten ISland, New York.
Anonymous
a b B Homebuilt system
a b G Storage
August 12, 2004 3:53:49 PM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

"J. Clarke" <jclarke@nospam.invalid> wrote in message news:<cfemfu02l1e@news4.newsguy.com>...
> Darren Harris wrote:
>
> > David Maynard <dNOTmayn@ev1.net> wrote in message
> > news:<10hjhs9phn3cg4c@corp.supernews.com>...
> >> Darren Harris wrote:
> >> > I just need a *simple* way to protect 3 out of 4 drives when not in
> >> > use, and save to them quickly when I have to. So having to create Zip
> >> > drives or getting a server to store my files is not an option. And
> >> > paying $30 for an unproven app(wiht very little comments about it on
> >> > the net) that *might* protect my drives from hacking and viruses
> >> > doesn't seem plausible.
>
> >> > And I don't know how it is possible to get 3
> >> > out of four drives to recognize me as an "Administrator" with the one
> >> > single drive allowing full access.
> >>
> >> You don't. He's telling you how do operate the machine so ALL 'drives'
> >> are as protected as they can be. You should not normally be logged on as
> >> an administrator so that any malicious code you run across then has full
> >> administrator rights to run through the system at will.
> >
> > But since as I said, I'll be working with my "C" drive(and will only
> > occasionally need to copy to the other three), it seems that I won't
> > have the freemdom I need with that drive until I login in as an
> > "Administrator", which of course opens up the other drives to
> > malicious code.
> >
> > It seems that you're talking about an all-or-nothing solution, and I
> > need complete freedom with *one* drive while protecting the others. Or
> > is there sommething I'm not being told?
> >
> >> Then you can change write rights on the 'protected' drives, or anything
> >> else you want 'protected', so that nothing but an administrator has write
> >> rights and since you will not be logged on as administrator no malicious
> >> code can use your rights to alter them.
> >
> > Basically, I'd need for the "C" drive to "see" me as an
> > "Administrator", but not the other three drives. IS that possible?
>
> I'm going to give you a rather extreme suggestion that is quite workable and
> about as secure as you're going to get with a single machine, but not
> particularly simple or cheap. Run your Windows under VirtualPC for OS/2
> with Netware 4.1 for OS/2, accessing your additional drives via Netware.
> All runs on one box, quite reliable, performance is acceptable on modern
> hardware, primary Internet exposure is OS/2 which if not bulletproof (and
> OS/2 fans, I didn't say it wasn't bulletproof, just that even if it isn't)
> is at least uncommon enough to be below the radar for crackers, you have
> Novell's very robust and fine-grained security, you can do your
> administration from a separate Windows session that is set up under IPX/SPX
> and has no Internet access, so you can turn on and off privilege for your
> working session as required, and your working Windows session is isolated
> in the VirtualPC sandbox.
>
> Less extreme, you could run your Windows session under VMWare on a Linux
> box, with your additional drives accessed via SAMBA. Security is not as
> fine-grained as Netware but should be plenty for what you want to do, you
> can enable write access when desired from the Linux console without closing
> Windows or unplugging anything, again Windows is isolated in a
> virtual-machine sandbox, and primary internet exposure is Linux, which
> while not below the radar doesn't have a whole heck of a lot of known
> exploits extant.
>
> Could also do this with VMware or VirtualPC under Windows, running
> "dangerous" activities in the virtual session--this would be more secure
> than running it in your console session but Windows would be exposed on the
> Net, and there are known exploits that require only exposure. Again you'd
> enable or disable write access from the console session.

The cost, learning curve, and relative support make all of this
impractical as far as what I'd like to do.

Thanks.

Darren Harris
Staten Island, New York.
Anonymous
a b B Homebuilt system
a b G Storage
August 12, 2004 4:56:09 PM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

Darren Harris wrote:
>> Yes. Format them NTFS and then mount/dismount them when needed. Or
>> buy 'removable' drives and 'unplug' them when not needed. Doesn't
>> really matter because whatever vulnerability you're protecting them
>> from will simply infect them the moment you activate them.
>
> Nevertheless, if I have a system multiple drives inside it's case, I
> shouldn't have to get "removable drives" in order to quarantine,
> but...
>
> The bottom line is that something that should be simple isn't because
> there is too much money to be made using paid for solutions from that
> hardware and software manufacturers.(Not to mention ITs). :-)

If you *really* want hardware level write-protection of hard drives
you have to look to the forensics industry - see links below...

This stuff isn't cheap though:

"This special Write-Protect version of the ARS7720UW disables the ability to
write to the
connected IDE drive. For auditability of forensic data this is an essential
product."
http://www.verbatim.com.au/products.cfm?productID=ARS77...

"SCSIBLOCK is a 68 Pin SCSI-3 to IDE conversion device that provides full
hardware
write protection to IDE devices while permitting direct connection to any
SCSI-3 bus."
http://www.digitalintel.com/scsiblock.htm

http://www.logicubeforensics.com/products/accessories/d...

http://www.forensicpc.com/products.asp?cat=19

http://www.memstore.se/LEVEL2/PRODUKTER/LEVEL3/FORENSIC...

There are older IDE drives which had a write-protect jumper (I have an
ancient fujitsu
500Mb drive with one), it is/was much more common on SCSI drives though.

IIRC I'm sure I`ve seen this option in the BIOS of a SCSI adaptor as well.

It isn't as simple as cutting a wire on the ribbon....

--
Mike
Anonymous
a b B Homebuilt system
a b G Storage
August 12, 2004 9:19:53 PM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

Darren Harris wrote:

> "J. Clarke" <jclarke@nospam.invalid> wrote in message
> news:<cfemfu02l1e@news4.newsguy.com>...
>> Darren Harris wrote:
>>
>> > David Maynard <dNOTmayn@ev1.net> wrote in message
>> > news:<10hjhs9phn3cg4c@corp.supernews.com>...
>> >> Darren Harris wrote:
>> >> > I just need a *simple* way to protect 3 out of 4 drives when not in
>> >> > use, and save to them quickly when I have to. So having to create
>> >> > Zip drives or getting a server to store my files is not an option.
>> >> > And paying $30 for an unproven app(wiht very little comments about
>> >> > it on the net) that *might* protect my drives from hacking and
>> >> > viruses doesn't seem plausible.
>>
>> >> > And I don't know how it is possible to get 3
>> >> > out of four drives to recognize me as an "Administrator" with the
>> >> > one single drive allowing full access.
>> >>
>> >> You don't. He's telling you how do operate the machine so ALL 'drives'
>> >> are as protected as they can be. You should not normally be logged on
>> >> as an administrator so that any malicious code you run across then has
>> >> full administrator rights to run through the system at will.
>> >
>> > But since as I said, I'll be working with my "C" drive(and will only
>> > occasionally need to copy to the other three), it seems that I won't
>> > have the freemdom I need with that drive until I login in as an
>> > "Administrator", which of course opens up the other drives to
>> > malicious code.
>> >
>> > It seems that you're talking about an all-or-nothing solution, and I
>> > need complete freedom with *one* drive while protecting the others. Or
>> > is there sommething I'm not being told?
>> >
>> >> Then you can change write rights on the 'protected' drives, or
>> >> anything else you want 'protected', so that nothing but an
>> >> administrator has write rights and since you will not be logged on as
>> >> administrator no malicious code can use your rights to alter them.
>> >
>> > Basically, I'd need for the "C" drive to "see" me as an
>> > "Administrator", but not the other three drives. IS that possible?
>>
>> I'm going to give you a rather extreme suggestion that is quite workable
>> and about as secure as you're going to get with a single machine, but not
>> particularly simple or cheap. Run your Windows under VirtualPC for OS/2
>> with Netware 4.1 for OS/2, accessing your additional drives via Netware.
>> All runs on one box, quite reliable, performance is acceptable on modern
>> hardware, primary Internet exposure is OS/2 which if not bulletproof (and
>> OS/2 fans, I didn't say it wasn't bulletproof, just that even if it
>> isn't) is at least uncommon enough to be below the radar for crackers,
>> you have Novell's very robust and fine-grained security, you can do your
>> administration from a separate Windows session that is set up under
>> IPX/SPX and has no Internet access, so you can turn on and off privilege
>> for your working session as required, and your working Windows session is
>> isolated in the VirtualPC sandbox.
>>
>> Less extreme, you could run your Windows session under VMWare on a Linux
>> box, with your additional drives accessed via SAMBA. Security is not as
>> fine-grained as Netware but should be plenty for what you want to do, you
>> can enable write access when desired from the Linux console without
>> closing Windows or unplugging anything, again Windows is isolated in a
>> virtual-machine sandbox, and primary internet exposure is Linux, which
>> while not below the radar doesn't have a whole heck of a lot of known
>> exploits extant.
>>
>> Could also do this with VMware or VirtualPC under Windows, running
>> "dangerous" activities in the virtual session--this would be more secure
>> than running it in your console session but Windows would be exposed on
>> the
>> Net, and there are known exploits that require only exposure. Again
>> you'd enable or disable write access from the console session.
>
> The cost, learning curve, and relative support make all of this
> impractical as far as what I'd like to do.

The cost and learning curve might be an issue. The "relative support" is
minor--once you have OS/2 and Novell up and running they don't need much in
the way of support, they just kind of sit there and work.

Are you looking for a solution for a personal machine or for some other
purpose? If some other purpose if you gave some details someone might be
able to propose a workable solution.

> Thanks.
>
> Darren Harris
> Staten Island, New York.

--
--John
Reply to jclarke at ae tee tee global dot net
(was jclarke at eye bee em dot net)
Anonymous
a b B Homebuilt system
a b G Storage
August 12, 2004 9:23:38 PM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

Darren Harris wrote:

>> >> The moment you are in a position to access those other drive(s),
>> >> so is any virus/etc. If it were simply a matter of "denial" of
>> >> access to drives, would viri exist at all? Could we not simply
>> >> assign all file transfers to a ramdrive and deny all traditional
>> >> physical storage rights?
>> >
>> > There is no great technological hurdle in hardware manufacturers
>> > making systems that give the user total control over the writing
>> > between drives(without having to power them down), but they will not
>> > do it.
>>
>> Perhaps there is no demand for this feature?
>
> ?!? There would be if it were an option.

It was on some drives. The market apparently gave a great big yawn and the
drive manufacturers decided that they had wasted the 2 cents or whatever it
is that the header for the jumper costs and quit providing such a feature.

>> >> WinXP should be able to pick up a drive connected to a SCSI IDE
>> >> controller if it is powered on, from being off, while system
>> >> stays running, providing your SCSI controller also supports this.
>> >> In other words, you'd be closing power circuit to drive to use
>> >> it, then opening circuit again when done. If you can settle for
>> >> manually flipping a switch, it is relatively easy, or you could
>> >> go a more complicated route and have software commands to cause a
>> >> port to drive a relay to do it.
>> >
>> > Perhaps in the future one will have the option of "flipping a switch"
>> > to quarantine specific drives, keeping them from being written to.
>>
>> Perhaps. Personally I would rate the probability of it occurring on par
>> with the probability that Santa Claus and the Easter Bunny will have a
>> boxing match in Madison Square Garden. For the two people in the
>> universe who percieve this need there are ways to accomplish that
>> objective with
>> software. If you aren't willing to do what you have to to get there then
>> you don't have a _need_, you have an idle whim.
>
> The inability to understand what I've written by *some* of the posters
> in this thread is astounding.
>
> I saw a problem. I asked if there a particular solution was possible.
> And if so, how to do it. The common concensus *seems* to be that it is
> *not* possible. Just because I find certain solutions given to be
> impractical for me doesn't mean that I am "willing to do what (I) have
> to to get there".

Of course it doesn't. If you _were_ willing then you would go with one of
the solutions that does not require custom drive firmware.

> It has become obvious that it isn't possible to have
> the options I want, and I conveyed that it should be, and gave the
> reasons. And I gave the reasons why the "proposed" solutions would not
> work for me. That's all.
>
> What's is so difficult to understand?
>
> It's a good thing that inovative minds are not on "lock-down" like
> that minds of many here.

The fact that someone disagrees with you does not mean that his "mind is on
lock-down". It may mean that he has seen the feature you want come and go
in the market without anybody to speak of wanting it.

> Darren Harris
> Staten ISland, New York.

--
--John
Reply to jclarke at ae tee tee global dot net
(was jclarke at eye bee em dot net)
Anonymous
a b B Homebuilt system
a b G Storage
August 13, 2004 6:52:46 AM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

"Alexander Grigoriev" <alegr@earthlink.net> wrote in message news:<%vQSc.18826$9Y6.17221@newsread1.news.pas.earthlink.net>...
> OK, here is a procedure for you:
>
> 1. Assume your drives you want to protect are formatted as NTFS. The example
> goes for a drive E:
> 2. Create an user account, for example "PowerfulMe". It can be a limited
> user, too. Set a password on it.
> 3. Run the following (while logged as an administrator):
>
> cacls E: /g Everyone:r Administrators:f SYSTEM:f PowerfulMe:c
> OWNER_CREATOR:f
>
> 4. When you want to copy files to E: (while logged as a regular user),
> right-click on blue IE icon, select RunAs, enter PowerfulMe and its
> password. Enter e:\ in the address line. Click on [Folders] button. Copy the
> source files to the drive. It's assumed that you gave PowerfulMe
> read-permissions to the source files. When you're done copying, close the
> Explorer window, which runs as PowerfulMe. You can also run copy with a
> command-line script, if you open a command console with Run As.
>
> You can have a separate account with write privileges for each drive, if you
> like.

Since "NTSF", "user accounts", and "command lines" are things I'm not
familiar with, I'll have to do some research. :-)

Thanks.

Darren Harris
Staten Island, New York.
Anonymous
a b B Homebuilt system
a b G Storage
August 13, 2004 6:58:33 AM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

"J. Clarke" <jclarke@nospam.invalid> wrote in message news:<cfgnhn096r@news1.newsguy.com>...
> Darren Harris wrote:
>
> >> >> The moment you are in a position to access those other drive(s),
> >> >> so is any virus/etc. If it were simply a matter of "denial" of
> >> >> access to drives, would viri exist at all? Could we not simply
> >> >> assign all file transfers to a ramdrive and deny all traditional
> >> >> physical storage rights?
> >> >
> >> > There is no great technological hurdle in hardware manufacturers
> >> > making systems that give the user total control over the writing
> >> > between drives(without having to power them down), but they will not
> >> > do it.
> >>
> >> Perhaps there is no demand for this feature?
> >
> > ?!? There would be if it were an option.
>
> It was on some drives. The market apparently gave a great big yawn and the
> drive manufacturers decided that they had wasted the 2 cents or whatever it
> is that the header for the jumper costs and quit providing such a feature.

If this is true, then having toopen ones case and navigate to a drive
to manipulate those jumpers would have been a stupid idea anyway.

> >> >> WinXP should be able to pick up a drive connected to a SCSI IDE
> >> >> controller if it is powered on, from being off, while system
> >> >> stays running, providing your SCSI controller also supports this.
> >> >> In other words, you'd be closing power circuit to drive to use
> >> >> it, then opening circuit again when done. If you can settle for
> >> >> manually flipping a switch, it is relatively easy, or you could
> >> >> go a more complicated route and have software commands to cause a
> >> >> port to drive a relay to do it.
> >> >
> >> > Perhaps in the future one will have the option of "flipping a switch"
> >> > to quarantine specific drives, keeping them from being written to.
> >>
> >> Perhaps. Personally I would rate the probability of it occurring on par
> >> with the probability that Santa Claus and the Easter Bunny will have a
> >> boxing match in Madison Square Garden. For the two people in the
> >> universe who percieve this need there are ways to accomplish that
> >> objective with
> >> software. If you aren't willing to do what you have to to get there then
> >> you don't have a _need_, you have an idle whim.
> >
> > The inability to understand what I've written by *some* of the posters
> > in this thread is astounding.
> >
> > I saw a problem. I asked if there a particular solution was possible.
> > And if so, how to do it. The common concensus *seems* to be that it is
> > *not* possible. Just because I find certain solutions given to be
> > impractical for me doesn't mean that I am "willing to do what (I) have
> > to to get there".
>
> Of course it doesn't. If you _were_ willing then you would go with one of
> the solutions that does not require custom drive firmware.

If I were willing.

> > It has become obvious that it isn't possible to have
> > the options I want, and I conveyed that it should be, and gave the
> > reasons. And I gave the reasons why the "proposed" solutions would not
> > work for me. That's all.
> >
> > What's is so difficult to understand?
> >
> > It's a good thing that inovative minds are not on "lock-down" like
> > that minds of many here.
>
> The fact that someone disagrees with you does not mean that his "mind is on
> lock-down". It may mean that he has seen the feature you want come and go
> in the market without anybody to speak of wanting it.

It has nothing to do with disagreeing with me. It is the inability to
see the obvious facets of what I'm talking about. And what I'm
referring to was definitely never an option in the market place.

Darren Harris
Staten Island New York.
Anonymous
a b B Homebuilt system
a b G Storage
August 13, 2004 7:02:46 AM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

"J. Clarke" <jclarke@nospam.invalid> wrote in message news:<cfgnhm096q@news1.newsguy.com>...
> Darren Harris wrote:
>
> > "J. Clarke" <jclarke@nospam.invalid> wrote in message
> > news:<cfemfu02l1e@news4.newsguy.com>...
> >> Darren Harris wrote:
> >>
> >> > David Maynard <dNOTmayn@ev1.net> wrote in message
> >> > news:<10hjhs9phn3cg4c@corp.supernews.com>...
> >> >> Darren Harris wrote:
> >> >> > I just need a *simple* way to protect 3 out of 4 drives when not in
> >> >> > use, and save to them quickly when I have to. So having to create
> >> >> > Zip drives or getting a server to store my files is not an option.
> >> >> > And paying $30 for an unproven app(wiht very little comments about
> >> >> > it on the net) that *might* protect my drives from hacking and
> >> >> > viruses doesn't seem plausible.
>
> >> >> > And I don't know how it is possible to get 3
> >> >> > out of four drives to recognize me as an "Administrator" with the
> >> >> > one single drive allowing full access.
> >> >>
> >> >> You don't. He's telling you how do operate the machine so ALL 'drives'
> >> >> are as protected as they can be. You should not normally be logged on
> >> >> as an administrator so that any malicious code you run across then has
> >> >> full administrator rights to run through the system at will.
> >> >
> >> > But since as I said, I'll be working with my "C" drive(and will only
> >> > occasionally need to copy to the other three), it seems that I won't
> >> > have the freemdom I need with that drive until I login in as an
> >> > "Administrator", which of course opens up the other drives to
> >> > malicious code.
> >> >
> >> > It seems that you're talking about an all-or-nothing solution, and I
> >> > need complete freedom with *one* drive while protecting the others. Or
> >> > is there sommething I'm not being told?
> >> >
> >> >> Then you can change write rights on the 'protected' drives, or
> >> >> anything else you want 'protected', so that nothing but an
> >> >> administrator has write rights and since you will not be logged on as
> >> >> administrator no malicious code can use your rights to alter them.
> >> >
> >> > Basically, I'd need for the "C" drive to "see" me as an
> >> > "Administrator", but not the other three drives. IS that possible?
> >>
> >> I'm going to give you a rather extreme suggestion that is quite workable
> >> and about as secure as you're going to get with a single machine, but not
> >> particularly simple or cheap. Run your Windows under VirtualPC for OS/2
> >> with Netware 4.1 for OS/2, accessing your additional drives via Netware.
> >> All runs on one box, quite reliable, performance is acceptable on modern
> >> hardware, primary Internet exposure is OS/2 which if not bulletproof (and
> >> OS/2 fans, I didn't say it wasn't bulletproof, just that even if it
> >> isn't) is at least uncommon enough to be below the radar for crackers,
> >> you have Novell's very robust and fine-grained security, you can do your
> >> administration from a separate Windows session that is set up under
> >> IPX/SPX and has no Internet access, so you can turn on and off privilege
> >> for your working session as required, and your working Windows session is
> >> isolated in the VirtualPC sandbox.
> >>
> >> Less extreme, you could run your Windows session under VMWare on a Linux
> >> box, with your additional drives accessed via SAMBA. Security is not as
> >> fine-grained as Netware but should be plenty for what you want to do, you
> >> can enable write access when desired from the Linux console without
> >> closing Windows or unplugging anything, again Windows is isolated in a
> >> virtual-machine sandbox, and primary internet exposure is Linux, which
> >> while not below the radar doesn't have a whole heck of a lot of known
> >> exploits extant.
> >>
> >> Could also do this with VMware or VirtualPC under Windows, running
> >> "dangerous" activities in the virtual session--this would be more secure
> >> than running it in your console session but Windows would be exposed on
> >> the
> >> Net, and there are known exploits that require only exposure. Again
> >> you'd enable or disable write access from the console session.
> >
> > The cost, learning curve, and relative support make all of this
> > impractical as far as what I'd like to do.
>
> The cost and learning curve might be an issue. The "relative support" is
> minor--once you have OS/2 and Novell up and running they don't need much in
> the way of support, they just kind of sit there and work.
>
> Are you looking for a solution for a personal machine or for some other
> purpose? If some other purpose if you gave some details someone might be
> able to propose a workable solution.


Well, it would be my personal machine.

I'd like too point out that I'd be frequently erasing and
re-installing the OS(along with basic software) from one of the
quarantine drives back to the "C" drive.(This would be sort of a
cleansing operation).

Darren Harris
Staten Island, New York.
Anonymous
a b B Homebuilt system
a b G Storage
August 13, 2004 7:18:24 AM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

Darren Harris wrote:

> David Maynard <dNOTmayn@ev1.net> wrote in message news:<10hleg79uhg4m4b@corp.supernews.com>...
>
>>Darren Harris wrote:
>>
>>>David Maynard <dNOTmayn@ev1.net> wrote in message news:<10hjhs9phn3cg4c@corp.supernews.com>...
>>>
>>>
>>>>Darren Harris wrote:
>>>>
>>>>
>>>>>I just need a *simple* way to protect 3 out of 4 drives when not in
>>>>>use, and save to them quickly when I have to. So having to create Zip
>>>>>drives or getting a server to store my files is not an option. And
>>>>>paying $30 for an unproven app(wiht very little comments about it on
>>>>>the net) that *might* protect my drives from hacking and viruses
>>>>>doesn't seem plausible.
>>>>
>>>>
>>>>>And I don't know how it is possible to get 3
>>
>>
>>
>>>>>out of four drives to recognize me as an "Administrator" with the one
>>>>>single drive allowing full access.
>>>>
>>>>You don't. He's telling you how do operate the machine so ALL 'drives' are
>>>>as protected as they can be. You should not normally be logged on as an
>>>>administrator so that any malicious code you run across then has full
>>>>administrator rights to run through the system at will.
>>>
>>>
>>>But since as I said, I'll be working with my "C" drive
>>
>>And what does 'working with' the C drive mean?
>
>
> ?!? I assume you don't understand that the "C" drive is the drive that
> I want to isolate the other three from or that it is the one that will
> be used when connected to the internet, correct?

>>>(and will only
>>>occasionally need to copy to the other three), it seems that I won't
>>>have the freemdom I need with that drive until I login in as an
>>>"Administrator", which of course opens up the other drives to
>>>malicious code.
>>
>>Your 'plan' opens them to malicious code by leaving your C: drive
>>completely unprotected, so that it can become infected, and then it infects
>>the other drives the instant you 'spin them up'.
>
>
> How is the "C" drive "completely unprotected", when there are
> anti-virus and firewall utilities?
>
>
>>>It seems that you're talking about an all-or-nothing solution, and I
>>>need complete freedom with *one* drive while protecting the others. Or
>>>is there sommething I'm not being told?
>>
>>You're asking for 'complete freedom', why I don't know, for the drive on
>>which an infection is most likely since every targeted vulnerability
>>resides on it, and the one where it matter most, yet want to be
>>'protected'. Just ain't going to happen.
>
>
> See my last paragraph.
>
>
>>>>Then you can change write rights on the 'protected' drives, or anything
>>>>else you want 'protected', so that nothing but an administrator has write
>>>>rights and since you will not be logged on as administrator no malicious
>>>>code can use your rights to alter them.
>>>
>>>
>>>Basically, I'd need for the "C" drive to "see" me as an
>>>"Administrator", but not the other three drives. IS that possible?
>>
>>Yes. Format them NTFS and then mount/dismount them when needed. Or buy
>>'removable' drives and 'unplug' them when not needed. Doesn't really matter
>>because whatever vulnerability you're protecting them from will simply
>>infect them the moment you activate them.
>
>
> We've been through this already...

Yes. And since you're obviously not interested in a workable solution but
merely complaining that operating systems don't natively support your
'idea' then there's not really any need to go on about it.

> Darren Harris
> Staten Island, New York.
Anonymous
a b B Homebuilt system
a b G Storage
August 13, 2004 2:32:35 PM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

Darren Harris wrote:

> "J. Clarke" <jclarke@nospam.invalid> wrote in message
> news:<cfgnhn096r@news1.newsguy.com>...
>> Darren Harris wrote:
>>
>> >> >> The moment you are in a position to access those other drive(s),
>> >> >> so is any virus/etc. If it were simply a matter of "denial" of
>> >> >> access to drives, would viri exist at all? Could we not simply
>> >> >> assign all file transfers to a ramdrive and deny all traditional
>> >> >> physical storage rights?
>> >> >
>> >> > There is no great technological hurdle in hardware manufacturers
>> >> > making systems that give the user total control over the writing
>> >> > between drives(without having to power them down), but they will not
>> >> > do it.
>> >>
>> >> Perhaps there is no demand for this feature?
>> >
>> > ?!? There would be if it were an option.
>>
>> It was on some drives. The market apparently gave a great big yawn and
>> the drive manufacturers decided that they had wasted the 2 cents or
>> whatever it is that the header for the jumper costs and quit providing
>> such a feature.
>
> If this is true, then having toopen ones case and navigate to a drive
> to manipulate those jumpers would have been a stupid idea anyway.
>
>> >> >> WinXP should be able to pick up a drive connected to a SCSI IDE
>> >> >> controller if it is powered on, from being off, while system
>> >> >> stays running, providing your SCSI controller also supports this.
>> >> >> In other words, you'd be closing power circuit to drive to use
>> >> >> it, then opening circuit again when done. If you can settle for
>> >> >> manually flipping a switch, it is relatively easy, or you could
>> >> >> go a more complicated route and have software commands to cause a
>> >> >> port to drive a relay to do it.
>> >> >
>> >> > Perhaps in the future one will have the option of "flipping a
>> >> > switch" to quarantine specific drives, keeping them from being
>> >> > written to.
>> >>
>> >> Perhaps. Personally I would rate the probability of it occurring on
>> >> par with the probability that Santa Claus and the Easter Bunny will
>> >> have a
>> >> boxing match in Madison Square Garden. For the two people in the
>> >> universe who percieve this need there are ways to accomplish that
>> >> objective with
>> >> software. If you aren't willing to do what you have to to get there
>> >> then you don't have a _need_, you have an idle whim.
>> >
>> > The inability to understand what I've written by *some* of the posters
>> > in this thread is astounding.
>> >
>> > I saw a problem. I asked if there a particular solution was possible.
>> > And if so, how to do it. The common concensus *seems* to be that it is
>> > *not* possible. Just because I find certain solutions given to be
>> > impractical for me doesn't mean that I am "willing to do what (I) have
>> > to to get there".
>>
>> Of course it doesn't. If you _were_ willing then you would go with one
>> of the solutions that does not require custom drive firmware.
>
> If I were willing.

If you aren't willing to do what you have to do to achieve an objective then
you don't _need_ to achieve that objective.

>> > It has become obvious that it isn't possible to have
>> > the options I want, and I conveyed that it should be, and gave the
>> > reasons. And I gave the reasons why the "proposed" solutions would not
>> > work for me. That's all.
>> >
>> > What's is so difficult to understand?
>> >
>> > It's a good thing that inovative minds are not on "lock-down" like
>> > that minds of many here.
>>
>> The fact that someone disagrees with you does not mean that his "mind is
>> on
>> lock-down". It may mean that he has seen the feature you want come and
>> go in the market without anybody to speak of wanting it.
>
> It has nothing to do with disagreeing with me. It is the inability to
> see the obvious facets of what I'm talking about. And what I'm
> referring to was definitely never an option in the market place.

OK, let me try to explain this clearly.

You want to be able to write-protect disks.

There are two ways to do this--you can do it in such a manner that it is
hardware-controlled or software-controlled.

If you make it hardware-controlled, that means a switch or jumper on the
drive to turn write-enable on or off. Such a feature used to be common on
drives and no longer is due to lack of interest. There are expensive
solutions that achieve the same objective today aimed at the forensics
market, which is a niche too small to make it worthwhile for the drive
manufacturers to re-implement this feature in their drives.

If you make it software controlled, any attack that circumvents your OS
security can also write-enable the drive, unless you put some kind of
elaborate security system in the drive firmware. Absent a clear demand for
a large quantity of drives with such a security system, that's not going to
happen.

All current major operating systems except Windows 9x/ME provide some
mechanism for controlling write-access to the drives. If an exploit
manages to circumvent this mechanism then it will also be able to
circumvent any software-controlled write-enable mechanism on the drives
unless that mechanism has its own independent security enforced by the
drive firmware. So by using the mechanisms in the OS you're going to be
able to protect the drives from unauthorized writes as securely as could be
done with any reasonably simple software-controllable mechanism built into
the drive.

> Darren Harris
> Staten Island New York.

--
--John
Reply to jclarke at ae tee tee global dot net
(was jclarke at eye bee em dot net)
Anonymous
a b B Homebuilt system
a b G Storage
August 13, 2004 8:55:31 PM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

> > If I were willing.
>
> If you aren't willing to do what you have to do to achieve an objective then
> you don't _need_ to achieve that objective.

Well since you don't understand the "objective", you cannot say that.

> OK, let me try to explain this clearly.
>
> You want to be able to write-protect disks.

I want to protect my three disks from malicious code that would come
from my "C" disk which of course would be the "doorway" since it would
have whatever software needed for surfing the internet. I'm told in
this thread that the only way to protect the three disks is to
write-protect them.

> There are two ways to do this--you can do it in such a manner that it is
> hardware-controlled or software-controlled.

I know that.

> If you make it hardware-controlled, that means a switch or jumper on the
> drive to turn write-enable on or off. Such a feature used to be common on
> drives and no longer is due to lack of interest. There are expensive
> solutions that achieve the same objective today aimed at the forensics
> market, which is a niche too small to make it worthwhile for the drive
> manufacturers to re-implement this feature in their drives.

Again, if that was done, then it it obvious why such a feature
wouldn't be popular. Who would want to have to unscrew their case and
navigate to their drives to manipulate a tiny jumper everytime they
had to save something to any of their disks?

> If you make it software controlled, any attack that circumvents your OS
> security can also write-enable the drive, unless you put some kind of
> elaborate security system in the drive firmware. Absent a clear demand for
> a large quantity of drives with such a security system, that's not going to
> happen.

Obviously. And certain people seem to have a problem with me conveying
that the developers/manufacturers have the technology to impliment
something as simple as what I said, but refuse to. To say they are
incapable of doing it, is to say they are extremely stupid.

> All current major operating systems except Windows 9x/ME provide some
> mechanism for controlling write-access to the drives. If an exploit
> manages to circumvent this mechanism then it will also be able to
> circumvent any software-controlled write-enable mechanism on the drives
> unless that mechanism has its own independent security enforced by the
> drive firmware. So by using the mechanisms in the OS you're going to be
> able to protect the drives from unauthorized writes as securely as could be
> done with any reasonably simple software-controllable mechanism built into
> the drive.

And you do't think that an easily accessable switch on the outside of
one's case to control writes to individual drives would be a good idea
if implimented?

As far as controlling drive write via the OS, I was looking for a way
to *easily* and *quickly* turn off/on the write to any of the other
three drives, but again, going by what is said in this thread it
cannot be done. And obviously from what I'm told here powering down
the three drives *easily* and *quickly* to prevent writing to the
drives also cannot be done.

That's it.

Darren Harris
Staten ISland, New York.
Anonymous
a b B Homebuilt system
a b G Storage
August 14, 2004 6:24:38 AM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

Darren Harris wrote:

>> > If I were willing.
>>
>> If you aren't willing to do what you have to do to achieve an objective
>> then you don't _need_ to achieve that objective.
>
> Well since you don't understand the "objective", you cannot say that.
>
>> OK, let me try to explain this clearly.
>>
>> You want to be able to write-protect disks.
>
> I want to protect my three disks from malicious code that would come
> from my "C" disk which of course would be the "doorway" since it would
> have whatever software needed for surfing the internet. I'm told in
> this thread that the only way to protect the three disks is to
> write-protect them.
>
>> There are two ways to do this--you can do it in such a manner that it is
>> hardware-controlled or software-controlled.
>
> I know that.
>
>> If you make it hardware-controlled, that means a switch or jumper on the
>> drive to turn write-enable on or off. Such a feature used to be common
>> on
>> drives and no longer is due to lack of interest. There are expensive
>> solutions that achieve the same objective today aimed at the forensics
>> market, which is a niche too small to make it worthwhile for the drive
>> manufacturers to re-implement this feature in their drives.
>
> Again, if that was done, then it it obvious why such a feature
> wouldn't be popular. Who would want to have to unscrew their case and
> navigate to their drives to manipulate a tiny jumper everytime they
> had to save something to any of their disks?

I believe that I pointed out earlier that it is very easy to attach a switch
to the pins on which the jumper is normally installed and put that switch
outside the computer case. If not, then I am pointing this out again.

>> If you make it software controlled, any attack that circumvents your OS
>> security can also write-enable the drive, unless you put some kind of
>> elaborate security system in the drive firmware. Absent a clear demand
>> for a large quantity of drives with such a security system, that's not
>> going to happen.
>
> Obviously. And certain people seem to have a problem with me conveying
> that the developers/manufacturers have the technology to impliment
> something as simple as what I said, but refuse to. To say they are
> incapable of doing it, is to say they are extremely stupid.

If in fact they have that technology please be kind enough to describe it in
detail.

>> All current major operating systems except Windows 9x/ME provide some
>> mechanism for controlling write-access to the drives. If an exploit
>> manages to circumvent this mechanism then it will also be able to
>> circumvent any software-controlled write-enable mechanism on the drives
>> unless that mechanism has its own independent security enforced by the
>> drive firmware. So by using the mechanisms in the OS you're going to be
>> able to protect the drives from unauthorized writes as securely as could
>> be done with any reasonably simple software-controllable mechanism built
>> into the drive.
>
> And you do't think that an easily accessable switch on the outside of
> one's case to control writes to individual drives would be a good idea
> if implimented?

Again, that feature _was_ implemented and nobody wanted it.

> As far as controlling drive write via the OS, I was looking for a way
> to *easily* and *quickly* turn off/on the write to any of the other
> three drives, but again, going by what is said in this thread it
> cannot be done. And obviously from what I'm told here powering down
> the three drives *easily* and *quickly* to prevent writing to the
> drives also cannot be done.
>
> That's it.
>
> Darren Harris
> Staten ISland, New York.

--
--John
Reply to jclarke at ae tee tee global dot net
(was jclarke at eye bee em dot net)
Anonymous
a b B Homebuilt system
a b G Storage
August 14, 2004 6:50:49 AM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

> > Me either. I never said anything about "a third of the OS missing"
> > from the "C" drive.
>
> Neither did I.

Yes you did. Anyone can look and see that that is your exact quote. In
fact here is the entire paragraph:
"I have no idea what you mean by 'unable' to 'use' your 'other drives'
but
if you mean the system not operating with a third of the OS missing
from,
as you put it, the C: drive going down then that is a big "well, Duh."
Not
to mention I can't figure out what the heck that has to do with
'quarantining' drives."

> You said "the OS on all three drives" followed by "if my "C" drive went
> down." If 'the OS' is "on all three drives" and one of them goes down, you
> said the "C" drive, then that portion of the OS is now 'missing' because
> the damn drive it's located on isn't operating.

Your massive incomprehension is unbelieveable. *You* asked, "And just
how are you going to automagically, and instantly, transfer the
operating system to something else so it runs when you 'shutdown' the
C: drive?"

And I attempted to convey that *my first system* had the OS on all
three drives. So obviously the idea is that there would be a complete
copy of the OS on each of the four hard drives in the *new* system I
want to build. Now why would anyone want to stripe an OS across
multiple hard drives? I went on to say, "But thanks to the way
software is written, if my "C" drive went down, I still wouldn't be
able to use my other drives without major changes to my system first."
Which means that an entire copy of the OS on *each* of the drives
still wouldn't help me.

Now why is this so difficult for you to understand???

> Like I said, you're not interested in solving any 'problem' but in just
> complaining.

I've come to the conclusion that what I want to do cannot be done. It
is you who are instigating.

> >>>>If you're going to operate it as if it were 'two' machines, one with the
> >>>>'internet' infected files that never talk to the 'safe' drives, and the
> >>>>'safe' drives that never talk to the nasty infected one, then simply dual
> >>>>boot the thing with the opposing drives dismounted and removed from the other.
> >>>
> >>>
> >>>Again, you are missing the point. Re-read the above posts. You're
> >>>repeating what has already been said. And it's not in line with my
> >>>goal.(Achievable or not).
> >>>
> >>>
> >>>
> >>>>>Nevertheless, if I have a system multiple drives inside it's case, I
> >>>>>shouldn't have to get "removable drives" in order to quarantine,
> >>>>>but...
> >>>>
> >>>>And why not? Because you don't like the 'name'?
> >>>
> >>>
> >>>That made no sense whatsoever. Again, re-read the above posts. I
> >>>already gave the reasons why that wasn't an option.
> >>>
> >>>
> >>>
> >>>>You presume there is some useful purpose to 'quarantining' hard drives but
> >>>>there isn't; which answers your question of why they don't already do it.
> >>>
> >>>
> >>>You are incorrect. The reasons are amazingly obvious, and have already
> >>>been mentioned here.
> >>>
> >>>
> >>>
> >>>>>The bottom line is that something that should be simple isn't because
> >>>>>there is too much money to be made using paid for solutions from that
> >>>>>hardware and software manufacturers.(Not to mention ITs). :-)
> >>>>
> >>>>No, the bottom line is that your proposed 'solution' does not solve the
> >>>>problem you base it on any better than the solutions already available.
> >>>
> >>>
> >>>Sigh... Wrong. THis isn't about a "proposed solution". I indicated
> >>>what I wanted to do and why.(Re-read the post that started this
> >>>thread). The posters in this thread only had to say it is *not*
> >>>possible.
> >>>
> >>>ie: "One cannot "quarantine" three drives from a fourth, or change
> >>>write options on the fly." I've come to this conclusion myself based
> >>>on what was said.
> >>
> >>I did read your originals and don't recall this new 'criteria' about the OS
> >>spread over three drives, which would make 'quarantining' them rather
> >>unworkable to begin with.
> >
> >
> > Again, I never said anything about the "OS spread over three drives.
>
> The exact quote from your own text, still up there, is "the OS on all three
> drives."
>
> I suppose that's another example of how 'clearly' you've explained everything.

How can you possible believe you can get away with false info when the
evidence is up there as you say. Anyone can read the posts. The key
word is "spread", which *you* said. Not me. And again I was referring
to a previous system("my first system") I had, and a copy of the OS on
each of it's three drives. But of course that could not have possibly
occurred to you, because it was logical.

> >>Frankly, I think you just want to 'complain' that operating systems aren't
> >>made the way you think they should be and are artificially manufacturing
> >>'requirements' to suit your preconceived 'solution' rather than seeking
> >>workable ones. But since you've decided 'it' is, whatever 'it' is now,
> >>impossible I'll leave it at that.
> >
> >
> > I hope so. Since you have completely failed to understand what I've
> > said.
>
> No, it's because you failed to explain anything with any clarity; instead
> using such 'clear as mud' generalities as "work with" and "the OS on three
> drives."

The problem is your inability to comprehend what everyone else can.

Darren Harris
Staten Island, New York.
Anonymous
a b B Homebuilt system
a b G Storage
August 14, 2004 9:38:36 AM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

> Yes. And since you're obviously not interested in a workable solution but
> merely complaining that operating systems don't natively support your
> 'idea' then there's not really any need to go on about it.

I'm the one who decides what is or isn't a "workable solution" for me. Not you.
Who are you to get angry and rant just because I will not use any idea that
*you* consider "workable"? If you want to do it that way, then fine. That is
your perogative. I also merely pointed out thatwhat I envision can be done if
the manufacturers really wanted to do it. And If you want to disagree with that
too, then fine.

Darren Harris
Staten Island, New York.
Anonymous
a b B Homebuilt system
a b G Storage
August 14, 2004 9:44:51 AM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

> > Again, if that was done, then it it obvious why such a feature
> > wouldn't be popular. Who would want to have to unscrew their case and
> > navigate to their drives to manipulate a tiny jumper everytime they
> > had to save something to any of their disks?
>
> I believe that I pointed out earlier that it is very easy to attach a switch
> to the pins on which the jumper is normally installed and put that switch
> outside the computer case. If not, then I am pointing this out again.

No, you didn't say that before.

> >> If you make it software controlled, any attack that circumvents your OS
> >> security can also write-enable the drive, unless you put some kind of
> >> elaborate security system in the drive firmware. Absent a clear demand
> >> for a large quantity of drives with such a security system, that's not
> >> going to happen.
> >
> > Obviously. And certain people seem to have a problem with me conveying
> > that the developers/manufacturers have the technology to impliment
> > something as simple as what I said, but refuse to. To say they are
> > incapable of doing it, is to say they are extremely stupid.
>
> If in fact they have that technology please be kind enough to describe it in
> detail.

That would only give cause to continue a useless argument. But
obviously in involves present day technology. I already said that
there are no technological hurdles to overcome. Nevertheless, you
already said that it was done, so why ask?

> >> All current major operating systems except Windows 9x/ME provide some
> >> mechanism for controlling write-access to the drives. If an exploit
> >> manages to circumvent this mechanism then it will also be able to
> >> circumvent any software-controlled write-enable mechanism on the drives
> >> unless that mechanism has its own independent security enforced by the
> >> drive firmware. So by using the mechanisms in the OS you're going to be
> >> able to protect the drives from unauthorized writes as securely as could
> >> be done with any reasonably simple software-controllable mechanism built
> >> into the drive.
> >
> > And you do't think that an easily accessable switch on the outside of
> > one's case to control writes to individual drives would be a good idea
> > if implimented?
>
> Again, that feature _was_ implemented and nobody wanted it.

Again, there would be no readon for me to describe it then. But since
you said it was implemented, would you be kind enough to describe that
technology in detail? Hmmmmm?

Darren Harris
Staten Island, New York.
Anonymous
a b B Homebuilt system
a b G Storage
August 14, 2004 11:05:20 AM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

Darren Harris wrote:

>>>Me either. I never said anything about "a third of the OS missing"
>>>from the "C" drive.
>>
>>Neither did I.
>
> Yes you did. Anyone can look and see that that is your exact quote. In
> fact here is the entire paragraph:
> "I have no idea what you mean by 'unable' to 'use' your 'other drives'
> but
> if you mean the system not operating with a third of the OS missing
> from,
> as you put it, the C: drive going down then that is a big "well, Duh."
> Not
> to mention I can't figure out what the heck that has to do with
> 'quarantining' drives."

Reading comprehension isn't your strong suit, I see.

I said "a third of the OS missing from, as you put it,"
----> "the C: drive going down" <----
NOT "the C: drive" as you claimed.



>>You said "the OS on all three drives" followed by "if my "C" drive went
>>down." If 'the OS' is "on all three drives" and one of them goes down, you
>>said the "C" drive, then that portion of the OS is now 'missing' because
>>the damn drive it's located on isn't operating.
>
>
> Your massive incomprehension is unbelieveable. *You* asked, "And just
> how are you going to automagically, and instantly, transfer the
> operating system to something else so it runs when you 'shutdown' the
> C: drive?"

Not a surprising 'opinion' coming from someone who can't read nor type with
any clarity.

> And I attempted to convey that *my first system* had the OS on all
> three drives.

Yes. And the word "the" is singular, as in one: I.E. "the O.S." The first
impression for "the O.S." 'on three drives' is "the O.S." 'spread' across
them, not 3 bloody COPIES of the silly thing as you now seem to indicate.
Why anyone would want 3 COPIES on three drives is another mystery you leave
unanswered.

> So obviously the idea is that there would be a complete
> copy of the OS on each of the four hard drives in the *new* system I
> want to build.

And what is so 'obvious' about someone being nutty enough to want 4
"complete" COPIES of their OS on 4 drives?

> Now why would anyone want to stripe an OS across
> multiple hard drives?

You apparently don't know about RAID. Why? Speed, fault tolerance. Depends
on how much of each you want and how much you're willing to spend to get it.

And it's a hell of a lot more common that someone keeping '3 copies on 3
hard drives'.

> I went on to say, "But thanks to the way
> software is written, if my "C" drive went down, I still wouldn't be
> able to use my other drives without major changes to my system first."
> Which means that an entire copy of the OS on *each* of the drives
> still wouldn't help me.

Well, it might if it were installed on each; you could simply boot from the
alternate. But then no one knows what the heck YOU mean by a 'copy' ('copy'
of the CD? Copy of just the install files? a 'copy' of the files as
installed on C:? an INSTALLED to THAT drive 'copy'?), nor why you had 3
copies on 3 drives in your previous system, nor what the heck you mean by
(would or wouldn't) 'help me' (do WHAT? boot? clean C:? repair C:? recover
data from C:? or lord knows.).

> Now why is this so difficult for you to understand???

Because you talk in generic riddles, adding information only when you want
to shoot down something (and you've shot down every suggestion from every
poster in the group who was trying to help you) and, even then, not
explaining enough of it to know what the hell you're trying to do or why.

>>Like I said, you're not interested in solving any 'problem' but in just
>>complaining.
>
>
> I've come to the conclusion that what I want to do cannot be done. It
> is you who are instigating.

The case is that your proposed 'solution' for whatever it is you're
actually trying to accomplish but which, for some bizarre reason, you seem
compelled to keep as friggin secret and unexplained as possible, is not
commonly available.

Whether what you're actually "trying to do," whatever the hell it is, could
be done or not is an unanswerable question given the current lack of any
sensible information about it.

>>>>>>If you're going to operate it as if it were 'two' machines, one with the
>>>>>>'internet' infected files that never talk to the 'safe' drives, and the
>>>>>>'safe' drives that never talk to the nasty infected one, then simply dual
>>>>>>boot the thing with the opposing drives dismounted and removed from the other.
>>>>>
>>>>>
>>>>>Again, you are missing the point. Re-read the above posts. You're
>>>>>repeating what has already been said. And it's not in line with my
>>>>>goal.(Achievable or not).
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>>Nevertheless, if I have a system multiple drives inside it's case, I
>>>>>>>shouldn't have to get "removable drives" in order to quarantine,
>>>>>>>but...
>>>>>>
>>>>>>And why not? Because you don't like the 'name'?
>>>>>
>>>>>
>>>>>That made no sense whatsoever. Again, re-read the above posts. I
>>>>>already gave the reasons why that wasn't an option.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>You presume there is some useful purpose to 'quarantining' hard drives but
>>>>>>there isn't; which answers your question of why they don't already do it.
>>>>>
>>>>>
>>>>>You are incorrect. The reasons are amazingly obvious, and have already
>>>>>been mentioned here.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>>The bottom line is that something that should be simple isn't because
>>>>>>>there is too much money to be made using paid for solutions from that
>>>>>>>hardware and software manufacturers.(Not to mention ITs). :-)
>>>>>>
>>>>>>No, the bottom line is that your proposed 'solution' does not solve the
>>>>>>problem you base it on any better than the solutions already available.
>>>>>
>>>>>
>>>>>Sigh... Wrong. THis isn't about a "proposed solution". I indicated
>>>>>what I wanted to do and why.(Re-read the post that started this
>>>>>thread). The posters in this thread only had to say it is *not*
>>>>>possible.
>>>>>
>>>>>ie: "One cannot "quarantine" three drives from a fourth, or change
>>>>>write options on the fly." I've come to this conclusion myself based
>>>>>on what was said.
>>>>
>>>>I did read your originals and don't recall this new 'criteria' about the OS
>>>>spread over three drives, which would make 'quarantining' them rather
>>>>unworkable to begin with.
>>>
>>>
>>>Again, I never said anything about the "OS spread over three drives.
>>
>>The exact quote from your own text, still up there, is "the OS on all three
>>drives."
>>
>>I suppose that's another example of how 'clearly' you've explained everything.
>
>
> How can you possible believe you can get away with false info when the
> evidence is up there as you say. Anyone can read the posts. The key
> word is "spread", which *you* said. Not me. And again I was referring
> to a previous system("my first system") I had, and a copy of the OS on
> each of it's three drives. But of course that could not have possibly
> occurred to you, because it was logical.

It didn't occur to me because it's nonsensical.

>>>>Frankly, I think you just want to 'complain' that operating systems aren't
>>>>made the way you think they should be and are artificially manufacturing
>>>>'requirements' to suit your preconceived 'solution' rather than seeking
>>>>workable ones. But since you've decided 'it' is, whatever 'it' is now,
>>>>impossible I'll leave it at that.
>>>
>>>
>>>I hope so. Since you have completely failed to understand what I've
>>>said.
>>
>>No, it's because you failed to explain anything with any clarity; instead
>>using such 'clear as mud' generalities as "work with" and "the OS on three
>>drives."
>
>
> The problem is your inability to comprehend what everyone else can.

<chuckle> Yes, I've read the 'understanding' of the others and they've all
given up trying to make sense of what you're posting too.
Anonymous
a b B Homebuilt system
a b G Storage
August 14, 2004 2:30:14 PM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

Darren Harris wrote:

>> > Again, if that was done, then it it obvious why such a feature
>> > wouldn't be popular. Who would want to have to unscrew their case and
>> > navigate to their drives to manipulate a tiny jumper everytime they
>> > had to save something to any of their disks?
>>
>> I believe that I pointed out earlier that it is very easy to attach a
>> switch to the pins on which the jumper is normally installed and put that
>> switch
>> outside the computer case. If not, then I am pointing this out again.
>
> No, you didn't say that before.
>
>> >> If you make it software controlled, any attack that circumvents your
>> >> OS security can also write-enable the drive, unless you put some kind
>> >> of
>> >> elaborate security system in the drive firmware. Absent a clear
>> >> demand for a large quantity of drives with such a security system,
>> >> that's not going to happen.
>> >
>> > Obviously. And certain people seem to have a problem with me conveying
>> > that the developers/manufacturers have the technology to impliment
>> > something as simple as what I said, but refuse to. To say they are
>> > incapable of doing it, is to say they are extremely stupid.
>>
>> If in fact they have that technology please be kind enough to describe it
>> in detail.
>
> That would only give cause to continue a useless argument. But
> obviously in involves present day technology. I already said that
> there are no technological hurdles to overcome. Nevertheless, you
> already said that it was done, so why ask?
>
>> >> All current major operating systems except Windows 9x/ME provide some
>> >> mechanism for controlling write-access to the drives. If an exploit
>> >> manages to circumvent this mechanism then it will also be able to
>> >> circumvent any software-controlled write-enable mechanism on the
>> >> drives unless that mechanism has its own independent security enforced
>> >> by the
>> >> drive firmware. So by using the mechanisms in the OS you're going to
>> >> be able to protect the drives from unauthorized writes as securely as
>> >> could be done with any reasonably simple software-controllable
>> >> mechanism built into the drive.
>> >
>> > And you do't think that an easily accessable switch on the outside of
>> > one's case to control writes to individual drives would be a good idea
>> > if implimented?
>>
>> Again, that feature _was_ implemented and nobody wanted it.
>
> Again, there would be no readon for me to describe it then. But since
> you said it was implemented, would you be kind enough to describe that
> technology in detail? Hmmmmm?

Set the jumper, the write line is disconnected. Or set the jumper, the
onboard processor ignores any write commands. I suspect that both
approaches were used at different times.

It's easy to say "the industry knows how to do this". That doesn't get the
job done. In 1940 the statement that "American scientists know how to make
an atomic bomb" was true. But getting from theory to product took one of
the largest engineering development programs in history. In 1960 the
statement that "American scientists know how to put a man on the Moon" was
true. Getting from theory to footprints was another huge engineering
program.

Write protecting drives is not so difficult an engineering challenge, but if
you don't have any idea how it would be accomplished then you should not
expect claims such as "the developers/manufacturers have the technology to
impliment something as simple as what I said, but refuse to" to go
unchallenged.

But getting back to the original point, there is not enough market for this
to make it worthwhile for the drive manufacturers to continue to implement
it, so it's not going to happen.

You might find <http://www.ojp.usdoj.gov/nij/sciencetech/cftt.htm&gt; to be of
interest. Given the price of those devices, if there is a real mass-market
for this capability, seems to me that you could make yourself rich by
coming out with a hardware write blocker for, say, $50 instead of $500.


>
> Darren Harris
> Staten Island, New York.

--
--John
Reply to jclarke at ae tee tee global dot net
(was jclarke at eye bee em dot net)
Anonymous
a b B Homebuilt system
a b G Storage
August 14, 2004 11:05:56 PM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

> >>>Me either. I never said anything about "a third of the OS missing"
> >>>from the "C" drive.
> >>
> >>Neither did I.
> >
> > Yes you did. Anyone can look and see that that is your exact quote. In
> > fact here is the entire paragraph:
> > "I have no idea what you mean by 'unable' to 'use' your 'other drives'
> > but
> > if you mean the system not operating with a third of the OS missing
> > from,
> > as you put it, the C: drive going down then that is a big "well, Duh."
> > Not
> > to mention I can't figure out what the heck that has to do with
> > 'quarantining' drives."
>
> Reading comprehension isn't your strong suit, I see.
>
> I said "a third of the OS missing from, as you put it,"
> ----> "the C: drive going down" <----
> NOT "the C: drive" as you claimed.

Are really that dense? I know what you said. I reposted that quote
didn't I? I'm looking at where you placed your quotation marks and I
have no idea what argument you are trying to conjure up this time in
your head. Are you on medication? I only quoted exactly what you said.
That means LOOK IN BETWEEN THE QUOTATION MARKS. Anything else would be
*my* words.

> >>You said "the OS on all three drives" followed by "if my "C" drive went
> >>down." If 'the OS' is "on all three drives" and one of them goes down, you
> >>said the "C" drive, then that portion of the OS is now 'missing' because
> >>the damn drive it's located on isn't operating.
> >
> >
> > Your massive incomprehension is unbelieveable. *You* asked, "And just
> > how are you going to automagically, and instantly, transfer the
> > operating system to something else so it runs when you 'shutdown' the
> > C: drive?"
>
> Not a surprising 'opinion' coming from someone who can't read nor type with
> any clarity.

Everyone else understands but you. So if it is not clear then
obviously you are the problem.

> > And I attempted to convey that *my first system* had the OS on all
> > three drives.
>
> Yes. And the word "the" is singular, as in one: I.E. "the O.S." The first
> impression for "the O.S." 'on three drives' is "the O.S." 'spread' across
> them, not 3 bloody COPIES of the silly thing as you now seem to indicate.
> Why anyone would want 3 COPIES on three drives is another mystery you leave
> unanswered.

That's right. Like you said "the O.S." means one operating system.
You're the only one who would be dense enough not to understand that
one operating system can be copied to three different drives. If I
said I had the O.S. on three computers you would still be dense enough
to find an issue, when everyone else would easy understand. Again,
*you* are the problem.Even I know that when an app is spread across
multiple drives, "spread across" and "stripping" are the phrases/terms
used. But I never used those words.

> > So obviously the idea is that there would be a complete
> > copy of the OS on each of the four hard drives in the *new* system I
> > want to build.
>
> And what is so 'obvious' about someone being nutty enough to want 4
> "complete" COPIES of their OS on 4 drives?

Honestly, this is like arguing with a mentally handicapped individual,
but since I have nothing else to do...

I'm sure it never occurred to you that if for some reason I wanted to
boot from a different drive, it would have to have an OS on it, right?
And an O.S. on all my drives would give me the option of booting from
any one of the three drives left if for example my "C" drive went
down, right? Now read that again several more times before you find
issue with it.

> > Now why would anyone want to stripe an OS across
> > multiple hard drives?
>
> You apparently don't know about RAID. Why? Speed, fault tolerance. Depends
> on how much of each you want and how much you're willing to spend to get it.

There are many apps one can stripe across hard drives for speed
reasons. But it is not a good idea to do that with an OS, for reason
anyone with half a brain can figure out. More importantly, you
yourself already gave the reason why stripping your OS across hard
drives is a bad idea? The follow are your words: "...but if you mean
the system not operating with a third of the OS missing from, as you
put it, the C: drive going down then that is a big "well, Duh.""

Duh, is right.

> And it's a hell of a lot more common that someone keeping '3 copies on 3
> hard drives'.

Sigh...

> > I went on to say, "But thanks to the way
> > software is written, if my "C" drive went down, I still wouldn't be
> > able to use my other drives without major changes to my system first."
> > Which means that an entire copy of the OS on *each* of the drives
> > still wouldn't help me.
>
> Well, it might if it were installed on each; you could simply boot from the
> alternate. But then no one knows what the heck YOU mean by a 'copy' ('copy'
> of the CD? Copy of just the install files? a 'copy' of the files as
> installed on C:? an INSTALLED to THAT drive 'copy'?), nor why you had 3
> copies on 3 drives in your previous system, nor what the heck you mean by
> (would or wouldn't) 'help me' (do WHAT? boot? clean C:? repair C:? recover
> data from C:? or lord knows.).

The sheer stupidity of everything you said in that paragraph is just
more proof that you just feel like finding issue with everything said,
but at this point you are starting to look extremely retarded.

> > Now why is this so difficult for you to understand???
>
> Because you talk in generic riddles, adding information only when you want
> to shoot down something (and you've shot down every suggestion from every
> poster in the group who was trying to help you) and, even then, not
> explaining enough of it to know what the hell you're trying to do or why.

You cannot comprehend what a novice would understand and then blame me
for not being clear enough for you. There is a reason that no one else
is asking the questions you are asking. They are probably laughing at
this point.

> >>Like I said, you're not interested in solving any 'problem' but in just
> >>complaining.
> >
> >
> > I've come to the conclusion that what I want to do cannot be done. It
> > is you who are instigating.
>
> The case is that your proposed 'solution' for whatever it is you're
> actually trying to accomplish but which, for some bizarre reason, you seem
> compelled to keep as friggin secret and unexplained as possible, is not
> commonly available.

How would you know when you can't comprehend what I'm trying to
accomplish?

> Whether what you're actually "trying to do," whatever the hell it is, could
> be done or not is an unanswerable question given the current lack of any
> sensible information about it.

I already have the answer. The rest of this thread is garbage.

> > How can you possible believe you can get away with false info when the
> > evidence is up there as you say. Anyone can read the posts. The key
> > word is "spread", which *you* said. Not me. And again I was referring
> > to a previous system("my first system") I had, and a copy of the OS on
> > each of it's three drives. But of course that could not have possibly
> > occurred to you, because it was logical.
>
> It didn't occur to me because it's nonsensical.

To you...

> > The problem is your inability to comprehend what everyone else can.
>
> <chuckle> Yes, I've read the 'understanding' of the others and they've all
> given up trying to make sense of what you're posting too.

Actually they have understood and posted their answers. You on the
other hand...

Darren Harris
Staten Island, New York.
Anonymous
a b B Homebuilt system
a b G Storage
August 14, 2004 11:12:57 PM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

Darren Harris wrote:
>>Yes. And since you're obviously not interested in a workable solution but
>>merely complaining that operating systems don't natively support your
>>'idea' then there's not really any need to go on about it.
>
>
> I'm the one who decides what is or isn't a "workable solution" for me. Not you.
> Who are you to get angry and rant just because I will not use any idea that
> *you* consider "workable"? If you want to do it that way, then fine. That is
> your perogative. I also merely pointed out thatwhat I envision can be done if
> the manufacturers really wanted to do it. And If you want to disagree with that
> too, then fine.
>
> Darren Harris
> Staten Island, New York.

I did not claim to 'decide' what 'idea' is, or is not, a workable solution
"for you." What I said was it's clear you're not seeking one because you go
out of your way to NOT explain what you're trying to accomplish and,
instead, insist that your 'solution' is not only the 'right way' but the
'only way' of accomplishing whatever the hell the 'job' is and that 'the
industry' is stupid, or conspiratorial, for not providing the 'solution'
you've dreamed up.

The fact of the matter is, based on what meager hints you've provided as to
the nature of the supposed 'problem', your 'solution' does not solve it and
'the industry' does not provide such a thing, except for perhaps
specialized applications unrelated to your situation, because there are
superior solutions already available.

But you have shown to not be interested in hearing the flaws in it,
alternate solutions, or anything else; instead insisting the only issue is
"can it [your idea] be done," which is why I say you are apparently not
really interested in a 'solution' to 'the problem'.
Anonymous
a b B Homebuilt system
a b G Storage
August 14, 2004 11:37:53 PM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

> >> > And you do't think that an easily accessable switch on the outside of
> >> > one's case to control writes to individual drives would be a good idea
> >> > if implimented?
> >>
> >> Again, that feature _was_ implemented and nobody wanted it.
> >
> > Again, there would be no readon for me to describe it then. But since
> > you said it was implemented, would you be kind enough to describe that
> > technology in detail? Hmmmmm?
>
> Set the jumper, the write line is disconnected. Or set the jumper, the
> onboard processor ignores any write commands. I suspect that both
> approaches were used at different times.

That isn't what I said. Can you tell me what era PCs had a switch on
the outside of the case that allowed one to turn off/on write?

> It's easy to say "the industry knows how to do this". That doesn't get the
> job done. In 1940 the statement that "American scientists know how to make
> an atomic bomb" was true. But getting from theory to product took one of
> the largest engineering development programs in history. In 1960 the
> statement that "American scientists know how to put a man on the Moon" was
> true. Getting from theory to footprints was another huge engineering
> program.

?!? In 1940 America did *not* know how to make an atomic bomb. In 1960
America did *not* know how to put a man on the moon. The basic
theories and procedures were known, but a lot of ground work still had
to be done.

> Write protecting drives is not so difficult an engineering challenge, but if
> you don't have any idea how it would be accomplished then you should not
> expect claims such as "the developers/manufacturers have the technology to
> impliment something as simple as what I said, but refuse to" to go
> unchallenged.

The basics are so well know that such a challenge would be weak. How
deeply would I need to explain the theory of turning off/on writes to
a drive and routing control of same to a switch bank that is easily
accessible *outside* of the PC case? There would be no oprning up of
the case or swapping drives between bays just to turn off the write.
I'm merely *attempting* to convey that it would take little for the
manufacturers to implement this.

> But getting back to the original point, there is not enough market for this
> to make it worthwhile for the drive manufacturers to continue to implement
> it, so it's not going to happen.

It's all about the bottom line. Malicious code makes a lot of money
for a lot of people in the software and hardware sectors. So why
promote an easier and cheaper way to fight viruses and hackers?

> You might find <http://www.ojp.usdoj.gov/nij/sciencetech/cftt.htm&gt; to be of
> interest. Given the price of those devices, if there is a real mass-market
> for this capability, seems to me that you could make yourself rich by
> coming out with a hardware write blocker for, say, $50 instead of $500.

Would you buy a Grey Hound bus just to take yourself to work?

Darren Harris
Staten Island, New York.
Anonymous
a b B Homebuilt system
a b G Storage
August 15, 2004 2:26:09 AM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

Darren Harris wrote:

>>>>>Me either. I never said anything about "a third of the OS missing"
>>>>
>>>>>from the "C" drive.
>>>>
>>>>Neither did I.
>>>
>>>Yes you did. Anyone can look and see that that is your exact quote. In
>>>fact here is the entire paragraph:
>>>"I have no idea what you mean by 'unable' to 'use' your 'other drives'
>>>but
>>>if you mean the system not operating with a third of the OS missing
>>>from,
>>>as you put it, the C: drive going down then that is a big "well, Duh."
>>>Not
>>>to mention I can't figure out what the heck that has to do with
>>>'quarantining' drives."
>>
>>Reading comprehension isn't your strong suit, I see.
>>
>>I said "a third of the OS missing from, as you put it,"
>>----> "the C: drive going down" <----
>>NOT "the C: drive" as you claimed.
>
>
> Are really that dense? I know what you said.

Obviously not.

> I reposted that quote
> didn't I?

Yes, you did. And quite well too. Now, if you were only able to read and
comprehend it we'd have no problem.

> I'm looking at where you placed your quotation marks and I
> have no idea what argument you are trying to conjure up this time in
> your head. Are you on medication? I only quoted exactly what you said.
> That means LOOK IN BETWEEN THE QUOTATION MARKS. Anything else would be
> *my* words.

Listen very carefully. I said a third of the O.S. would be 'missing' (I.E.
not available, inaccessible.) since, if the C: drive isn't working (your
criteria of "the C: drive going down"), the files on the C: drive would not
be accessible. NOT that the files would be "missing from the C: drive."

That was based on your description of, somehow, having 'the O.S. on three
drives', and not RAIDed or else you'd have said RAIDed.

>>>>You said "the OS on all three drives" followed by "if my "C" drive went
>>>>down." If 'the OS' is "on all three drives" and one of them goes down, you
>>>>said the "C" drive, then that portion of the OS is now 'missing' because
>>>>the damn drive it's located on isn't operating.
>>>
>>>
>>>Your massive incomprehension is unbelieveable. *You* asked, "And just
>>>how are you going to automagically, and instantly, transfer the
>>>operating system to something else so it runs when you 'shutdown' the
>>>C: drive?"
>>
>>Not a surprising 'opinion' coming from someone who can't read nor type with
>>any clarity.
>
> Everyone else understands but you. So if it is not clear then
> obviously you are the problem.

I've seen their 'understanding' and it's essentially the same as mine.

>>>And I attempted to convey that *my first system* had the OS on all
>>>three drives.
>>
>>Yes. And the word "the" is singular, as in one: I.E. "the O.S." The first
>>impression for "the O.S." 'on three drives' is "the O.S." 'spread' across
>>them, not 3 bloody COPIES of the silly thing as you now seem to indicate.
>>Why anyone would want 3 COPIES on three drives is another mystery you leave
>>unanswered.
>
>
> That's right. Like you said "the O.S." means one operating system.
> You're the only one who would be dense enough not to understand that
> one operating system can be copied to three different drives.

A 'copy' is not 'the O.S.' It's a 'copy' of 'the O.S.'. And I can
understand copies just fine if you had the sense to simply SAY a freaking
copy instead of 'have the O.S. on three drives'.


> If I
> said I had the O.S. on three computers you would still be dense enough
> to find an issue, when everyone else would easy understand.

No, as imprecise as it would be to say you "have 'the O.S.' on three
computers" I'd know because any other interpretation is even more silly.

However, stripping 'the O.S.' across drives is quite normal for a RAID setup.

> Again,
> *you* are the problem.Even I know that when an app is spread across
> multiple drives, "spread across" and "stripping" are the phrases/terms
> used. But I never used those words.

You didn't use ANY descriptive words, not copy, not striping, not anything,
which is the problem.

I have LOTS of things on multiple drives. Care to 'guess' what the hell I
mean by that? Because that's what YOU expect when you say things like "have
the O.S. on three drives."

>>>So obviously the idea is that there would be a complete
>>>copy of the OS on each of the four hard drives in the *new* system I
>>>want to build.
>>
>>And what is so 'obvious' about someone being nutty enough to want 4
>>"complete" COPIES of their OS on 4 drives?
>
> Honestly, this is like arguing with a mentally handicapped individual,

I admit to not being a mind reader.

> but since I have nothing else to do...

That's apparent.

> I'm sure it never occurred to you that if for some reason I wanted to
> boot from a different drive, it would have to have an OS on it, right?

Of course it occurred to me. I even listed that as one of many
possibilities that occurred to me. What the hell YOU had in mind was an
unanswered question which, of course, you didn't bother to mention until
you felt it might be fun to throw more insults.

> And an O.S. on all my drives would give me the option of booting from
> any one of the three drives left if for example my "C" drive went
> down, right? Now read that again several more times before you find
> issue with it.

If you are concerned with 'drives going down' then you'd be better off with
a RAID5 array rather than separate bootable copies of the O.S. on each
drive. A three drive RAID5 uses less space, meaning more room for your
other data, and operates seamlessly even during a single drive failure
without even a 'boot' needed (except for drive replacement if you don't
have hot swap capability).

>>>Now why would anyone want to stripe an OS across
>>>multiple hard drives?
>>
>>You apparently don't know about RAID. Why? Speed, fault tolerance. Depends
>>on how much of each you want and how much you're willing to spend to get it.
>
> There are many apps one can stripe across hard drives for speed
> reasons. But it is not a good idea to do that with an OS, for reason
> anyone with half a brain can figure out.

Oh really? I guess that's why it's so commonly done, eh?

> More importantly, you
> yourself already gave the reason why stripping your OS across hard
> drives is a bad idea? The follow are your words: "...but if you mean
> the system not operating with a third of the OS missing from, as you
> put it, the C: drive going down then that is a big "well, Duh.""

I didn't say "striping" there. I was talking about your claim of "the O.S.
on three drives" with no explanation of what it means and that if you meant
RAID you'd have SAID RAID; an assumption I now freely admit was foolish in
your case.

>>And it's a hell of a lot more common that someone keeping '3 copies on 3
>>hard drives'.
>
> Sigh...

Which indicates you still don't know what RAID is.

>
>>>I went on to say, "But thanks to the way
>>>software is written, if my "C" drive went down, I still wouldn't be
>>>able to use my other drives without major changes to my system first."
>>>Which means that an entire copy of the OS on *each* of the drives
>>>still wouldn't help me.
>>
>>Well, it might if it were installed on each; you could simply boot from the
>>alternate. But then no one knows what the heck YOU mean by a 'copy' ('copy'
>>of the CD? Copy of just the install files? a 'copy' of the files as
>>installed on C:? an INSTALLED to THAT drive 'copy'?), nor why you had 3
>>copies on 3 drives in your previous system, nor what the heck you mean by
>>(would or wouldn't) 'help me' (do WHAT? boot? clean C:? repair C:? recover
>>data from C:? or lord knows.).
>
>
> The sheer stupidity of everything you said in that paragraph is just
> more proof that you just feel like finding issue with everything said,
> but at this point you are starting to look extremely retarded.

No one, not even I, can read your mind.

>>>Now why is this so difficult for you to understand???
>>
>>Because you talk in generic riddles, adding information only when you want
>>to shoot down something (and you've shot down every suggestion from every
>>poster in the group who was trying to help you) and, even then, not
>>explaining enough of it to know what the hell you're trying to do or why.
>
> You cannot comprehend what a novice would understand and then blame me
> for not being clear enough for you. There is a reason that no one else
> is asking the questions you are asking. They are probably laughing at
> this point.

The reason they're not asking is they've given up trying to help you.

>>>>Like I said, you're not interested in solving any 'problem' but in just
>>>>complaining.
>>>
>>>
>>>I've come to the conclusion that what I want to do cannot be done. It
>>>is you who are instigating.
>>
>>The case is that your proposed 'solution' for whatever it is you're
>>actually trying to accomplish but which, for some bizarre reason, you seem
>>compelled to keep as friggin secret and unexplained as possible, is not
>>commonly available.
>
> How would you know when you can't comprehend what I'm trying to
> accomplish?

No one, not even I, can 'comprehend' what you don't explain.

>>Whether what you're actually "trying to do," whatever the hell it is, could
>>be done or not is an unanswerable question given the current lack of any
>>sensible information about it.
>
>
> I already have the answer. The rest of this thread is garbage.

Be happy in your misery.


>>>How can you possible believe you can get away with false info when the
>>>evidence is up there as you say. Anyone can read the posts. The key
>>>word is "spread", which *you* said. Not me. And again I was referring
>>>to a previous system("my first system") I had, and a copy of the OS on
>>>each of it's three drives. But of course that could not have possibly
>>>occurred to you, because it was logical.
>>
>>It didn't occur to me because it's nonsensical.
>
> To you...

Why don't you take a poll of how many people keep three, soon to be 4 from
what you said, fully bootable, non-RAID, duplicate copies of their O.S. on
separate drives to see how much sense it makes.

>>>The problem is your inability to comprehend what everyone else can.
>>
>><chuckle> Yes, I've read the 'understanding' of the others and they've all
>>given up trying to make sense of what you're posting too.
>
> Actually they have understood and posted their answers. You on the
> other hand...

Enjoy the fantasy.

> Darren Harris
> Staten Island, New York.
Anonymous
a b B Homebuilt system
a b G Storage
August 15, 2004 5:50:49 AM

Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (More info?)

Darren Harris wrote:

>> >> > And you do't think that an easily accessable switch on the outside
>> >> > of one's case to control writes to individual drives would be a good
>> >> > idea if implimented?
>> >>
>> >> Again, that feature _was_ implemented and nobody wanted it.
>> >
>> > Again, there would be no readon for me to describe it then. But since
>> > you said it was implemented, would you be kind enough to describe that
>> > technology in detail? Hmmmmm?
>>
>> Set the jumper, the write line is disconnected. Or set the jumper, the
>> onboard processor ignores any write commands. I suspect that both
>> approaches were used at different times.
>
> That isn't what I said. Can you tell me what era PCs had a switch on
> the outside of the case that allowed one to turn off/on write?

Wiring this on machines which contained drives with a write-protect jumper
was trivial. Two pieces of wire and and a switch.

>> It's easy to say "the industry knows how to do this". That doesn't get
>> the
>> job done. In 1940 the statement that "American scientists know how to
>> make
>> an atomic bomb" was true. But getting from theory to product took one of
>> the largest engineering development programs in history. In 1960 the
>> statement that "American scientists know how to put a man on the Moon"
>> was
>> true. Getting from theory to footprints was another huge engineering
>> program.
>
> ?!? In 1940 America did *not* know how to make an atomic bomb.

Yes, America did. The physics had been worked out--it was reduced to an
engineering problem.

> In 1960
> America did *not* know how to put a man on the moon. The basic
> theories and procedures were known, but a lot of ground work still had
> to be done.

Well, actually, no, it didn't. It was a matter of designing and building
the spacecraft.

>> Write protecting drives is not so difficult an engineering challenge, but
>> if you don't have any idea how it would be accomplished then you should
>> not expect claims such as "the developers/manufacturers have the
>> technology to impliment something as simple as what I said, but refuse
>> to" to go unchallenged.
>
> The basics are so well know that such a challenge would be weak. How
> deeply would I need to explain the theory of turning off/on writes

Well, at least far enough to demonstrate that you actually understand the
issues involved.

> to
> a drive and routing control of same to a switch bank that is easily
> accessible *outside* of the PC case? There would be no oprning up of
> the case or swapping drives between bays just to turn off the write.
> I'm merely *attempting* to convey that it would take little for the
> manufacturers to implement this.

Look, if it's so all-fired important to you to have this capability, go
through the Seagate site, find the drives that had write-protect jumpers,
buy however many you need off of ebay, and install them with switches
outside the case wired to the headers. Or are you too stupid to figure out
how to solder two wires to a couple of pins and a switch?

>> But getting back to the original point, there is not enough market for
>> this to make it worthwhile for the drive manufacturers to continue to
>> implement it, so it's not going to happen.
>
> It's all about the bottom line. Malicious code makes a lot of money
> for a lot of people in the software and hardware sectors. So why
> promote an easier and cheaper way to fight viruses and hackers?

How does what you propose constitute "an easier and cheaper way to fight
viruses and hackers"?

>> You might find <http://www.ojp.usdoj.gov/nij/sciencetech/cftt.htm&gt; to be
>> of
>> interest. Given the price of those devices, if there is a real
>> mass-market for this capability, seems to me that you could make yourself
>> rich by coming out with a hardware write blocker for, say, $50 instead of
>> $500.
>
> Would you buy a Grey Hound bus just to take yourself to work?

If it was the smallest and cheapest vehicle available, then I wouldn't have
much choice, now, would I.

> Darren Harris
> Staten Island, New York.

--
--John
Reply to jclarke at ae tee tee global dot net
(was jclarke at eye bee em dot net)
!