CDROM-Based Virus Scanners? 48
cheros asks: "Pretty much every virus checker I've seen requires installation of a couple of MB worth of data on the HD. However, in a controlled or accredited environment (say, a hospital) installation of external software can invalidate the build, and the checking process can adversely affect timing (in, say, plant control systems), so I'm looking for a virus checker that works from a CD. This obviously means the CD needs updating when new signatures come out, but at least it's a 'hands off' sweep of the system that can be done during maintenance down-time (and assures me that the virus software itself can't compromised). The only workaround I have at the moment is that critical system files can be checksummed to prove integrity (MD5 is your friend ;] ). That's OK for the systems that are fairly static (no, not blue screened, less data changes on the disk =] ), but systems where config data changes (say, a DDNS) are less easy to check. It's mostly a Windows problem (with &^$$& locked files being a pain), but the same situation can arise on any platform. Got any ideas?"
Try a usb or firewire harddisk (Score:3, Insightful)
Openantivirus (Score:2)
Caution: MAJOR conflict of interest. (Score:2)
Caution: MAJOR conflict of interest. The writer is an anti-virus consultant who will lose money if there is an open source alternative.
Norton Systemworks 2001 (Score:3, Informative)
I've not used it yet; the only risk I would say you'd run is if you have a virus that is not detected with the CD build of the virusscan... Pretty hard to do updates to read-only media.... but for a general sweep of the machine, you'd be good to go.
Maybe there's a way to "repackage" the bootable portion of the cd / virus definitions, and go that route? I'm sure Norton has had requests for this before, and it wouldn't take much time talking with their support (never had to contact them myself) to see if this is the case...
We're in the same boat, though... Validated systems; since I work in Network Architecture, one of the problems we run into is we can't put ANYTHING on servers that isn't validated (i.e. packet sniffing/analyzing agents, etc.) I see their point, so in the end we just mirror ports
F-PROT (Score:3, Informative)
You could probably use the DOS or Linux version of F-Prot [f-prot.com]. It doesn't need to write anything, and it has some nice command-line options for automated scanning etc.
With a little effort, you can even fit the DOS version on a single floppy. You'll need to store it compressed, and uncompress it to a ramdisk when booting.
Re:F-PROT (Score:1)
Re:F-PROT (Score:1)
Re:F-PROT (Score:2, Informative)
The guys and girls of the german c't magazine [heise.de] combined toms rescue boot disk [toms.net] with F-Prot for Linux and pressed it onto a CDROM shipped with the issue 13/2002 [heise.de]. You can order this issue for 3 EUR + shipping (1 EUR is round about 1 US $).
If you can get internet access with that CDROM, you can even update the scanner and the data files. (And as a nice bonus, you get 600 MBytes Freeware and Shareware.)
Tux2000
Re:F-PROT (Score:2)
What about a remote system? (Score:1)
A bit of research first ... (Score:1, Informative)
Since the scanner can also be run manually, you could install updated definitions on a floppy disk with the tab set.
That's just off the top of my head; I'm sure The Best Friend Of The WWW [google.com] could render gallons more assistance.
Re:A bit of research first ... (Score:1)
What are you using?!? (Score:2)
DUH (Score:2)
NAV (Score:1)
-D
Control Systems (Score:4, Insightful)
1. Locked down OS. In NT, this involved Policies, in most cases, Auto logins, and quite a bit of registery editing.
2. Seperated Network. The control networks were allways on their own network. In many cases, a main network, and a backup network.
3. No internet access.
4. No access to the floppy/cdrom unless your an administrator, hell, explorer dosen't even load, only the control application.
Perhaps you need to look at your setup and make some changes if your worried about viruses.
damn i cant spell today (Score:1, Offtopic)
Re:Control Systems (Score:1)
It's said that the safest way to protect your computer from [viruses/cracking/information theft/etc.] is to unplug it, but how practical is that here in the real world?
Re:Control Systems (Score:2)
I'm currently working in a local school district, and this is the only siutation I've found lockdowns useful, since kids intentionally tend to cause crap or download porn etc. In a business with reasonable adults, you can at least hope/expect that they won't be causing deliberate damage to the machines.
This shameful plug should be used to plug um... nevermind - phorm
Re:Control Systems (Score:2)
You have not seen Vexira Antivirus Rescue Disk CD? (Score:2, Informative)
It will boot and mount most any file system: Microsoft FAT 16, FAT 32, VFAT, NTFS, Linux ext2, ReiserFS and UMSDOS, IBM OS/2 HPFS, FreeBSD, OpenBSD, Solaris, and Unix UFS, CD-ROM ISO9660, Minix, FreeVxFS, Veritas VxFS, System V, Xenix, V7, and UDF.
Vexira Antivirus Rescue Risk [centralcommand.com]
The VARD is free BTW.
Re:You have not seen Vexira Antivirus Rescue Disk (Score:1)
Re:You have not seen Vexira Antivirus Rescue Disk (Score:1)
Why??? (Score:5, Insightful)
You shouldn't need AV software in the systems you describe. These should not require direct access to an untrusted network...there is no reason why someone should be installing their own software on the system...and the systems should be designed as such (no direct access...a locked cabinet is a good idea here, and secondary/tertiary networks for workstation access to data)...if you really must have mission critical systems open to viruses, and you are using standard peecee hardware, you could always try an Antivirus PCI Card [rd-comp.com].
I guess this might be another advantage of using Linux for mission critical apps...chances are the employees don't have access to software...
Re:Why??? (Score:2)
The system I explained makes this very easy. The first way is to simply bury the connections for your mission critical network behind locked boxes. And if you're using a cabinet for the box, this is already done for you. Not to mention that many of the locations with similar set ups already have a strict "no laptops" policy. Another easy way to keep ppl from connecting to the network is to use non-standard connectors. This makes it so only the computer side of the connection has to be hidden.
The other way of securing the network (I know you'ld like to suggest they are sticking control systems in their lobby) is to require MAC authentication. I've even seen systems that use a rolling MAC address based on a standard time.
Re:Why??? (Score:1)
Re:Why??? (Score:1)
Re:Why??? (Score:2)
Re:Why??? (Score:2)
F-prot (Score:2)
F-prot antivirus can fit on 3 write-protected floppies or a bootable CD-ROM. Its free for personal use, and easy enough to update by downloading new definitions from its website. Its available for both DOS and Linux.
Symantec (Score:1)
Re:*grumble* You can already do this (Score:1)
"However, in a controlled or accredited environment (say, a hospital) installation of external software can invalidate the build, and the checking process can adversely affect timing (in, say, plant control systems), so I'm looking for a virus checker that works from a CD.
The logic behind his requirement is flawed:
Any non-acredited software can affect the build, Even anti-virus software that is not installed on that build. i.e. many antivirus software write checksums somewhere on the HD. I people can run such software you have a problem anyway in such an environment.
You can install most antivirus software in a non-interfering mode, only scan wheren you press the scan button. So why not put in on HD or a (read only) central server?
Opening up C$ & D$ would be a bad idea, but is is possible.
The only files you won't be able to access are those that are exclusive locked by the OS and they can't be infected by any virus anyway.
Since they can be updated by update software, virus software can update those files as well.
In the end i think he is a (l)user that cannot install software, but wants to virus check his PC anyway. (read between the lines!)
Really slow site, but here you go: (Score:2)
Of course this only works for Fat/Fat32.
I don't know of any that would scan NTFS. You'd have to have some munged version of NT/Win2k boot off a CD and then run a virus scanner.
You need two things... (Score:1)
2. A floppy disk with the latest virus definitions on it.
The Norton AntiVirus CD automatically checks the floppy drive for the latest virus definitions when you boot from it, otherwise it uses the outdated ones on the CD.