Slashdot Mirror

← Back to Stories (view on slashdot.org)

CDROM-Based Virus Scanners?

Posted by Cliff on from the hands-off-bug-hunting dept.

cheros asks: "Pretty much every virus checker I've seen requires installation of a couple of MB worth of data on the HD. However, in a controlled or accredited environment (say, a hospital) installation of external software can invalidate the build, and the checking process can adversely affect timing (in, say, plant control systems), so I'm looking for a virus checker that works from a CD. This obviously means the CD needs updating when new signatures come out, but at least it's a 'hands off' sweep of the system that can be done during maintenance down-time (and assures me that the virus software itself can't compromised). The only workaround I have at the moment is that critical system files can be checksummed to prove integrity (MD5 is your friend ;] ). That's OK for the systems that are fairly static (no, not blue screened, less data changes on the disk =] ), but systems where config data changes (say, a DDNS) are less easy to check. It's mostly a Windows problem (with &^$$& locked files being a pain), but the same situation can arise on any platform. Got any ideas?"

19 of 48 comments (clear)

  1. Try a usb or firewire harddisk by Stigmata669 · · Score: 3, Insightful

    Although i am unfamiliar with any CD based anti-virus software, you could always install the software onto a removable usb harddisk, even a keychain drive and run the software from the drive, leaving the primary disk more or less untouched (hopefuly less).

    --
    Yawn.
  2. Openantivirus by ChiefArcher · · Score: 2

    try http://www.openantivirus.org .. It's free.. it's open source.. it's in java.. Stick it on the cd with a (windows/linux/mac) jvm.. and you're set to go. I have openantivirus running on my mail server right now... catches almost everything.. I believe there's a "C" version called clamscan out there.... not sure if it'll compile under anything but linux.. but you can always try. ChiefArcher

  3. Norton Systemworks 2001 by karnal · · Score: 3, Informative

    I've got a copy of Norton Systemworks 2001 at work that states on install, that you should boot to the cd-rom and have it do a virus check before you install the software (Norton Antivirus is included in this suite...)

    I've not used it yet; the only risk I would say you'd run is if you have a virus that is not detected with the CD build of the virusscan... Pretty hard to do updates to read-only media.... but for a general sweep of the machine, you'd be good to go.

    Maybe there's a way to "repackage" the bootable portion of the cd / virus definitions, and go that route? I'm sure Norton has had requests for this before, and it wouldn't take much time talking with their support (never had to contact them myself) to see if this is the case...

    We're in the same boat, though... Validated systems; since I work in Network Architecture, one of the problems we run into is we can't put ANYTHING on servers that isn't validated (i.e. packet sniffing/analyzing agents, etc.) I see their point, so in the end we just mirror ports :) (slightly ot, I know)

    --
    Karnal
  4. F-PROT by reynaert · · Score: 3, Informative

    You could probably use the DOS or Linux version of F-Prot. It doesn't need to write anything, and it has some nice command-line options for automated scanning etc.

    With a little effort, you can even fit the DOS version on a single floppy. You'll need to store it compressed, and uncompress it to a ramdisk when booting.

    1. Re:F-PROT by Tux2000 · · Score: 2, Informative

      The guys and girls of the german c't magazine combined toms rescue boot disk with F-Prot for Linux and pressed it onto a CDROM shipped with the issue 13/2002. You can order this issue for 3 EUR + shipping (1 EUR is round about 1 US $).

      If you can get internet access with that CDROM, you can even update the scanner and the data files. (And as a nice bonus, you get 600 MBytes Freeware and Shareware.)

      Tux2000

      --
      Denken hilft.
    2. Re:F-PROT by Wanker · · Score: 2

      This sounds like an excellent suggestion-- build a bootable CD-ROM which auto-scans all the local drives. In addition to not requiring any installed software, booting off known virus-free media guarantees that you'll find all those nasty stealth viruses that like to hide in memory.

  5. What are you using?!? by shyster · · Score: 2

    Every Windows based virus scanner I've known has an option for this. Norton AntiVirus can boot to the CD or make floppy disks, I think the newer versions can use a floppy disk for later virus definitions. Mcafee can do the same, I believe. I know it can run off floppies. So can F-Prot.

  6. DUH by moosesocks · · Score: 2

    This is quite obvious. Every virus scanner in my memory has had an option to boot off of the CD or create a boot floppy (which can be write protected in the same fashion as all floppies). The CD boots, can do a scan (automatically if you configure autoexec.bat to do so). You can re-burn the cd by placing new definitions on the cd, or tell the program to go get the definitions from another source (ls-120 drive, hard disk, etc.). This has all been possible with norton antivirus since version 2000 (probably earlier. i just never checked)

    --
    -- If you try to fail and succeed, which have you done? - Uli's moose
  7. Control Systems by LWolenczak · · Score: 4, Insightful

    I used to work for a company in the SouthEastern United States, currently called Avid Solutions, Formerally called Carolina Instermentation Corp/Electrical Maintence Overflow Comp. (cic/emoc). Every Control System that I have ever seen them put together was setup a perticular way.

    1. Locked down OS. In NT, this involved Policies, in most cases, Auto logins, and quite a bit of registery editing.
    2. Seperated Network. The control networks were allways on their own network. In many cases, a main network, and a backup network.
    3. No internet access.
    4. No access to the floppy/cdrom unless your an administrator, hell, explorer dosen't even load, only the control application.

    Perhaps you need to look at your setup and make some changes if your worried about viruses.

    1. Re:Control Systems by phorm · · Score: 2

      In agreement with the other responders, this sounds like crap to me. Installing a complete lockdown on machines tends to p*ss off employees, and just generally cause problems. Locking down an existing open network is a pain in the butt to admins too, every time new software has to be installed the admin has to be called in.

      I'm currently working in a local school district, and this is the only siutation I've found lockdowns useful, since kids intentionally tend to cause crap or download porn etc. In a business with reasonable adults, you can at least hope/expect that they won't be causing deliberate damage to the machines.

      This shameful plug should be used to plug um... nevermind - phorm

    2. Re:Control Systems by LWolenczak · · Score: 2

      In cases such as schools, you can't unplug it. In the case I'm talking about, The computer is only used to run a piece of machinery, or a set of chemical reactors. The system for all intensive purposes is unplugged because it does not need to be plugged in.

  8. You have not seen Vexira Antivirus Rescue Disk CD? by VexAdmin · · Score: 2, Informative
    I work for Central Command the company that produces Vexira Antivirus so be careful you might find a few biased statements here :-) We have Vexira Antivirus Rescue Disk (VARD) which is a bootable CD-ROM and diskette virus scanner that runs entirely in RAM. It's based on a debian micro kernel and includes a easy to follow menu. It can update the latest virus database and virus scanning engine also! Yes, even if you are using the CD-ROM version. You just need to download updates onto a floppy and select the update option on the main menu. VARD will pull them into RAM.

    It will boot and mount most any file system: Microsoft FAT 16, FAT 32, VFAT, NTFS, Linux ext2, ReiserFS and UMSDOS, IBM OS/2 HPFS, FreeBSD, OpenBSD, Solaris, and Unix UFS, CD-ROM ISO9660, Minix, FreeVxFS, Veritas VxFS, System V, Xenix, V7, and UDF.

    Vexira Antivirus Rescue Risk

    The VARD is free BTW.

  9. Why??? by OneFix · · Score: 5, Insightful

    I know that similar posts have been made, but I don't think this can be expressed enough!!!

    You shouldn't need AV software in the systems you describe. These should not require direct access to an untrusted network...there is no reason why someone should be installing their own software on the system...and the systems should be designed as such (no direct access...a locked cabinet is a good idea here, and secondary/tertiary networks for workstation access to data)...if you really must have mission critical systems open to viruses, and you are using standard peecee hardware, you could always try an Antivirus PCI Card.

    I guess this might be another advantage of using Linux for mission critical apps...chances are the employees don't have access to software...

    1. Re:Why??? by OneFix · · Score: 2

      This certainly doesn't assume that safety is a given. First, if you don't trust your employees that have access to missions critical systems/networks, you've got serious problems that a virus scanner isn't gonna fix.

      The system I explained makes this very easy. The first way is to simply bury the connections for your mission critical network behind locked boxes. And if you're using a cabinet for the box, this is already done for you. Not to mention that many of the locations with similar set ups already have a strict "no laptops" policy. Another easy way to keep ppl from connecting to the network is to use non-standard connectors. This makes it so only the computer side of the connection has to be hidden.

      The other way of securing the network (I know you'ld like to suggest they are sticking control systems in their lobby) is to require MAC authentication. I've even seen systems that use a rolling MAC address based on a standard time.

    2. Re:Why??? by tomhudson · · Score: 2

      Removing both floppy and cdroms is SOP with me. Since I did that to everyone's boxes, I've got more time for other stuff.

    3. Re:Why??? by OneFix · · Score: 2

      How can they insert a floppy through a locked cabinet?

  10. F-prot by dasunt · · Score: 2

    F-prot antivirus can fit on 3 write-protected floppies or a bootable CD-ROM. Its free for personal use, and easy enough to update by downloading new definitions from its website. Its available for both DOS and Linux.

  11. Really slow site, but here you go: by Mustang+Matt · · Score: 2

    http://www.free-av.com/ave.htm

    Of course this only works for Fat/Fat32.

    I don't know of any that would scan NTFS. You'd have to have some munged version of NT/Win2k boot off a CD and then run a virus scanner.

    --
    The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
  12. Caution: MAJOR conflict of interest. by Futurepower(R) · · Score: 2


    Caution: MAJOR conflict of interest. The writer is an anti-virus consultant who will lose money if there is an open source alternative.