Slashdot Mirror

← Back to Stories (view on slashdot.org)

CDROM-Based Virus Scanners?

Posted by Cliff on from the hands-off-bug-hunting dept.

cheros asks: "Pretty much every virus checker I've seen requires installation of a couple of MB worth of data on the HD. However, in a controlled or accredited environment (say, a hospital) installation of external software can invalidate the build, and the checking process can adversely affect timing (in, say, plant control systems), so I'm looking for a virus checker that works from a CD. This obviously means the CD needs updating when new signatures come out, but at least it's a 'hands off' sweep of the system that can be done during maintenance down-time (and assures me that the virus software itself can't compromised). The only workaround I have at the moment is that critical system files can be checksummed to prove integrity (MD5 is your friend ;] ). That's OK for the systems that are fairly static (no, not blue screened, less data changes on the disk =] ), but systems where config data changes (say, a DDNS) are less easy to check. It's mostly a Windows problem (with &^$$& locked files being a pain), but the same situation can arise on any platform. Got any ideas?"

5 of 48 comments (clear)

  1. Try a usb or firewire harddisk by Stigmata669 · · Score: 3, Insightful

    Although i am unfamiliar with any CD based anti-virus software, you could always install the software onto a removable usb harddisk, even a keychain drive and run the software from the drive, leaving the primary disk more or less untouched (hopefuly less).

    --
    Yawn.
  2. Norton Systemworks 2001 by karnal · · Score: 3, Informative

    I've got a copy of Norton Systemworks 2001 at work that states on install, that you should boot to the cd-rom and have it do a virus check before you install the software (Norton Antivirus is included in this suite...)

    I've not used it yet; the only risk I would say you'd run is if you have a virus that is not detected with the CD build of the virusscan... Pretty hard to do updates to read-only media.... but for a general sweep of the machine, you'd be good to go.

    Maybe there's a way to "repackage" the bootable portion of the cd / virus definitions, and go that route? I'm sure Norton has had requests for this before, and it wouldn't take much time talking with their support (never had to contact them myself) to see if this is the case...

    We're in the same boat, though... Validated systems; since I work in Network Architecture, one of the problems we run into is we can't put ANYTHING on servers that isn't validated (i.e. packet sniffing/analyzing agents, etc.) I see their point, so in the end we just mirror ports :) (slightly ot, I know)

    --
    Karnal
  3. F-PROT by reynaert · · Score: 3, Informative

    You could probably use the DOS or Linux version of F-Prot. It doesn't need to write anything, and it has some nice command-line options for automated scanning etc.

    With a little effort, you can even fit the DOS version on a single floppy. You'll need to store it compressed, and uncompress it to a ramdisk when booting.

  4. Control Systems by LWolenczak · · Score: 4, Insightful

    I used to work for a company in the SouthEastern United States, currently called Avid Solutions, Formerally called Carolina Instermentation Corp/Electrical Maintence Overflow Comp. (cic/emoc). Every Control System that I have ever seen them put together was setup a perticular way.

    1. Locked down OS. In NT, this involved Policies, in most cases, Auto logins, and quite a bit of registery editing.
    2. Seperated Network. The control networks were allways on their own network. In many cases, a main network, and a backup network.
    3. No internet access.
    4. No access to the floppy/cdrom unless your an administrator, hell, explorer dosen't even load, only the control application.

    Perhaps you need to look at your setup and make some changes if your worried about viruses.

  5. Why??? by OneFix · · Score: 5, Insightful

    I know that similar posts have been made, but I don't think this can be expressed enough!!!

    You shouldn't need AV software in the systems you describe. These should not require direct access to an untrusted network...there is no reason why someone should be installing their own software on the system...and the systems should be designed as such (no direct access...a locked cabinet is a good idea here, and secondary/tertiary networks for workstation access to data)...if you really must have mission critical systems open to viruses, and you are using standard peecee hardware, you could always try an Antivirus PCI Card.

    I guess this might be another advantage of using Linux for mission critical apps...chances are the employees don't have access to software...