Re: Virus on WInXPE

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Slobodan Brcin \(eMVP\) (sbrcin_at_ptt.yu)
Date: 03/17/04 

Date: Wed, 17 Mar 2004 08:59:55 +0100

Hi Rhys,

If you use read only flash or even better example would be El-torito CD that
is 100% read only. To make XPe work in this scenario you must use RAM based
EWF.
And since it simulates HDD you will be vulnerable to viruses. But it is up
to you to find some way to protect yourself :(

Regards,
Slobodan

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Have an opinion on the effectiveness of Microsoft Embedded newsgroups? Tell
Microsoft!
https://www.windowsembeddedeval.com/community/newsgroups
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"rhys lloyd" <anonymous@discussions.microsoft.com> wrote in message
news:842C322A-E78D-4329-8E70-F133DD8DFAFB@microsoft.com...
> Hi Slobodan,
> So using read only flash one would not require an anti-virus package on a
thin client as the OS is invulnerable to infection. Surely in this case to
enable a memory resident virus one would need to reference the OS in at
least some writable way to begin with?
> thanks
> rhys
>
> ----- Slobodan Brcin (eMVP) wrote: -----
>
> Hi Rhys,
>
> You never said:
> 1. that you use flash.
> 2. that you have flash that is read only.
> 3. that you use EWF.
>
> Only hardware write protection on flash device can protect you from
> malicious persistent writes to flash.
>
> If you use EWF you are partially protected from viruses.
>
> Also consider one time viruses. Your device should run for long time
without
> shutdown (if everything is ok).
> If virus install itself in RAM or EWF your device will become
vulnerable to
> remote access and someone cold use it remotely.
>
> Regards,
> Slobodan
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Have an opinion on the effectiveness of Microsoft Embedded
newsgroups? Tell
> Microsoft!
> https://www.windowsembeddedeval.com/community/newsgroups
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> "Rhys Lloyd" <anonymous@discussions.microsoft.com> wrote in message
> news:71D210D3-7DA6-4BB1-9B28-F4A12F3BB3C1@microsoft.com...
> > That Virus would require recognition of the embedded OS although it
is a
> network connected XP image - it is my understanding that the
infection would
> require writing to the flash disk - is that not imposible?
>
>
>

Relevant Pages

  • Re: Booting from flash and EWF
    ... Although flash technologies is getting better, you still want to protect from sudden power downs and protect flash life with one of the Write Filters. ... This is very convenient because it makes disk switching on the deployed kiosk veary easy - the technical person must simply open the kiosk, pull the current usb stick and insert new one. ... From what I saw - in such cases it is advised to use EWF in order to protect the media from excessive writes. ...
    (microsoft.public.windowsxp.embedded)
  • Re: Need opinion from PIC experts
    ... was claimed that the data protection protecting the eeprom of a PIC (say ... 18 series) is easily circumvented by erasing the flash memory program, ... from EEPROM is that you can TABLE READ protect an area of FLASH. ... goto loop ...
    (sci.electronics.design)
  • Re: WriteProtect NOR Flash
    ... With SetPartitionAttributes I can make the NORFlash write protected. ... I want to protect the whole flash. ...
    (microsoft.public.windowsce.platbuilder)
  • Re: USB Flash write proctected!
    ... the info on the life limitation of FLASH memory ... Since you have eliminated a write protect switch and a write protect ...
    (microsoft.public.windowsxp.hardware)
  • Re: Need opinion from PIC experts
    ... was claimed that the data protection protecting the eeprom of a PIC (say ... 18 series) is easily circumvented by erasing the flash memory program, ... from EEPROM is that you can TABLE READ protect an area of FLASH. ... goto loop ...
    (sci.electronics.design)