
Protector       - copyright 1992, Ian Palmer. 
----------

For details of copyright see the 'copyright' file.

Protector is a crude, but probably effective, bastion against the evils of
viruses and theft. The former is supplied by giving a quick scan of relevant
files to check they have not been altered since you have been able to verify
their 'virus freeness'. The latter is supplied by the possibility of a
banner (with or without password protection) to come up upon powering up the
machine. Although this banner can be removed, it is unlikely that any theif
will have the know-how to perform this operation.


Virus protection
----------------

In order to operate, viruses must attatch themselves to files that exist, or
make sure they are run by attatching calls within files that exist. In this
way they can easily, and quickly, be detected by making a check on all files
that are likely candidates.

Files that are candidates on Risc-OS machines are '!boot' and '!run' files
as well as relocatable modules and absolute files. Protector works by
simply keeping a note of the lengths, load addresses and execute addresses
(and thus date stamps) of all these files on the disc(s). It has been
designed to run on a hard disc based machine, and is unlikely to be very
usable on floppies.

Before you get Protector to create this list, it is advised that you first
check the relevant discs for viruses, thus you are starting from a virus
free state (Protector does NOT detect viruses as such, only changes to
files that might signify a virus).

The process whereby Protector creates, or alters, it's file list is called
'scanning' (as opposed to 'checking'). To scan a whole disc, the easiest way
is to call up Protector's menu and select the 'Scan' sub menu, which
contains a single writable option where you should place the full name of
the root directory of the disc, eg.

adfs::HardDisc4.$

Do not add an extra '.' to the end of the name, and the 'adfs::....' stuff
is necessary, as will become clearer later.

The scan will then take place (this is now multitasking). The scan
builds up a list of all the relevant files and notes their length, load and
execute addresses.

If you don't want to scan the whole disc, you can type any directory name,
or even a file name, into the 'scan' sub menu. This will make Protector
update the file list, removing entries that were in that directory, and then
add the files that are in that directory. This means that updating the file
list can be done simply and, more importantly, quickly. If you type in the
name of a file, as opposed to a directory, that file will be added to the
list, whether or not it is one of the 'at risk' files.

A much simpler way to get Protector to scan a directory, or file, (although
this method can't be used for scanning from the root directory) is to drag
the directory, or file, to Protector's icon on the icon bar. Protector
will then do the rest.

As, during a scan, Protector updates the file list rather than create a new
one, it allows more than one disc to have it's contents on the list. Thus if
you have more than one hard disc you can have all the hard discs' files in
one list.

If when you initiate a scan, you hold down the 'Shift' key then Protector
will simply remove all files from that directory (or the file itself) from
the list.

If you, instead, hold down the 'Ctrl' key, Protector will simply add the
dragged item(s) to it's 'Avoid' list. This list contains a list of files (or
directories) which you do not wish Protector to add to it's file list. Any
file that appears in this list will not be added to the list (unless
explicitly dragged to Protector), and any directory in this file will not be
scanned by Protector (again unless the directory is explicetly dragged).


Checking files
--------------

There are three ways to get Protector to check the files within it's list.

The first method is something Protector will do automatically. By default it
will check one (random) file EVERY 5 minutes (when the desktop is running,
and Protector is loaded). The time between checks can be altered (see
below), and this feature can also be switched off (again see below).

The second is by simply selecting the 'Check' option on Protector's menu.
Once selected Protector initiates the check (which is multi tasking), and
will produce error windows for any files that do not match it's list. Four
error messages can be produced :

<file name> has been deleted
<file name> has been altered
<file name> has been extended
<file name> has been reduced

Three of the messages speek for themselves, the 'altered' message means that
the length is the same, but either the load or execute address has been
changed.

Once you have checked that the file in question has not been altered by a
virus you can simple drag the file, or the directory it was in, etc. to
Protector's icon and the file list will be updated.

The other way to start a check is to place an 'option' on the call to
Protector (see the options section below).


Options
-------

When Protector starts up it checks the command line that called it for
options. It knows of five options :

-P (-p) Only run if the last reset was a Power Up.
-S (-s) Initiate a check immediately 
-B (-b) Bring up the 'Owner Banner' (see below) 
-L (-l) Bring up the 'OwnerBanner' and lock Risc-OS (see below) 
-Q (-q) Quit once other options have been satisfied.
-R (-r) Set percentage of files checked each time.
-T (-t) Set the time interval between file checks.
-N (-n) Set the number of files to check on an interval check.

These options are basically supplied for use in your desktop !boot file.
This means that you can have your computer check the files and display your
name and address upon power up.

Note, each option must be preceeded by a space and must have it's own '-'.
For example you might place the following in your $.!boot :

Run adfs::HardDisc4.$.!Protector.!Run -P -Q -B -S

By default Protector checks all the files in it's list on each 'check'. You
can, however, make Protector check a random selection of files on each
check. This means that if you have a lot of files you can make a reduced
check on each occasion. This is done by the '-R' option which should be
followed by a number (from 0 to 100) which stands for the percentage of
files to check (100 = all files, etc.).

Thus for the above setting, with only 1/4 of your files checked each time,
you need :

Run adfs::HardDisc4.$.!Protector.!Run -P -Q -B -S -R 25

If you want to change the percentage of files to be checked you can set it
from the '% check' sub-menu. The current setting is also shown in the main
menu in the 'Check' option.

As was stated above Protector checks some file every 5 minutes of desktop
time (you should not even notice this apart from the hard disc light will
flash on and off). You can, however, change this frequency (or even switch
this facility off) - but this has to be done when you start up Protector.
This is done via the '-T' option. This option (as with the -R option) should
be followed by a number to represent the number of seconds between checking
a file (default 300). If this value is zero (0) then the checking will not
take place.

The number of files checked each time (default 5) can be set via the '-N'
option. Both these values can also be changed from the main menu.

Owner Banner
------------

Before you can get the banner to show itself you must create a text file
inside the Protector application window called 'Banner'. This can contain
upto 5 lines of text, each line upto 40 characters. The lines might contain
your name, address, etc.

Then if you call Protector with the -B option it will bring up the banner
on the screen, and wait for you to click on the 'Click here' icon. The
banner multitasks with both any 'check' and the desktop.

If you want password protection on the banner, you need to also create a
password file. This can be done by selecting the 'Password' sub menu of
Protector's main menu, and typing the password to want to use. This will
then be saved (coded) in a special file within Protector's application
directory. Now if you call Protector with the -L option, or select the
'Lock' option from Protector's main menu, the banner will be brought up,
except you will have to type the correct password to get it to go away.

The locked banner only multitasks with and 'check' in progress, and does not
pass control to the desktop. In this way you can not access anything on the
desktop until you type the correct password, or perform a reset.


Added protection
----------------

This part is for the real paranoid in you :-)

If the use of !Protector becomes faily widespread, the chances of someone
writing a virus that can 'fool' Protector becomes greater. The only real way
that this can happen is if the virus makes changes to the file list to
update what is stored there to match the altered files, thus Protector will
think nothing has changed.

To overcome this possibility it is best to change the name of Protector so
that a virus can not be aware of it's presence, and more importantly can not
locate the relevant files.

To do this you should change the name found in the following locations :

   The application directory, simply rename. This name will now be refered
    to as 'new_name'.

   The !Run file. You need to change two lines, the first sets up a
    variable, the second uses that variable (Protector$Dir) which needs to
    be changed to new_name$Dir (substitute your new name).

   The !RunImage. You will need to change two lines in this file, the first
    (the first non REM line) contains the variable 'run%' which contains the
    length of the !Run file you have just changed, this needs updating
    otherwise the program will moan at you each time it's run.
    On the next line is a call to PROCwimp_init, with a single parameter
    which contains the name of the program, change this name.

   The !Sprites files. Simply load the files into !Paint, and rename the
    sprite to that which you renamed the application directory,
    ie. !new_name.


Extending the Scope of Protector
--------------------------------

As time goes by, no doubt, some people (if that's the right word) are bound
to discover other ways to make viruses spread themselves. Currently
Protector will scan for four types of files :

   Those called '!boot'

   Those called '!run'

   Relocatable Modules (file type &FFA)

   Absolute Files

Although you can add any file to the list, simply by dragging the file to
Protector's icon, this may be removed by subsequent scans. To overcome this
Protector has been written to allow simply extension of the files it will
add to it's list. The final function in the listing ('!RunImage') should be
called 'FNshould_all'. This is passed a file name (name$ (always lower
case)) and the file type (type% (-1 for absolute files)). The function
should contain the tests for the four resident file types shown above, and
by simply adding extra conditions you can extend Protector's range.

For example, if you wanted to add all command (exec) files you would need to
add a line :

IF type%=&FFE =TRUE
                   
Alternativly to add all files called '!Sprites', you would add a line :

IF name$="!sprites" =TRUE

Notes:

  You must make sure that names are lower case, as name$ only contains
  lower case letters.

  All alterations must follow the rules specified in the 'Copyright' file.
  If no such file exists, whoever supplied this program to you has
  BROKEN THE LAW.

  The -L (lock) option takes presidence over the -B (banner) option.
  Also if when the banner is being displayed you select the 'Lock' option
  from the main menu, the banner will be converted to a 'Lock'.

  During a 'Lock' Protector 'swallows' any mouse events (ie. button clicks).

