Hardware protection can accomplish various things, including: write protection for hard disk drives, memory protection, monitoring and trapping unauthorized system calls, etc. Again, no single tool will be foolproof and the "stronger" hardware-based protection is, the more likely it will interfere with the "normal" operation of your computer. The popular idea of write-protection (see D3) may stop viruses *spreading* to the disk that is protected, but doesn't, in itself, prevent a virus from *running*. Also, some existing hardware protection schemes can be easily bypassed, fooled, or disconnected, if the virus writer knows them well and designs a virus that is aware of the particular defense. The big problem with hardware protection is that there are few (if any) operations that a general-purpose computer can perform that are used by viruses *only*. Therefore, making a hardware protection system for such a computer typically involves deciding on some (small) set of operations that are "valid but not normally performed except by viruses", and designing the system to prevent these operations. Unfortunately, this means either designing limitations into the level of protection the hardware system provides or adding limitations to the computer's functionality by installing the hardware protection system. Much can be achieved, however, by making the hardware "smarter". This is double- edged: while it provides more security, it usually means adding a program in an EPROM to control it. This allows a virus to locate the program and to call it directly after the point that allows access. It is still possible to implement this correctly though--if this program is not in the address space of the main CPU, has its own CPU and is connected directly to the hard disk and the keyboard. As an example, there is a PC-based product called ExVira which does this and seems fairly secure, but it is a whole computer on an add-on board and is quite expensive.
|
|
|
|
|
|
|
|