Half a croissant, on a plate, with a sign in front of it saying '50c'
h a l f b a k e r y
No, not that kind of baked.

idea: add, search, annotate, link, view, overview, recent, by name, random

meta: news, help, about, links, report a problem

account: browse anonymously, or get an account and write.

user:
pass:
register,


                       

Memory Write switch

Mechanical On/Off switch inside PC
 
(+2, -2)
  [vote for,
against]

There should be a Mechanical On/Off switch inside PC , which enables/disables write operations to section of harddisc/RAM which is reserved for OS and crtitical applications.

Whenever OS has to be updated, PC will have to opened, and that switch should put in ON position. Once, the job is done, it should be back to OFF position.

This should hopefully give high level of virus protection.

VJW, Feb 17 2011

[link]






       Would you have to flick the switch to install software? Or change settings?
mitxela, Feb 17 2011
  

       Maybe in the shape of a plastic tab that slides backwards and forwards. Or go the cassette route and have a write once system unless you have some electrical tape.
bigsleep, Feb 17 2011
  

       I'm afraid it will have to include change to settings as well.
VJW, Feb 17 2011
  

       You can disable writing to the boot sector in the BIOS.
DIYMatt, Feb 17 2011
  

       DIY is right. The boot sector can be locked by the bios, to my knowledge this software layer has never been indirectly defeated.
WcW, Feb 17 2011
  

       But that still leaves rest of the OS vulnerable.
VJW, Feb 17 2011
  

       //rest of the OS//   

       Except for its size, the OS is the least of what needs to be protected: that can always be reloaded.   

       Personal media, personal info, archives, etc. : most everything on a PC is read-only.
FlyingToaster, Feb 17 2011
  

       //Except for its size, the OS is the least of what needs to be protected: that can always be reloaded.
Personal media, personal info, archives, etc. : most everything on a PC is read-only.//
  

       If the proposed system was intended to protect personal files, it would be effectively essential to be able to write new files to the hard-disk section (as opposed to editing existing files). As otherwise the switch will soon be set to off and left there by virtually all users. This requirement would naturally make secure implementation more difficult.   

       Furthermore, it _is_ important to protect the OS - deleting/ corrupting/ holding-to-ransom irreplaceable files is not the only security risk. Denial of service and theft of private information (eg. banking data or personal material) are two threats which spring to mind.
If one ignores the OS, then it would be fairly simple for malware to hang around in stealth mode until it detected that the switch was flicked off...
Loris, Feb 17 2011
  

       Data Execution Prevention (DEP) is a CPU instruction which when enabled prevents the OS from running code in areas that are supposed to contain data rather than instructions.   

       Let's consider how Data Write Prevention would work with a mechanical switch. Each time the computer is powered up, the kernel must be loaded into memory. Would a CPU instruction enable RAM locking only after the OS has loaded? Wouldn't the machine remain vulnerable during boot? Sections of ROM and RAM would need to be marked somehow. This could be baked with a new filesystem and similar techniques as used in DEP.   

       The kernel is only a small attack vector, so I wonder about the cost/benefit to such a facility.
ed, Feb 18 2011
  

       ed, OS should be loaded in flash -memory, the instant boot PCs kind. Once it is loaded, it will always be there.   

       Similar kind of protection can be given to critical applications, such as banking, medical etc.   

       In these cases, flash memory can be used for OS as well as applications. Only data should be stored in RAM, IMHO.
VJW, Feb 18 2011
  

       // Only data should be stored in RAM //   

       Ask yourself why BIOS and Option ROMs are shadowed to RAM.   

       The answer is access time; RAM offers the shortest fetch time to the CPU.   

       Flash memory has a limited cycle life.
8th of 7, Feb 18 2011
  
      
[annotate]
  


 

back: main index

business  computer  culture  fashion  food  halfbakery  home  other  product  public  science  sport  vehicle