JPROTECT (tm) A File Protection Driver -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- JAM Utilities, Version 1.25 Copyright (c) 1995 JAM Software. All Rights Reserved. JPROTECT (tm) driver and this documentation is distributed under license from its developer, Compact Soft group, Kiev, UKRAINE. Portions Copyright 1990-1995 Compact Soft. All Rights Reserved. E-mail: compact.soft@UA.net, compact.soft@cs.kiev.ua. The usage and distribution policy of the driver and documentation is determined by terms specified by JAM Software license agreement. Please refer to files README.DOC and REGISTER.DOC for details. Page 1 CONTENTS ============ 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Installation . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Usage Notes . . . . . . . . . . . . . . . . . . . . . . . . 5 4. Compatibility. . . . . . . . . . . . . . . . . . . . . . . . 7 5. Messages . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Page 2 1. Introduction ----------------- The JPROTECT utility is file-level protection driver. It allows you to selectively protect your files from modification. For instance, with JPROTECT you can block-up possible damages of compressed data in JAM files, and protect your executable files from virus infections. To use it correctly, please read the following installation and usage notes. The driver can act as an effective virus-protection tool, as well as general file security utility. It does not, however, eliminate the need for other virus-specific programs, such as scanners, watchers and disinfectors. Please use them to increase your system's protection. First, some words about plain DOS file protection. Each file has set of attributes, which specify how some operations with this file are performed. Specifically, the Read-Only file attribute disallows the modification and deletion of file by any program. This looks like promising way to ensure the integrity of your files: just set all vital system and executable files to read-only, and no one can modify them. Unfortunately, DOS allows for easy change of read-only attribute with specific system function. Therefore, any sophisticated virus can reset the attribute, and then write to the previously protected program file, implanting itself into it. The JPROTECT utility changes this. When installed, it enhances the way how DOS treats read-only attribute of files: now, it can only be set once, and cannot be removed. You can easily set all your executable files to read-only (use DOS ATTRIB command, for example), and they would be safely protected from viruses. Actually, you would hear an audible warning sound when a program tries to remove the protection. What if you need to do something with this files? For example, you may want to remove some previously protected program, or run (virus-free) installation utility which modifies the executable code (poor practice), or want to upgrade to new version of software. In this case, you can temporarily disable JPROTECT by pressing a hot key combination (see below). Page 3 Please note that JPROTECT itself does not offer absolute virus protection. Thus, some viruses bypass standard DOS interface and use direct disk access (either DOS Interrupt #26 or BIOS Interrupt #13) to modyfy files. To minimize risk of infection by these viruses you can store your programs on the JAM compressed drives (they have non-stadard structure and cannot be modified directly). You should also beware of "trojan horse" programs and boot-sector viruses (for the latter case you may use the Compact Soft's AVB program). Also, JPROTECT would warn you when virus would attack your computer, but does not delete it from already infected programs - you should use virus scanners for that. You may receive false alarms, and should be able to distinguish them. Page 4 2. Installation ----------------- To install JPROTECT, put the following line into the beginning of your CONFIG.SYS file: DEVICE=[drive:][\][path\]JPROTECT.SYS The [drive:][\][path\] parameter specifies the location of the JPROTECT.SYS file. To ensure proper and safe operation of the JPROTECT.SYS, you should load it as early as possible. If you install it too late, or use some non-supported DOS version, it would display corresponding messages. The driver uses about 512 bytes of conventional memory. You can save the low memory space by loading the driver high using DEVICEHIGH= (or DR-DOS's HIDEVICE=) commands. To do so, you should load your memory manager first. In rare cases, when you want a "clean" environment, you can suppress loading of JPROTECT by depressing and holding the left "Alt" key. The driver would stop and ask you, do you want to abort installation. Press Esc to abort, or any other key to continue. Page 5 3. Usage Notes ---------------- When loaded, the driver tracks all DOS calls which change file attributes. If the program attempts to clear read-only attribute of read-only file, it issues a alarm sound and returns error to the program. Try this by using the following DOS commands: attrib +r c:\command.com attrib -r c:\command.com (You can substitute any executable program file instead of c:\command.com.) You would hear alert sound after entering second command (assuming JPROTECT is installed). Now, enter this command: dir /t /a c:\command.com You would see that read-only attribute remains set. Now we suggest that you would protect all your vital executable files, by commands similar to: attrib +r c:\dos\*.exe attrib +r c:\dos\*.com (substitute other executable file directories here). After that, JPROTECT would not allow alter or delete any of these files. If you would hear the alarm sound during program startup, or in any other case when you do not explicitly work with your protected programs (other than running them), that could mean you have one of your programs infected and loaded, and virus is active in memory, trying to infect the protected programs. If so, check what you have done, and try to find the infected program by virus scanner (probably, it would be one of that new, recently-installed programs). Page 6 Sometimes, you want to disable protection to allow some operations with read-only files. In this case, you should press a hot key to switch protection off: ,------. ,---. | Ctrl | + | ~ | `------' `---' You would hear a low frequency beep. Press this key combination once more, and other, high-frequency beep would tell you that protection is back again. Page 7 4. Compatibility ------------------ The JPROTECT utility has been tested and used with many popular programs, and with most (if not all) DOS versions. However, there are conflicts which cannot be resolved easily. Some programs do not work if they are read-only (specifically, some programs that use overlays stored in themselves, configuration programs that write to other programs they configure, or self-modifying programs). In these cases, most often it is sufficient just not protect that one program in question. But do not forget to protect system files, COMMAND.COM (or other command processor you use), and frequently-used programs (program shells, utilities, file managers, etc). Some programs (task swappers, for example) do not work when JPROTECT is active. In this case, you should just disable protection temporarily when you run them (by pressing the hotkey). Do not forget to restore it afterwards! Page 8 5. Messages ------------- Most messages from JPROTECT are self-explanatory. Here is a list of them: > Installation suspended. Press ESC to cancel, other key to continue: - JPROTECT waits for you to confirm driver installation. > Installation aborted from keyboard. - JPROTECT was not installed due to user request. No protection is active. * To toggle protection state press: - JPROTECT driver successfully installed. Use shown hotkey to switch protection on and off. > Cannot enable protection. Either you've installed some other drivers before JPROTECT, or you're running JPROTECT on incompatible DOS version - Either you have some driver intercepting DOS functions loaded earlier in CONFIG.SYS, or your DOS version was not supported. Try to load JPROTECT.SYS as very first driver. If this does not help, please contact us for upgrade information.