news | articles | reviews | software | modules | accessories | discussion | faq | mobile | store
VisorCentral.com >> Discussion >> Visor Models >> Visor Prism
Virus protection

Post a New Thread | Post A Reply

  Last Thread   Next Thread
Author
Topic: Virus protection    
Tan Kit Hoong
Member

Registered: Dec 1999
Location: Kuala Lumpur
Posts: 247

Lightbulb

Hmmmm, I've read with interest the threads where people keep pointing out that the Visors all do not have Flash ROM.

I was thinking about viruses and I came to a pretty scary thought on the issue of Palm viruses and FlashROM.

It's so scary that I even hesitate to mention it for fear that it might one day come to pass.

You see, the availability of FlashROM itself is I think a liability rather than an asset when it comes to viruses.

We are all aware that there is such a thing as a program (like FlashPro, for example) that is able to access the FlashROM of a Palm so that you can use it to make more space for your Palm by storing apps on your FlashROM rather than on the RAM.

My thought is this: what's to stop a particularly malicious virus maker from making a Palm virus that takes advantage of the FlashROM and stores itself on the FlashROM of the Palm (or even erasing the PalmOS totally), making the whole device totally unusuable?

In a way, Visors are protected from this kind of virus because we just do not have flashROM.

I think it's a really scary thought, though and one of the major security holes of the Palm.

__________________
Tan Kit Hoong,
Star Publications (M) Ltd
<img src="http://thestar.com.my/tech/images/thestar_140x45.gif">

Tan Kit Hoong is offline Old Post 11-28-2000 10:53 AM
Click Here to See the Profile for Tan Kit Hoong Edit/Delete Message Reply w/Quote
PDAENVY
Member

Registered: Nov 1999
Location: Ann Arbor, Michigan USA
Posts: 790

quote:
Originally posted by Tan Kit Hoong

My thought is this: what's to stop a particularly malicious virus maker from making a Palm virus that ... stores itself on the FlashROM


Nothing, but...

quote:
... (or even erasing the PalmOS totally), making the whole device totally unusuable?



This is not possible. All PalmOS PDAs have non-destructable ROM and some have flashable ROM (actually EEPROM). No virus can harm the ROM, and the flashable rom is clearable with a hard reset or by leaving the batteries out long enough.

quote:
...one of the major security holes of the Palm.


Nope. It's just not a risk at all.

__________________
Jeff

PDAENVY is offline Old Post 11-28-2000 02:11 PM
Click Here to See the Profile for PDAENVY Edit/Delete Message Reply w/Quote
JHromadka
VisorCentral Staff

Registered: Sep 1999
Location: Texan in Calgary for a while
Posts: 1361

Arrow

Hmm, PCs today have Flash BIOS, essentially the same thing. I suppose that it is possible, but by the same token someone could write a virus that uploads itself to a Springboard module's flash memory. It would take a lot of work though.

__________________
James Hromadka
Old Friend

JHromadka is offline Old Post 11-28-2000 02:11 PM
Click Here to See the Profile for JHromadka Edit/Delete Message Reply w/Quote
Tan Kit Hoong
Member

Registered: Dec 1999
Location: Kuala Lumpur
Posts: 247

I'm talking about the EEPROM, PDAENVY - for example, the Palm Vx has 2MBs worth of EEPROM where the actual OS and default apps are stored.

This is flashable like when you do an OS upgrade to OS3.5 from OS3.1.

However, with a program like FlashPro, you CAN actually have access to the EEPROM to store apps (and it works similar to the FileMover, except that instead of moving file from RAM to SpringBoard module, it moves it right into the EEPROM) - out of the 2MBs of flash EEPROM (different from the 8MBs of RAM) on the Palm Vx, there is still about 800K that is free. With programs like FlashPro (from TRG), you can actually store apps right on the EEPROM. Some people have actually flashed DateBk4 into this space. Yes, since it is stored on the EEPROM, a hard reset WILL NOT clear the DateBk 4 that's been flashed into the it.

I have personally used FlashPro to do this and have even deleted some built-in Palm apps from the ROM, like the "Welcome" app for example.

Therefore, by the same extension, if I modified FlashPro a little bit, added some malicious code into it and disguised it as, say, a game, then the next time you install it on your Palm Vx and click on it, it could conceivably start a process which will write the malicious code right into your EEPROM, causing havoc with the Palm which even a hard reset could not cure.

JackFlash is also another application that can access the Palm's flashable EEPROM: http://www.palmgear.com/software/sh...cfm?prodID=5347

FlashPro : http://www.palmgear.com/software/sh...amp;prodID=2611

Check out the documentation. I've given this a lot of thought and I think it's entirely possible and quite scary if you are a Palm Vx, Palm IIIc, Palm IIIxe or TRGPro owner.

[Edited by Tan Kit Hoong on 11-28-2000 at 09:45 AM]

__________________
Tan Kit Hoong,
Star Publications (M) Ltd
<img src="http://thestar.com.my/tech/images/thestar_140x45.gif">

Tan Kit Hoong is offline Old Post 11-28-2000 02:30 PM
Click Here to See the Profile for Tan Kit Hoong Edit/Delete Message Reply w/Quote
PDAENVY
Member

Registered: Nov 1999
Location: Ann Arbor, Michigan USA
Posts: 790

quote:
Originally posted by Tan Kit Hoong
... for example, the Palm Vx has 2MBs worth of EEPROM where the actual OS and default apps are stored.

This is flashable like when you do an OS upgrade to OS3.5 from OS3.1.

...Therefore, by the same extension, if I modified FlashPro a little bit, ... , then the next time you install it on your Palm Vx and click on it, it could conceivably start a process which will write the malicious code right into your EEPROM, causing havoc with the Palm which even a hard reset could not cure.

[Edited by Tan Kit Hoong on 11-28-2000 at 09:40 AM]



Is the entire OS in EEPROM, or is some of it in regular ROM?


quote:
some have flashable ROM (actually EEPROM). ... the flashable rom is clearable ... by leaving the batteries out long enough

I can't believe I said this. The whole point of EEPROM is to be independant of batteries. And while it might be feasible to make a hard reset also zero the EEPROM, no vendor would do it because it would blow away the OS patches stored there.

Chalk another one up to lack of coffee and condescending computer engineer attitude! Sorry.

__________________
Jeff

PDAENVY is offline Old Post 11-28-2000 02:57 PM
Click Here to See the Profile for PDAENVY Edit/Delete Message Reply w/Quote
Tan Kit Hoong
Member

Registered: Dec 1999
Location: Kuala Lumpur
Posts: 247

Since an upgrade from OS3.1 to OS3.5 is quite a complete makeover, I believe the whole OS and default apps are stored on the EEPROM.

__________________
Tan Kit Hoong,
Star Publications (M) Ltd
<img src="http://thestar.com.my/tech/images/thestar_140x45.gif">

Tan Kit Hoong is offline Old Post 11-28-2000 03:05 PM
Click Here to See the Profile for Tan Kit Hoong Edit/Delete Message Reply w/Quote
kalahari
Member

Registered: Sep 1999
Location: San Francisco, CA
Posts: 431

quote:
Originally posted by PDAENVY
...
quote:
... (or even erasing the PalmOS totally), making the whole device totally unusuable?



This is not possible. All PalmOS PDAs have non-destructable ROM and some have flashable ROM (actually EEPROM). No virus can harm the ROM, and the flashable rom is clearable with a hard reset or by leaving the batteries out long enough.


The EditRom utility, which is still in beta, supposedly allows the addition & deletion of ROM-based applications on Palm devices. I have seen posts on other discussion boards where people have claimed to having deleting all the main apps and freeing up 1MB for use by FlashPro.

Wouldn't a virus be able to delete ROM-based apps (including the OS) too?

An update..........................
For some reason, when I started my reply, the most recent three posts weren't showing so I did not see PDAENVY's most recent response. I think he has answered the question.

[Edited by kalahari on 11-28-2000 at 03:40 PM]

kalahari is offline Old Post 11-28-2000 08:35 PM
Click Here to See the Profile for kalahari Edit/Delete Message Reply w/Quote
PDAENVY
Member

Registered: Nov 1999
Location: Ann Arbor, Michigan USA
Posts: 790

quote:
Originally posted by Tan Kit Hoong
Since an upgrade from OS3.1 to OS3.5 is quite a complete makeover, I believe the whole OS and default apps are stored on the EEPROM.

So a developer could write a utility to clear the EEPROM and leave the device as virus-free 3.1 anyway.

__________________
Jeff

PDAENVY is offline Old Post 11-28-2000 08:49 PM
Click Here to See the Profile for PDAENVY Edit/Delete Message Reply w/Quote
Tan Kit Hoong
Member

Registered: Dec 1999
Location: Kuala Lumpur
Posts: 247

Yes, PDAENVY, but I see three possible ways that a virus could ensure it cannot be removed once on the EEPROM:

1. The virus could cause your Palm to go into a continuous reset loop, thereby making HotSync and beaming of a cure impossible.
2. If a virus clears the OS, the machine might be totally unusable as the neccesary software for HotSynching won't be there.
3. At the least, a ROM virus could easily disable HotSync and beaming so that you cannot install any more programs.

In this case, there are only two ways to possibly fix this:

1. You already have an antivirus program that was on your Palm and it detected it and removed it before it could do any damage.
2. If not, and the damage is already done, then the only way would be to remove the EEPROM and re-flash it with a clean OS, using professional equipment (much as some motherboard BIOSs can be flashed once, say, infecetd by the CIH virus)

__________________
Tan Kit Hoong,
Star Publications (M) Ltd
<img src="http://thestar.com.my/tech/images/thestar_140x45.gif">

Tan Kit Hoong is offline Old Post 11-29-2000 03:43 AM
Click Here to See the Profile for Tan Kit Hoong Edit/Delete Message Reply w/Quote
HostileJava
Member

Registered: Sep 2000
Location: Nazareth, PA
Posts: 99

I think a few things need to be cleared up.
1. Your entire OS and the included apps are stored on the EEPROM.
2. When you have a major OS update like 3.1 to 3.5 the OS and all the apps are over written by the newer version, the old OS no longer exists on the device.
3. The extra memory on the EEPROM is for future expansion. ie. the newer OS's and built in apps may take up more memory.
4. Programs like JackFlash take advantage of this and let you store apps in there so you won't lose info when your battery goes dead.
5. The possibility exists that an app could be made to format the EEPROM so that nothing on it is left. Which means there is no program to hotsync or beam the OS back onto the device.
6. The Visors are immune to this problem because there OS and built-in apps reside on a regular ROM chip wich can to be written to.
7. The only way to fix a palm with a formatted EEPROM would be to flash it using equipment at palms manufacturing plant or replacing the EEPROM.

__________________
http://signature.coola.com/[email protected]

HostileJava is offline Old Post 11-29-2000 04:10 AM
Click Here to See the Profile for HostileJava Edit/Delete Message Reply w/Quote
Tan Kit Hoong
Member

Registered: Dec 1999
Location: Kuala Lumpur
Posts: 247

Back to my original intent in starting this thread - scary isn't it?

Yes, and our Visors are protected from these kinds of viruses at least, and Visor owners can be confident that a hard reset will effectively get rid of any viruses

__________________
Tan Kit Hoong,
Star Publications (M) Ltd
<img src="http://thestar.com.my/tech/images/thestar_140x45.gif">

Tan Kit Hoong is offline Old Post 11-29-2000 04:37 PM
Click Here to See the Profile for Tan Kit Hoong Edit/Delete Message Reply w/Quote
Fagan
Member

Registered: Dec 2000
Location:
Posts: 24

Reading this post has reminded me of a program I saw for the TI-89 graphing calculator. The calculator ahs a Flashable rom for OS upgrades and the OS itslef allows you to 'archive' files by flashing them to the chip and removing them from ram. Someone wrote a program that continually flashed a file again and again. The claim was that this process, if left going for a great enough amount of time, would destroy the ROM chip or at least render the calculator inoperable in some way. I can't confirm this, of course (why would I try this???) but it seems interesting and possible that a Palm's chip could be harmed or the OS deleted in some way.

Fagan is offline Old Post 12-07-2000 04:25 AM
Click Here to See the Profile for Fagan Edit/Delete Message Reply w/Quote
PDAENVY
Member

Registered: Nov 1999
Location: Ann Arbor, Michigan USA
Posts: 790

quote:
Originally posted by Fagan
...Someone wrote a program that continually flashed a file again and again. The claim was that this process, if left going for a great enough amount of time, would destroy the ROM chip or at least render the calculator inoperable in some way. I can't confirm this, of course (why would I try this???) but it seems interesting and possible that a Palm's chip could be harmed or the OS deleted in some way.


Certainly a flash chip has a MTBF. Depending on how long it takes to flash and how long the loop is left running, it should be possible to burn it out.

__________________
Jeff

PDAENVY is offline Old Post 12-07-2000 04:55 AM
Click Here to See the Profile for PDAENVY Edit/Delete Message Reply w/Quote
Thunderbird291
Member

Registered: Feb 2001
Location:
Posts: 447

quote:
Originally posted by Tan Kit Hoong
If not, and the damage is already done, then the only way would be to remove the EEPROM and re-flash it with a clean OS, using professional equipment (much as some motherboard BIOSs can be flashed once, say, infecetd by the CIH virus)


Yup, I heard once about a guy who was flashing his BIOS(to change the Energy star boot-up picture)and the power went out. It fried his BIOS chip and he had to buy a new one. Only around $20 though, but it does relate to what you said about replacing an EEPROM chip.

Thunderbird291 is offline Old Post 03-24-2001 12:01 AM
Click Here to See the Profile for Thunderbird291 Edit/Delete Message Reply w/Quote
miradu
TreoCentral Staff

Registered: May 2000
Location: St. Paul, MN
Posts: 1429

AS I have heard, EEPROM is only rated for liek 10,000 rewritings. While that is enough for normal use of certin things. You can't store things like varibles on it, because it would eventually die. THAT TI program is real MY friend got it on his 83+, I feel sorry for him

__________________
-miradu

miradu is offline Old Post 03-24-2001 01:20 AM
Click Here to See the Profile for miradu Edit/Delete Message Reply w/Quote
All times are GMT. The time now is 07:04 PM. Post New Thread    Post A Reply
  Last Thread   Next Thread
[ Show a Printable Version | Email This Page to Someone! | Receive updates to this thread ]

Forum Jump:

Powered by: vBulletin Version 2.3.4
Copyright ©2000, 2001, Jelsoft Enterprises Limited.