Thursday, April 14, 2016

Artful Verification


Sometimes despite your desires to remain logical and analytical (you did after all choose to be a system design professional) you will find yourself in a position that requires you to pass judgment on others. This is never more true than when you are selecting a software package vendor. You have to be friendly but still cynical; vendors send you salespeople who know how to read your desires and make promises that cater to them. As a buyer you need to keep a critical eye toward what you know to be the facts.

Back in the early 1980s, when personal computers had 5 1/4 inch floppy disks and still went zyg zyg beep to start up, when ten megabyte hard disks were all the rage, I had the opportunity to review software vendors to provide hard disk security systems. The concern back then was that somebody could boot up from a floppy, switch to the C drive, and read all your data.

I was impressed by one vendor claiming that they not only could provide complete security, but actually prevent an unauthorized person from accessing the hard disk at all. As I had already reviewed the bios code and was familiar with how a computer loaded its bootstrap, I found their claim to be, eh, interesting. I asked to see a demo and they arranged for a salesman to drop by.

He gave a fairly nice demo, showing how their software could be configured so that only specific people could see certain files. at the end of the demo I commented "gee nice. Hey I was wondering about this item I read here about total protection." I told him that I seriously doubted their software could prevent somebody from destroying all the data on the C drive. He adamantly assured me that it would. Well then, was he confident enough that he would let me have a crack at his demo computer? Without a flinch he said sure!

I carried up a boot disk with the old DOS debug program on it, turned off his computer, put the disk in, and turned the computer on again. Zyg zyg beep! At the DOS prompt I typed debug and then used a command to write all zeroes to the boot sector on the hard disk. "Well uh, I think I just wiped your C drive," I shrugged. The salesperson didn't believe me. I removed my floppy disk and watched in a pitying amusement as he tried to restart his computer. Naturally the C drive was no longer readable at all (now he would have to reformat it). Needless to say we didn't purchase their software. Moral of the story: when you are buying software, trust... but verify.