Version 1.1 of FLU_SHOT+ has a few enhancements: 1. If you use the '-B' switch when you first run FLU_SHOT+, the machines BIOS will be used instead of direct screen writes. Useful for machines which are less than IBM-PC compatible. Or those people still running CGA's who don't like snow. It's a little slow. For the CGA users: you ever think of how nice it would be to see an unblurred screen? EGA's aren;t that expensive anymore.... 2. I neglected to remove some comments, and there was a hole in FLU_SHOT+ V1.0 that a worm could have exploited. The hole has been patched securely.... 3. An additional option in the FLUSHOT.DAT file: X= allows a matching program to "turn off" the triggering of FLU_SHOT+ for the entire duration of its run. This could leave a security hole if you're not careful....so be careful! Do not use an ambigious directory: running a trojan from there would not trigger FLU_SHOT+. I use it for programs like FORMAT, Norton Utilities and that kind of stuff. I'm very careful when using it, though. And you should be, too! 4. The in-memory protection table is now checksummed so that worms can't change the files you're attempting to protect. -- Version 1.2 of FLU_SHOT+ has a few enhancements: 1. A new option, '-I' has been added. This allows you to determine the frequency, in 1/18 seconds, of how often the CMOS Check (if enabled) and the Protection Table Check are going to run. The lower the number, the higher your protection, but the more impact it will have on system operations: they'll be a little slower. The default is set to one second. 2. Some complaints from those having FSP in their AUTOEXEC.BAT and having a line of the the form R=\AUTOEXEC.BAT. FSP was protecting the AUTOEXEC.BAT file (an intended option), but the boot sequence was causing people to have to hit a 'G' to continue with their boot. I've installed a '-S', where represents how many 1/18 seconds to sleep before activating the R= option. The default is set to 10 seconds. It will also immediately expire on the first key hit. 3. Because CMOS and Prot Table checks are done via the timer tick in Version 1.2, there is no need for the counter to be associated with the CMOS flag any longer. As such, '-C' is the full option to turn on CMOS checking. -- Version 1.4 of FLU_SHOT+ has a few enhancements: 1. I've skipped Version 1.3 - something about the number having bad luck and all. 2. A major bug, due to programmer stupidity, has been fixed. Alas, this bug actually could cause some damage to your disk. 3. The X= switch works better now - it was ignored on Direct Disk Writes 4. Some of the error messages have been made a bit clearer. 5. Complaints from some of the users have caused me to increase the size of the checksum buffer internal to FLU_SHOT+. This has the sad result of increasing the TSR size of the program itself -- but I consider it a reasonable increase for speeding up the checksumming of files. 6. If a file to be checksummed could not be found at startup time, the previous files checksum was displayed -- this has been fixed. 7. Certain holes in FLU_SHOT's security system have been patched. 8. The size of the FLUSHOT.DAT buffer has also been increased to allow users to specify more files to be checksummed and/or protected. Version 1.5, released on 1/15/89, has some enhancements and a bug-fix or two: 1. IOCTL's are now checked pretty carefully. Earlier versions had a minor hole. 2. A new option, '-W' will keep FLU_SHOT+ from triggering on an open of a file which allows for write access. Many lazy programmers (and I qualify as one, sometimes!) may open a file for write access, even though no write is intended. DOS's COPY command, for example, will cause a trigger on the open access to the source file. 3. FLU_SHOT+ will now trigger when a write is attempted to a file through the "handle" method. You'll get more triggers than with the original "Open with Write Access" you got, but it's better and more precise protection. 4. If you end a line in your FLUSHOT.DAT file with an '!', then the files which match this are considered "restricted". When access to these files causes a FLU_SHOT trigger, no options are displayed: the user is advised they are attempting to access a restricted file and to press any key. The operation will always fail. 5. However, restricted access isn;t much use if three hits of the ALT key can disable FLU_SHOT. So, a new option '--' has been added to disable disabling (yeah, I know it sounds weird!). If you use a '!' in your FLUSHOT.DAT file to restrict access to users *local* to your system, then you should use the '--' option in your FSP invocation call. 6. CMOS protection caused a lot of problems: about three out of every four support calls were because of CMOS problems: and nine out of ten of those calls were due to people attempting to check CMOS on their XT. XT's don't have CMOS!! Since the protection offered wasn't that big a deal anyway, it's been pulled entirely. As has the '-I' switch. The in-memory table is now checked before every DOS operation. 7. A bug in 1.4 would allow the Lehigh virus through under certain circumstances. This has been fixed. 8. The price of FLU_SHOT+ remains the same, at $10. However, the cost of FGLU_SHOT went up. Huh? Well, we now charge an additional $4 handling/shipping/processing charge on each order. Sorry: I never expected to make a fortune off of FLU_SHOT+, but I have to at least break-even. 9. A bug in the code would allow certain files to slip through unprotected. It's been fixed. 10. Using the '-A' switch allows you to define what attributes you want to use for the trigger window. 11. Using the '-K' switch allows you to define which "special" keys will be used instead of the Alt and Ctrl keys. 12. A serious bug in the "use BIOS" routine which could cause a disk to be trashed has been fixed. Version 1.51 (02/01/89): 1. The in memory checksum routine was running too frequently, causing certain DOS operations to crawl to a snail's pace. It's been altered. 2. FSP will now indicate what "agent" or program it believes is causing the problem. This is not *always* reliable, but it should tell you the right name of the program attempting a prohibited access about 99% of the time. Ross, 02/01/89