LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   The Dangers & Solutions Of The Device Configuration Overlay (DCO) Mystery... (http://www.linuxquestions.org/questions/linux-security-4/the-dangers-and-solutions-of-the-device-configuration-overlay-dco-mystery-817248/)

halvy 06-30-2010 04:32 PM

The Dangers & Solutions Of The Device Configuration Overlay (DCO) Mystery...
 
Not too many folks have heard or know about a mysterious hidden area, that is possibly on their computer's hard drive.

I would think, nearly everyone, if they thought this was true.. would be alarmed, if not at least seriously curious about it's functions.

What is called the 'Device Configuration Overlay' (DCO), is a newer version of something similar, that has been around for many years, the 'Hidden Partition Area' (HPA).

The more known about HPA, is something that companies like Microsoft and hardware manufactures have used over the years, to install backups and firmware related programs, in hidden areas of the hard disk, for the benefit (supposedly) of the user. This can be easily understood, and accepted I believe, by most people.

However, the DCO is another story.. Although 'supposedly' meant for the same purposes as the older, original HPA.. it is stubbornly kept in an area of the newer hard drives, that makes it much harder to access, and see what indeed is residing there...and exactly what it is 'doing'.

I have researched this.. not quite in the depth that I have wanted to over the last few years.. until now.

What I have found is very incomplete, inaccurate, scant and mysterious information.

The software and hardware that is available, to investigate this issue, is also scant, nearly impossible to use, at least for the lay person, or average tech person.

Again, I will basically be devoting and addressing my issue, to the DCO, since the HPA, although still used, is much more easily dissected, deleted, and otherwise known about, as compared to the newer 'DCO' features.

I will be providing links, including a summary of my findings, here, as time goes on.

I hope anyone else reading this, takes this information to heart, and helps clear up the troubling aspects, of this nearly un-spoken aspect, of their computer security.

This DCO, can be used, apparently, for many uses.. some good, and some bad.

It's the fact that is so undocumented, talked about, and nearly unavailable for research, that makes it all the more necessary to get it out in the open, for all to see, and then 'deal with it', as THEY see fit.

A quick look at the forum here at LQ, shows literally NO information on DCO (at least at the time of me posting this original new thread on the topic, Wed, June 30, at 10pm, GMT).

A look at Wikipedia gives scant details, other than some basics, and some references, which lead almost no where.

Your favorite search engine will tell little more.. at least on the surface, other that what I have covered so far, and which will be available when I post the new web site, that I am building, which will have the data that I have collected, so far, on the matter of DCO.

Please feel free to comment, add to, or refute, any facts.

In addition to the DCO, I think it would be appropriate to mention other related issues, ONLY if and when they relate directly or indirectly to DCO, and discuss them as well, since I don't want to see the thread 'go-off' on issues that are or have been discussed in detail already, concerning any other computer security issues (eg. using un-used areas of NORMAl, easy to see, 'Partition' areas of your hard disks, firmware, stenography, etc..).

Opinions are fine, but please don't expect me or anyone who has a serious interest in Security, to give it much attention, if no practical and logical reasoning is involved in your remarks.

I will probably not get involved in any 'arguments', or nasty remarks.

If a line of thinking (scientific argument) is apparently leading to some sort of logical conclusion, then I may get involved in it.. time permitting.

I look forward to expanding and or consolidating, the knowledge base which is already 'out there' concerning this issue.. and I deeply thank LQ for the time and space, to do this, here and in the future.

Halvy :)

unSpawn 06-30-2010 07:26 PM

Quote:

Originally Posted by halvy (Post 4019810)
(..) a mysterious hidden area (..) would be alarmed (..) seriously curious

The Linux Security forum deals with facts, not fiction. So please leave out the sensationalist claims.


Quote:

Originally Posted by halvy (Post 4019810)
What is called the 'Device Configuration Overlay' (DCO), is a newer version of something similar, that has been around for many years, the 'Hidden Partition Area' (HPA).

They are not mutually exclusive but they are different entities. ATA-4 vs ATA-6 if you've done your research.


Quote:

Originally Posted by halvy (Post 4019810)
I have researched this.. not quite in the depth (..) very incomplete, inaccurate, scant and mysterious information. (..) I will be providing links, including a summary of my findings, here, as time goes on.

Well, then present your "research"!


Quote:

Originally Posted by halvy (Post 4019810)
I hope anyone else reading this, takes this information to heart, and helps clear up the troubling aspects, of this nearly un-spoken aspect, of their computer security.

There has been absolutely nothing presented of any value here sofar apart from FUD. Anyway. Like I already said here about HPA there is nothing mysterious about DCO either. For those willing to "invest" 5 minutes of time to do research the state of documentation definitely will not appear to be "scant" (the same term you used to describe the HPA):
- http://www.berghel.net/col-edit/digi...07/dv_4-07.php ,
- http://www.utica.edu/academic/instit...46864A2671.pdf ,
- http://www.fim.uni-linz.ac.at/lva/SE...e/forensic.pdf ,
- http://sourceforge.net/projects/hdparm/, since version v8.9: --dco-identify, --dco-freeze, and --dco-restore (also see http://www.forensicswiki.org/wiki/DCO_and_HPA ),
- EnCase for DOS: Direct ATA access instead of BIOS access,
- using a FireFly or Tableau UltraBlock with recent firmware (forensic investigators already know).


All times are GMT -5. The time now is 10:00 PM.