LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 06-30-2010, 04:32 PM   #1
halvy
Member
 
Registered: Aug 2005
Location: Boston Massachussets, USA
Distribution: my own Debian creation :)
Posts: 884

Rep: Reputation: 40
Exclamation The Dangers & Solutions Of The Device Configuration Overlay (DCO) Mystery...


Not too many folks have heard or know about a mysterious hidden area, that is possibly on their computer's hard drive.

I would think, nearly everyone, if they thought this was true.. would be alarmed, if not at least seriously curious about it's functions.

What is called the 'Device Configuration Overlay' (DCO), is a newer version of something similar, that has been around for many years, the 'Hidden Partition Area' (HPA).

The more known about HPA, is something that companies like Microsoft and hardware manufactures have used over the years, to install backups and firmware related programs, in hidden areas of the hard disk, for the benefit (supposedly) of the user. This can be easily understood, and accepted I believe, by most people.

However, the DCO is another story.. Although 'supposedly' meant for the same purposes as the older, original HPA.. it is stubbornly kept in an area of the newer hard drives, that makes it much harder to access, and see what indeed is residing there...and exactly what it is 'doing'.

I have researched this.. not quite in the depth that I have wanted to over the last few years.. until now.

What I have found is very incomplete, inaccurate, scant and mysterious information.

The software and hardware that is available, to investigate this issue, is also scant, nearly impossible to use, at least for the lay person, or average tech person.

Again, I will basically be devoting and addressing my issue, to the DCO, since the HPA, although still used, is much more easily dissected, deleted, and otherwise known about, as compared to the newer 'DCO' features.

I will be providing links, including a summary of my findings, here, as time goes on.

I hope anyone else reading this, takes this information to heart, and helps clear up the troubling aspects, of this nearly un-spoken aspect, of their computer security.

This DCO, can be used, apparently, for many uses.. some good, and some bad.

It's the fact that is so undocumented, talked about, and nearly unavailable for research, that makes it all the more necessary to get it out in the open, for all to see, and then 'deal with it', as THEY see fit.

A quick look at the forum here at LQ, shows literally NO information on DCO (at least at the time of me posting this original new thread on the topic, Wed, June 30, at 10pm, GMT).

A look at Wikipedia gives scant details, other than some basics, and some references, which lead almost no where.

Your favorite search engine will tell little more.. at least on the surface, other that what I have covered so far, and which will be available when I post the new web site, that I am building, which will have the data that I have collected, so far, on the matter of DCO.

Please feel free to comment, add to, or refute, any facts.

In addition to the DCO, I think it would be appropriate to mention other related issues, ONLY if and when they relate directly or indirectly to DCO, and discuss them as well, since I don't want to see the thread 'go-off' on issues that are or have been discussed in detail already, concerning any other computer security issues (eg. using un-used areas of NORMAl, easy to see, 'Partition' areas of your hard disks, firmware, stenography, etc..).

Opinions are fine, but please don't expect me or anyone who has a serious interest in Security, to give it much attention, if no practical and logical reasoning is involved in your remarks.

I will probably not get involved in any 'arguments', or nasty remarks.

If a line of thinking (scientific argument) is apparently leading to some sort of logical conclusion, then I may get involved in it.. time permitting.

I look forward to expanding and or consolidating, the knowledge base which is already 'out there' concerning this issue.. and I deeply thank LQ for the time and space, to do this, here and in the future.

Halvy

Last edited by halvy; 06-30-2010 at 04:36 PM.
 
Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 06-30-2010, 07:26 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,118
Blog Entries: 54

Rep: Reputation: 2786Reputation: 2786Reputation: 2786Reputation: 2786Reputation: 2786Reputation: 2786Reputation: 2786Reputation: 2786Reputation: 2786Reputation: 2786Reputation: 2786
Quote:
Originally Posted by halvy View Post
(..) a mysterious hidden area (..) would be alarmed (..) seriously curious
The Linux Security forum deals with facts, not fiction. So please leave out the sensationalist claims.


Quote:
Originally Posted by halvy View Post
What is called the 'Device Configuration Overlay' (DCO), is a newer version of something similar, that has been around for many years, the 'Hidden Partition Area' (HPA).
They are not mutually exclusive but they are different entities. ATA-4 vs ATA-6 if you've done your research.


Quote:
Originally Posted by halvy View Post
I have researched this.. not quite in the depth (..) very incomplete, inaccurate, scant and mysterious information. (..) I will be providing links, including a summary of my findings, here, as time goes on.
Well, then present your "research"!


Quote:
Originally Posted by halvy View Post
I hope anyone else reading this, takes this information to heart, and helps clear up the troubling aspects, of this nearly un-spoken aspect, of their computer security.
There has been absolutely nothing presented of any value here sofar apart from FUD. Anyway. Like I already said here about HPA there is nothing mysterious about DCO either. For those willing to "invest" 5 minutes of time to do research the state of documentation definitely will not appear to be "scant" (the same term you used to describe the HPA):
- http://www.berghel.net/col-edit/digi...07/dv_4-07.php ,
- http://www.utica.edu/academic/instit...46864A2671.pdf ,
- http://www.fim.uni-linz.ac.at/lva/SE...e/forensic.pdf ,
- http://sourceforge.net/projects/hdparm/, since version v8.9: --dco-identify, --dco-freeze, and --dco-restore (also see http://www.forensicswiki.org/wiki/DCO_and_HPA ),
- EnCase for DOS: Direct ATA access instead of BIOS access,
- using a FireFly or Tableau UltraBlock with recent firmware (forensic investigators already know).
 
2 members found this post helpful.
  


Reply

Tags
harddisk, hidden, mystery, partition, security, unknown


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
NIC & ADSL mystery in FC5 Juho_L Linux - Networking 13 10-20-2006 08:48 AM
TV-Out in Slackware & Fullscreen overlay on TV with GF-FX 5700 deukalion Linux - Newbie 7 09-27-2006 01:17 PM
got confused with my cd-rw kernal&device configuration!!! tagigogo Linux - Hardware 2 01-13-2005 11:12 PM
XawTV & ATI 9200 - Overlay problem coolzero Fedora 1 12-20-2004 12:38 PM


All times are GMT -5. The time now is 01:31 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration