drive with read-only dip switch - Storage

This is a discussion on drive with read-only dip switch - Storage ; I recall that many, many years ago, there were PATA drives that had a dip switch setting that prevented all writing to the drive. In light of so many novel security issues, I miss this very old feature. Are there ...

+ Reply to Thread
Results 1 to 18 of 18

Thread: drive with read-only dip switch

  1. drive with read-only dip switch


    I recall that many, many years ago, there were PATA drives that had a
    dip switch setting that prevented all writing to the drive. In light
    of so many novel security issues, I miss this very old feature. Are
    there any drives that still have such a feature? (SATA preferred, but
    I would live with PATA.)

    (PS: No, this must not be software settable. This would defeat my
    intent. It must only be hardware settable, so that changes can only
    be made if I am physically at the hard drive and insert the switch.
    Interestingly, this should be something that should be very easy to
    implement for drive manufacturers.)

    sincerely,

    /iaw

  2. Re: drive with read-only dip switch

    ivowel wrote:

    > I recall that many, many years ago, there were PATA drives that
    > had a dip switch setting that prevented all writing to the drive.


    Nope.

    > In light of so many novel security issues, I miss this very old feature.


    You can get the same result by unplugging the drive.

    > Are there any drives that still have such a feature?


    Nope.

    > (SATA preferred, but I would live with PATA.)


    > (PS: No, this must not be software settable. This would defeat my
    > intent. It must only be hardware settable, so that changes can only
    > be made if I am physically at the hard drive and insert the switch.
    > Interestingly, this should be something that should be very easy to
    > implement for drive manufacturers.)


    Yes, but there are much better ways to protect the contents of a drive.



  3. Re: drive with read-only dip switch

    On Jan 30, 2:17 pm, ivowel wrote:
    > I recall that many, many years ago, there were PATA drives that had a
    > dip switch setting that prevented all writing to the drive. In light
    > of so many novel security issues, I miss this very old feature. Are
    > there any drives that still have such a feature? (SATA preferred, but
    > I would live with PATA.)
    >
    > (PS: No, this must not be software settable. This would defeat my
    > intent. It must only be hardware settable, so that changes can only
    > be made if I am physically at the hard drive and insert the switch.
    > Interestingly, this should be something that should be very easy to
    > implement for drive manufacturers.)
    >
    > sincerely,
    >
    > /iaw


    All modern operating systems continually need to write to the drive
    (paging file, etc.).
    Write protecting the system drive would render the OS unusable.

  4. Re: drive with read-only dip switch

    Previously ivowel wrote:

    > I recall that many, many years ago, there were PATA drives that had a
    > dip switch setting that prevented all writing to the drive. In light
    > of so many novel security issues, I miss this very old feature. Are
    > there any drives that still have such a feature? (SATA preferred, but
    > I would live with PATA.)


    No drives, but you can get forensic write blocker, e.g. these here:

    http://www.forensicpc.com/proddetail.asp?prod=T35e

    I think they are a bit over-priced, but if you want to be sure,
    (as in preserving evidence) they are the way to go. Seems this
    offering is a s cheap as it gets.

    > (PS: No, this must not be software settable.


    That would kind of defeat the purpose anyways ;-)

    > This would defeat my
    > intent. It must only be hardware settable, so that changes can only
    > be made if I am physically at the hard drive and insert the switch.
    > Interestingly, this should be something that should be very easy to
    > implement for drive manufacturers.)


    For drive manufactueres, spending the extra 50 Cent is not cost
    effective, since apparently only very, very few people
    want this feature.

    Arno

  5. Re: drive with read-only dip switch

    Previously RonnieJP wrote:
    > On Jan 30, 2:17 pm, ivowel wrote:
    >> I recall that many, many years ago, there were PATA drives that had a
    >> dip switch setting that prevented all writing to the drive. In light
    >> of so many novel security issues, I miss this very old feature. Are
    >> there any drives that still have such a feature? (SATA preferred, but
    >> I would live with PATA.)
    >>
    >> (PS: No, this must not be software settable. This would defeat my
    >> intent. It must only be hardware settable, so that changes can only
    >> be made if I am physically at the hard drive and insert the switch.
    >> Interestingly, this should be something that should be very easy to
    >> implement for drive manufacturers.)
    >>
    >> sincerely,
    >>
    >> /iaw


    > All modern operating systems continually need to write to the drive
    > (paging file, etc.).
    > Write protecting the system drive would render the OS unusable.


    That is untrue. Paging can be switched off or done to an other disk.
    Under some OSes it can even be done to RAMDISK (which sounds redundant,
    but is not.) Ans disks can be mounted in read-nonly mode. A device that
    often has the switch for that today is memory sticks.

    Side note: A Knoppix CD-only linux does not write a single bit to disk,
    unless you explicitely allow it to. It works fine.

    Arno

  6. Re: drive with read-only dip switch

    Arno Wagner wrote in news:60duecF1qnnveU1@mid.individual.net
    > Previously ivowel wrote:
    >
    > > I recall that many, many years ago, there were PATA drives that had a
    > > dip switch setting that prevented all writing to the drive. In light
    > > of so many novel security issues, I miss this very old feature. Are
    > > there any drives that still have such a feature? (SATA preferred, but
    > > I would live with PATA.)

    >
    > No drives, but you can get forensic write blocker, e.g. these here:
    >
    > http://www.forensicpc.com/proddetail.asp?prod=T35e
    >
    > I think they are a bit over-priced, but if you want to be sure,
    > (as in preserving evidence) they are the way to go.


    > Seems this offering is a s cheap as it gets.


    Cheaper that SCSI even?

    >
    > > (PS: No, this must not be software settable.


    > That would kind of defeat the purpose anyways ;-)


    And what purpose would that be, babblebot?

    >
    > > This would defeat my intent.
    > > It must only be hardware settable, so that changes can only
    > > be made if I am physically at the hard drive and insert the switch.
    > > Interestingly, this should be something that should be very easy to
    > > implement for drive manufacturers.)

    >
    > For drive manufactueres, spending the extra 50 Cent is not cost ef-
    > fective, since apparently only very, very few people want this feature.
    >
    > Arno


  7. Re: drive with read-only dip switch

    Arno Wagner wrote in news:60duifF1qnnveU2@mid.individual.net
    > Previously RonnieJP wrote:
    > > On Jan 30, 2:17 pm, ivowel wrote:
    > > > I recall that many, many years ago, there were PATA drives that had a
    > > > dip switch setting that prevented all writing to the drive. In light
    > > > of so many novel security issues, I miss this very old feature. Are
    > > > there any drives that still have such a feature? (SATA preferred, but
    > > > I would live with PATA.)
    > > >
    > > > (PS: No, this must not be software settable. This would defeat my
    > > > intent. It must only be hardware settable, so that changes can only
    > > > be made if I am physically at the hard drive and insert the switch.
    > > > Interestingly, this should be something that should be very easy to
    > > > implement for drive manufacturers.)
    > > >
    > > > sincerely,
    > > >
    > > > /iaw

    >
    > > All modern operating systems continually need to write to the drive
    > > (paging file, etc.).


    > > Write protecting the system drive would render the OS unusable.

    >
    > That is untrue.


    Babblebot, cluelessv as always.

    > Paging can be switched off or done to an other disk.
    > Under some OSes it can even be done to RAMDISK (which sounds redundant,
    > but is not.) Ans disks can be mounted in read-nonly mode. A device that
    > often has the switch for that today is memory sticks.
    >
    > Side note: A Knoppix CD-only linux does not write a single bit to disk,
    > unless you explicitely allow it to. It works fine.
    >
    > Arno


  8. Re: drive with read-only dip switch

    On Jan 31, 7:49 am, Arno Wagner wrote:
    > Previouslyivowel wrote:
    > > I recall that many, many years ago, there were PATA drives that had a
    > > dip switch setting that prevented all writing to the drive. In light
    > > of so many novel security issues, I miss this very old feature. Are
    > > there any drives that still have such a feature? (SATA preferred, but
    > > I would live with PATA.)

    >
    > No drives, but you can get forensic write blocker, e.g. these here:
    >
    > http://www.forensicpc.com/proddetail.asp?prod=T35e
    >
    > I think they are a bit over-priced, but if you want to be sure,
    > (as in preserving evidence) they are the way to go. Seems this
    > offering is a s cheap as it gets.
    >
    > > (PS: No, this must not be software settable.

    >
    > That would kind of defeat the purpose anyways ;-)
    >
    > > This would defeat my
    > > intent. It must only be hardware settable, so that changes can only
    > > be made if I am physically at the hard drive and insert the switch.
    > > Interestingly, this should be something that should be very easy to
    > > implement for drive manufacturers.)

    >
    > For drive manufactueres, spending the extra 50 Cent is not cost
    > effective, since apparently only very, very few people
    > want this feature.
    >
    > Arno



    thanks. yes, these kinds of devices are what I would like, but they
    do look expensive, and they look like a pain to install inside my
    server.

    the extra 50 cents that this feature would cost a drive manufacturer
    would not be worth it for every drive, but I could imagine there being
    a limited market (1% of the market) that would pay $50 extra for this
    feature. this could make it worthwhile for some manufacturers to have
    one or two models that have this feature. (used to be this way.)

    RAMdisk as a solution does not work, because I need to be able to boot
    and then prevent all write access to the hard drive until I switch my
    button.

    CD as a solution does not work, because I need to update it once a
    week or so (security patches, etc.). I would want to disconnect the
    server from the web, reboot it to my safe system that does not run
    anything else, hit the read-write toggle, and then execute the
    updates.

    regards,

    /iaw

  9. Re: drive with read-only dip switch

    ivowel wrote:
    > On Jan 31, 7:49 am, Arno Wagner wrote:
    >> Previouslyivowel wrote:
    >>> I recall that many, many years ago, there were PATA drives that had
    >>> a dip switch setting that prevented all writing to the drive. In
    >>> light of so many novel security issues, I miss this very old
    >>> feature. Are there any drives that still have such a feature?
    >>> (SATA preferred, but I would live with PATA.)

    >>
    >> No drives, but you can get forensic write blocker, e.g. these here:
    >>
    >> http://www.forensicpc.com/proddetail.asp?prod=T35e
    >>
    >> I think they are a bit over-priced, but if you want to be sure,
    >> (as in preserving evidence) they are the way to go. Seems this
    >> offering is a s cheap as it gets.
    >>
    >>> (PS: No, this must not be software settable.

    >>
    >> That would kind of defeat the purpose anyways ;-)
    >>
    >>> This would defeat my
    >>> intent. It must only be hardware settable, so that changes can only
    >>> be made if I am physically at the hard drive and insert the switch.
    >>> Interestingly, this should be something that should be very easy to
    >>> implement for drive manufacturers.)

    >>
    >> For drive manufactueres, spending the extra 50 Cent is not cost
    >> effective, since apparently only very, very few people
    >> want this feature.


    > thanks. yes, these kinds of devices are what I would like, but they
    > do look expensive, and they look like a pain to install inside my server.


    > the extra 50 cents that this feature would cost a drive manufacturer would
    > not be worth it for every drive, but I could imagine there being a limited
    > market (1% of the market) that would pay $50 extra for this feature.


    Nope, anyone with a clue uses more sophisticated
    ways of stopping unwanted writes on a particular drive.

    The problem with a physical switch on the drive itself is that its a pain in the arse to use.

    > this could make it worthwhile for some manufacturers to have
    > one or two models that have this feature. (used to be this way.)


    Nope.

    > RAMdisk as a solution does not work, because I need to be able to boot
    > and then prevent all write access to the hard drive until I switch my button.


    The point about a ram disk is that you dont care if its written to because
    any changes to that COPY of the drive contents is gone when you reboot.

    > CD as a solution does not work, because I need to update it once a
    > week or so (security patches, etc.). I would want to disconnect the
    > server from the web, reboot it to my safe system that does not run
    > anything else, hit the read-write toggle, and then execute the updates.


    Anyone with a clue has proper backups and so it makes a lot more
    sense to detect writes that you didnt want to happen and restore from
    backup if that does happen instead of a physical write protect jumper.



  10. Re: drive with read-only dip switch

    Previously ivowel wrote:
    > On Jan 31, 7:49 am, Arno Wagner wrote:
    >> Previouslyivowel wrote:
    >> > I recall that many, many years ago, there were PATA drives that had a
    >> > dip switch setting that prevented all writing to the drive. In light
    >> > of so many novel security issues, I miss this very old feature. Are
    >> > there any drives that still have such a feature? (SATA preferred, but
    >> > I would live with PATA.)

    >>
    >> No drives, but you can get forensic write blocker, e.g. these here:
    >>
    >> http://www.forensicpc.com/proddetail.asp?prod=T35e
    >>
    >> I think they are a bit over-priced, but if you want to be sure,
    >> (as in preserving evidence) they are the way to go. Seems this
    >> offering is a s cheap as it gets.
    >>
    >> > (PS: No, this must not be software settable.

    >>
    >> That would kind of defeat the purpose anyways ;-)
    >>
    >> > This would defeat my
    >> > intent. It must only be hardware settable, so that changes can only
    >> > be made if I am physically at the hard drive and insert the switch.
    >> > Interestingly, this should be something that should be very easy to
    >> > implement for drive manufacturers.)

    >>
    >> For drive manufactueres, spending the extra 50 Cent is not cost
    >> effective, since apparently only very, very few people
    >> want this feature.
    >>
    >> Arno



    > thanks. yes, these kinds of devices are what I would like, but they
    > do look expensive, and they look like a pain to install inside my
    > server.


    > the extra 50 cents that this feature would cost a drive manufacturer
    > would not be worth it for every drive, but I could imagine there being
    > a limited market (1% of the market) that would pay $50 extra for this
    > feature. this could make it worthwhile for some manufacturers to have
    > one or two models that have this feature. (used to be this way.)


    I would think so too, but aparently drive manufacturers believe
    differently. Also probably only very few people actually implement
    this type of security measure.

    > RAMdisk as a solution does not work, because I need to be able to boot
    > and then prevent all write access to the hard drive until I switch my
    > button.


    > CD as a solution does not work, because I need to update it once a
    > week or so (security patches, etc.). I would want to disconnect the
    > server from the web, reboot it to my safe system that does not run
    > anything else, hit the read-write toggle, and then execute the
    > updates.


    Hmm. Maybe use a USB flash drive with write protection switch?
    Some do have them. If your server can boot from USB, you could
    keep the flash drive on the outside and conveniently reachable
    via USB extension cable.

    An other idea would be to use a fileserver that exports the
    partition read-only. Depends on your OS and requires
    a separate server.

    Arno

  11. Re: drive with read-only dip switch

    There were SCSI drives with this feature, mine is an 9GB IBM UW.
    There are USB-PATA bridge boards with this feature for around $20.

    "ivowel" wrote in message
    news:432eb65b-05a2-46e7-bd24-5c92f2b84569@i12g2000prf.googlegroups.com...
    >
    > I recall that many, many years ago, there were PATA drives that had a
    > dip switch setting that prevented all writing to the drive. In light
    > of so many novel security issues, I miss this very old feature. Are
    > there any drives that still have such a feature? (SATA preferred, but
    > I would live with PATA.)
    >
    > (PS: No, this must not be software settable. This would defeat my
    > intent. It must only be hardware settable, so that changes can only
    > be made if I am physically at the hard drive and insert the switch.
    > Interestingly, this should be something that should be very easy to
    > implement for drive manufacturers.)
    >


  12. Re: drive with read-only dip switch

    Arno Wagner wrote:

    > For drive manufactueres, spending the extra 50 Cent is not cost
    > effective, since apparently only very, very few people
    > want this feature.
    >
    > Arno


    Floppy drives, Mini-DV, VHS, some flash drives, and audio tape all have
    write-protect switches.

    If not on the drive itself, perhaps an external HDD enclosure could
    offer that feature.

    Here's one, looks a few years old though.


  13. Re: drive with read-only dip switch

    Previously timeOday wrote:
    > Arno Wagner wrote:


    >> For drive manufactueres, spending the extra 50 Cent is not cost
    >> effective, since apparently only very, very few people
    >> want this feature.
    >>
    >> Arno


    > Floppy drives, Mini-DV, VHS, some flash drives, and audio tape all have
    > write-protect switches.


    Indeed. But they are on removable media (counting the flash
    drives as media). HDDs are not in that class.

    > If not on the drive itself, perhaps an external HDD enclosure could
    > offer that feature.


    They could. Of course, implementing this is more diffecult for (S)ATA,
    than for the removable medua you mention, since the ''switch''
    needs to understand the ATA command set.

    Arno

  14. Re: drive with read-only dip switch

    In article <60ia0vF1qi80lU1@mid.individual.net>,
    Arno Wagner wrote:
    :Previously timeOday wrote:
    :> Arno Wagner wrote:
    :
    :>> For drive manufactueres, spending the extra 50 Cent is not cost
    :>> effective, since apparently only very, very few people
    :>> want this feature.
    :>>
    :>> Arno
    :
    :> Floppy drives, Mini-DV, VHS, some flash drives, and audio tape all have
    :> write-protect switches.
    :
    :Indeed. But they are on removable media (counting the flash
    :drives as media). HDDs are not in that class.
    :
    :> If not on the drive itself, perhaps an external HDD enclosure could
    :> offer that feature.
    :
    :They could. Of course, implementing this is more diffecult for (S)ATA,
    :than for the removable medua you mention, since the ''switch''
    :needs to understand the ATA command set.

    That would be true for parallel ATA as well. Accessing and reading data
    from the drive requires writes to internal control registers. You can't
    just interrupt the "WRITE" signal in the bus and expect to use the drive
    at all.

    --
    Bob Nichols AT comcast.net I am "RNichols42"

  15. Re: drive with read-only dip switch

    Previously Robert Nichols wrote:
    > In article <60ia0vF1qi80lU1@mid.individual.net>,
    > Arno Wagner wrote:
    > :Previously timeOday wrote:
    > :> Arno Wagner wrote:
    > :
    > :>> For drive manufactueres, spending the extra 50 Cent is not cost
    > :>> effective, since apparently only very, very few people
    > :>> want this feature.
    > :>>
    > :>> Arno
    > :
    > :> Floppy drives, Mini-DV, VHS, some flash drives, and audio tape all have
    > :> write-protect switches.
    > :
    > :Indeed. But they are on removable media (counting the flash
    > :drives as media). HDDs are not in that class.
    > :
    > :> If not on the drive itself, perhaps an external HDD enclosure could
    > :> offer that feature.
    > :
    > :They could. Of course, implementing this is more diffecult for (S)ATA,
    > :than for the removable medua you mention, since the ''switch''
    > :needs to understand the ATA command set.


    > That would be true for parallel ATA as well.


    Have you seen the "(" and ")" around the "S" above?

    > Accessing and reading data
    > from the drive requires writes to internal control registers. You can't
    > just interrupt the "WRITE" signal in the bus and expect to use the drive
    > at all.


    Indeed. THat was feasible, though, with MFM and RLL drives.

    Arno

  16. Re: drive with read-only dip switch

    Arno Wagner wrote in news:60ia0vF1qi80lU1@mid.individual.net
    > Previously timeOday wrote:
    > > Arno Wagner wrote:

    >
    > > > For drive manufactueres, spending the extra 50 Cent is not cost
    > > > effective, since apparently only very, very few people want this feature.
    > > >
    > > > Arno

    >
    > > Floppy drives, Mini-DV, VHS, some flash drives, and audio tape all have
    > > write-protect switches.

    >
    > Indeed. But they are on removable media (counting the flash drives as media).


    > HDDs are not in that class.


    And as we all know, SCSI drives are not HDDs.

    >
    > > If not on the drive itself, perhaps an external HDD enclosure could
    > > offer that feature.


    > They could. Of course, implementing this is more diffecult for (S)ATA,
    > than for the removable medua you mention,


    (Yeah, obviously flashdrives do not use the ATA command set at all).
    Any device that accepts write protect media will have extra code to
    handle the extra functions that such a protection scheme requires.

    > since the ''switch'' needs to understand the ATA command set.


    Like that same effort isn't required for the physical drive itself when
    fitted with such a switch.

    >
    > Arno



  17. Re: drive with read-only dip switch

    Robert Nichols wrote in news:fo3a4s$m17$1@omega-3a.local
    > In article <60ia0vF1qi80lU1@mid.individual.net>,
    > Arno Wagner wrote:
    > > Previously timeOday wrote:
    > > > Arno Wagner wrote:

    > >
    > > > > For drive manufactueres, spending the extra 50 Cent is not cost
    > > > > effective, since apparently only very, very few people
    > > > > want this feature.
    > > > >
    > > > > Arno

    > >
    > > > Floppy drives, Mini-DV, VHS, some flash drives, and audio tape all have
    > > > write-protect switches.

    > >
    > > Indeed. But they are on removable media (counting the flash
    > > drives as media). HDDs are not in that class.
    > >
    > > > If not on the drive itself, perhaps an external HDD enclosure could
    > > > offer that feature.

    > >
    > > They could. Of course, implementing this is more diffecult for (S)ATA,
    > > than for the removable medua you mention, since the ''switch''
    > > needs to understand the ATA command set.

    >
    > That would be true for parallel ATA as well. Accessing and reading data
    > from the drive requires writes to internal control registers.


    > You can't just interrupt the "WRITE" signal in the bus and expect to
    > use the drive at all.


    Right,
    but if you know through the other bus signals that a device register write
    is underway you can interrupt conditionally using those other bussignals.

    But that's all academic/besides the point.
    The point being that you need a controller response back to the host
    saying that the device cannot write.
    Otherwise you can move data to the drive thinking you won't loose it because it will be saved there, but it just vanishes.
    Same with saving hours of hard work into oblivian without any warnings.




  18. Re: drive with read-only dip switch

    Arno Wagner wrote in news:60luv9F1pornjU1@mid.individual.net
    > Previously Robert Nichols wrote:
    > > In article <60ia0vF1qi80lU1@mid.individual.net>,
    > > Arno Wagner wrote:
    > > > Previously timeOday wrote:
    > > > > Arno Wagner wrote:
    > > >
    > > > > > For drive manufactueres, spending the extra 50 Cent is not cost
    > > > > > effective, since apparently only very, very few people
    > > > > > want this feature.
    > > > > >
    > > > > > Arno
    > > >
    > > > > Floppy drives, Mini-DV, VHS, some flash drives, and audio tape all have
    > > > > write-protect switches.
    > > >
    > > > Indeed. But they are on removable media (counting the flash
    > > > drives as media). HDDs are not in that class.
    > > >
    > > > > If not on the drive itself, perhaps an external HDD enclosure could
    > > > > offer that feature.
    > > >
    > > > They could. Of course, implementing this is more diffecult for (S)ATA,
    > > > than for the removable medua you mention, since the ''switch''
    > > > needs to understand the ATA command set.

    >
    > > That would be true for parallel ATA as well.

    >
    > Have you seen the "(" and ")" around the "S" above?
    >
    > > Accessing and reading data
    > > from the drive requires writes to internal control registers. You can't
    > > just interrupt the "WRITE" signal in the bus and expect to use the drive
    > > at all.


    > Indeed.


    > THat was feasible, though, with MFM and RLL drives.


    Like that is all that is required.

    >
    > Arno


+ Reply to Thread