Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Symptoms of unauthorized entry

0 views
Skip to first unread message

Toddy Haciski

unread,
Sep 15, 1998, 3:00:00 AM9/15/98
to
Configuration Information:
Version: --Other--
Operating system: System 7.x

Dearest Tech Support,

I need your help, ASAP. I am working with, and for, the woman's club.
January '95, they purchased and installed your product, DiskLock ver.
3.0, on their PowerPC 6100/60, no CD. The hard drive is locked. This
is a club run by a changing board of directors, and numerous
committees. They have also gone through 3 secretaries since then.
My point being - the Super Password has been lost (I figured it
out.).
AND, there is a suspicion of unauthorized access to the locked files.
The secretary activated DiskLock at lunchtime (so that the DiskLock
Password window shows on the desktop). Upon her return, that window
was not showing, and files were open!! She tried to activate that
DiskLock Password window again, to no avail. She looked into the app
file itself, and found that it had been turned off. No problems since
then; however, she is shaken. Did someone access the computer files?
With what password? How can we find out what happened?
And, to cap it off - I think they need a new battery!! (The log shows
only 2 days with dates like 8/28/56.)

1.) The log
a. Why does the log only show two days worth of
activity?
b. How far back does the log normally go? I thought to
the beginning.

2.) What if the super password is lost?
a. I tried the book's suggestion to remove an older
version by going to the
installer, but couldn't find any scrolling list.
b. How do you retrieve files locked with the super
password, when all else fails?

3.) Is it possible to turn OFF DiskLock without using a password?
(I got through by rebuilding the desktop, BTW.)

I would appreciate as expedient a reply as possible. The natives are
getting restless! And, you have no idea how ugly this can get!!

Toddy Haciski
TO...@email.toddys-help.com
T.aking O.ver D.aily D.etails for Y.ou - the only virtual assistant
you'll ever need!
410-323-3663 888-45TODDY

Marnie Norris

unread,
Sep 15, 1998, 3:00:00 AM9/15/98
to

Hello Toddy,

First of all, DiskLock version 3.0 is an extremely outdated and unsupported
version of the product. If you'd like to continue using DiskLock as your
security program, I strongly recommend upgrading to version 4.0.

Now, in answer to your numbered questions:

1) Each partition of a hard drive has an audit log segment in the invisible
DISKLOCK.DB file, which is 5 KB (10 blocks) in size. Audit log entries are
variable in size, from about 16 to 48 bytes, so the number of entries in a
full segment will vary. The audit log window shows entries for all partitions,
so if you have multiple partitions, you will see more entries. So, the log
may simply have filled up and you are only seeing the most recent information.
Or, if you have had unauthorized entry, it is possible that any previous data
in the audit log has been deleted.

2) If the Super User password is lost, forgotten or won't work, you have two
options: reformat the drive or send it in for data recovery. Any files or
folders that have been encrypted will be lost with either option. It is
possible to regain access to locked files and folders using the data recovery process.

3) It is not possible to disable DiskLock without having the Super User
password unless the database has been damaged.

Please let us know if you have further questions.
--
========================================================================
Thank you,

Marnie Norris
Symantec Corporation

Please continue to post your messages to the public discussion groups as
Symantec
does not provide support via private e-mail.

If you have difficulty getting a response, please read the following article:
-http://service1.symantec.com/SUPPORT/sharedtech.nsf/docid/1998527114414

For free technical support newsletters, Knowledge Base support articles, our
Online Support Genie, and FAQs, visit the support page for your product.
-http://www.symantec.com/techsupp/index.html
========================================================================

Toddy Haciski

unread,
Sep 17, 1998, 3:00:00 AM9/17/98
to
Configuration Information:
Version: --Other--
Operating system: --Other--

Marnie-
Thanks for the response; however, I still don't get it.
How do I change the number of days in the audit log?
I CAN bypass the DiskLock screen on startup by rebuilding the
desktop. Are there other known ways to get around it, and turn
DiskLock off? The ladies are VERY concerned that the computer files
were open and DiskLock turned off when the secretary KNEW she had
turned DiskLock on when leaving for lunch.
Thanks!

Toddy Haciski

unread,
Sep 21, 1998, 3:00:00 AM9/21/98
to
Version 3.0 -
How do I change the number of days in the audit log?
I can bypass the DiskLock by rebuilding the desktop. What are other
ways this can happen?
I need to figure out how the secretary could go to lunch, lock the
HD, and return to find the desktop, unlocked.
The officers meet in the am, and I need this info NOW!I've written
this message three times now. Please help!

Michael Souther

unread,
Sep 21, 1998, 3:00:00 AM9/21/98
to

Toddy Haciski wrote:

> Configuration Information:
> Version: --Other--


> Operating system: --Other--
>
> Marnie-
> Thanks for the response; however, I still don't get it.

> How do I change the number of days in the audit log?

> I CAN bypass the DiskLock screen on startup by rebuilding the
> desktop. Are there other known ways to get around it, and turn
> DiskLock off? The ladies are VERY concerned that the computer files
> were open and DiskLock turned off when the secretary KNEW she had
> turned DiskLock on when leaving for lunch.
> Thanks!
>

Toddy:

As Marnie said in her response, Disklock 3.0 is extremely old, outdated and out of
support. Frankly, I would not recommend continuing to use it on current hardware and
system software configurations.

You should never be able to bypass the Disklock prompt by simply rebuilding the desktop.
This alone indicates there is a problem of some kind.

I'd highly recommend upgrading to a current, supported version of Disklock, or even
switching to one of our competitors product's, rather than continuing to use this outdated
version.

Let me know if you have further questions.
--
Sincerely,
========================================================================
Michael Souther [Symantec Corporation] Macintosh Technical Support

Please continue to post your messages to the public discussion groups as

Symantec does not provide support via private email.

If you have difficulty getting a response, please read the following article:

http://service1.symantec.com/SUPPORT/sharedtech.nsf/docid/1998527114414

For links to our other technical support options, including newsletters, Knowledge Base
support articles, our Online Support Genie, and FAQs, visit our main support page:

http://www.symantec.com/techsupp/index.html
========================================================================

Toddy Haciski

unread,
Sep 21, 1998, 3:00:00 AM9/21/98
to
Dearest Michael -
THANK you for responding! I was beginning to think no one would.
Please understand the situation I have. 4 yrs. ago, I put in a
6100/60 running system 7.5 for a ladies club whose last word
processor was a typewriter. The secretary promptly quit. Are you
getting a picture of this?
Anyway, for security, I added the DiskLock. The ladies have, since
then, been very happy with their little 'puter set-up. PLEASE, PLEASE
don't dismiss this simply because ver 3.0 is old. Gracious - so am
I!!
Now that there has been a breach, the ladies want an explanation,
beyond your recommendaion that we upgrade. Heavens, they've not
upgraded anything! Frankly, they don't NEED to upgrade! Their
'system' is working just fine. Plus, I often find that when you
upgrade 1 piece of software, lots of other dominoes fall in line,
too.
SO, can you simply give me some feasible scenarioes for the breach -
even on this old-timer? Surely, there is someone in the office who's
been around Symantec since ver 3.0! They expect a report TODAY!!

Michael Souther

unread,
Sep 22, 1998, 3:00:00 AM9/22/98
to

Toddy Haciski wrote:

Toddy:

Perhaps these salient points (from Marnie's post above) bear repeating:

2) If the Super User password is lost, forgotten or won't work, you have two
> > > options: reformat the drive or send it in for data recovery. Any files or
> > > folders that have been encrypted will be lost with either option. It is
> > > possible to regain access to locked files and folders using the data recovery process.
> > >
> > > 3) It is not possible to disable DiskLock without having the Super User
> > > password unless the database has been damaged.

If you can still log onto the machine, It might be wise to copy all the files off the drive and
reformat it. At that point, you could reinstall Disklock (if you choose), recreate the User
List (Super User, User and Guest access parameters), and should be able to go back to using the
program normally.

It think it is likely that the problems you are having with the log are related to the PRAM
battery issue you mentioned. You definitely want to replace the battery if you are seeing
dates of 1956 or 1904.

It appears something has been corrupted (perhaps the Disklock database or the disk's driver);
following the above steps should solve any possible problems in those areas.

Lastly, I should reiterate that Disklock 3.0 is discontinued and out of support. The best
thing might be to simply remove it; if you really need security software, I highly recommend
you update Disklock or switch to something else.

0 new messages