Embed Size (px)
Citation preview
Vol. 11, No. 9, Page 13
The value of information is meaningful only to its owners/authorized users (or those desiring to own/use the subject information).
The objective value of an asset is only a
mutually agreed to subjective value that may have little to do with cost or other measurable attributes.
Agreement as to value among relevant parties is the key issue in establishing/ assigning objective value.
Note that information itself exists in a world imperfect and incomplete information
about virtually every object, and agreement as to value occurs every day despite uncertainty.
Will Ozier
TECHNICAL EVALUATION
NORTON COMMANDER
Product: Norton Commander
Author, Developer: Peter Norton Computing Inc, 100 Wilshire Boulevard, 9th Floor, Santa Monica, CA 90401, USA; tel: 213-31 g-2000.
Vendor: Many (most?) computer dealers sell the Norton Utilities. It is distributed in the UK by SoftSel.
Availability: IBM PC/XT/AT, PS/2, or any close compatible running MS-DOS or PC-DOS.
Version evaluated: ~2.0, no serial number on demonstration version supplied. Software
supplied on both 5.25 inch 360K floppy disk, and 3.5 inch 720K floppy disk.
Price: $89.
Hardware used: Dual floppy ITT XTRA (a PC
compatible) with a 4.77 MHz 8088 processor,
one 3.5 inch (720K) drive, two 5.25 inch (360K) drives, and a 30 Mbyte Western Digital Hardcard, running under MS-DOS ~3.30.
A technical evaluation of the Norton
Utilities (Advanced Edition), taking specific
note of any details relevant to computer
security, was published in the February 1989
issue of CFSB. The Norton Commander
comes from the same software house, and as
some features are common between the
packages, this article complements the
previous article about the Norton Utilities.
This technical evaluation of the Norton
Commander (NC) discusses only the features relevant (in some way) to security, and should in no way be construed as a complete evaluation of the software package.
The 113 page manual provided with NC is a bit slim, but it is clearly written. Besides the main manual, the package includes a small 30 page booklet called ‘See DOS prompt’, subtitled ‘The Norton Commander Picture Book’, which explains in very simple terms what NC offers. This small book is well written, and explains the operation of NC in a way that can probably be understood by the most naive computer user. Also included are two small stickers showing the symbol used for NC (a nautical cap). I guess you are meant to attach these to the computer to indicate that NC will be visible when the computer to indicate that NC will be visible when the computer is powered up.
In technical terms, NC is a DOS shell
which presents information to the user once it
is activated, and enhances standard DOS commands. Stripped of jargon, this means
that NC is a program which once activated,
remains resident in memory, and changes the
way in which the computer operating system
(DOS) presents itself to the user. NC also
makes available at a few keystrokes facilities
which would normally require a sequential
combination of DOS commands.
COMPUTER FRAUD & 01989 Elsevier Science Puhlkhers IAd., England./89/$0.00 + 2.20 No part of this publication ma by any means, electronic, met g
be reproduced, stored in a retrieval s
SECURITY BULLETIN amcal, photocopying, recording or ot i. stem, or transmitted by any form or emwe. wthout the prtor permission
of the publishers. (Readem in the U.S.A.- please see special regulations listed on back cover.)
Vol. 11, No. 9, Page 14
In particular the simple bare prompt provided by DOS (“C:“) is replaced by a directory listing of the current disk, a directory listing of another disk drive, and a set of pull-down menus. The amount of information on the screen supplied by NC can be varied by the user from nothing, to two detailed directory listings which occupy almost the entire screen. These directory listings contain information on all hidden files contained on a disk, which if not
used carefully can somewhat negate the reason for hiding the files in the first place.
A DOS shell usually provides simple ways of using the facilities within the operating system. This method of using an operating system is aided by the fact that all operations
of NC are designed to be initiated by either a mouse or a keyboard. I cannot comment on how well mouse operations and NC co-exist, as I haven’t got a mouse. I’m not a fan of
these little rodents, but that’s just a matter of taste. Keyboard operation is mainly a matter of either choosing a function key from options displayed on the screen, moving the cursor using the special cursor keys, or entering text e.g. a directory path or a file name.
A standard DOS command can still be executed at any time, even though NC is active. This causes the information provided by NC to be removed from the screen, and
re-appear when execution of the DOS command is complete.
From the viewpoint of someone coming across the NCC for the first time, the facilities which I believe to be relevant to security can locate a file (or files) across an entire disk, compare two directories, store a historical list of the last 15 DOS commands, and move/copy/delete any specified combination of files.
These facilities can be applied to either a set of files specified using the DOS wild-card characters l and ?, or to a set of files which the user has pointed to whilst they are visible in a directory listing. Particularly powerful is the facility to move files by first copying the
contents of the files to their new location, and then deleting the original files. This facility can very easily be used to re-organize the structure of a disk. Users should beware that many security facilities rely on a particular disk structure being maintained, so such manipulation and/or directory changes may inadvertently cause problems.
I find such file manipulation facilities invaluable, but must provide a caution that was such power must come responsibility. For this reason I don’t think that I can recommend NC for users completely new to computers. The facilities available allow anyone to completely reorganize a hard disk in just a couple of minutes. Perhaps without realizing the consequences of their actions.
One problem I had with the Norton Utilities, was that some of the programs did not recognize 3.5 inch disk drive. No such problems arise with NC. It. operates quite happily on any type of drive - even a RAM disk (one that is entirely memory resident, and has no physical counterpart).
I have now had NC for a few months, but I cannot say that I leave the program active at all times. It is just too intrusive, and occupies 145K of the available 640K of memory. However without exception I use NC to perform complex rearrangements of files and/or directories. For this purpose I prefer NC to any of the other utility software providing comparable facilities (e.g. XTREE).
In summary, the NC menus are very simple to use, and a lot of thought has gone into how information is presented onscreen. The facilities provided are powerful but not always needed on a permanent basis. If you make NC generally available to a user population, then the facilities provided should be used with care, as they can accidentally (or otherwise) be used with destructive capability.
Update on the Norton Utilities, Advanced Edition, version 4.5-
In my previous technical evaluation of the
Norton Utilities (Advanced Edition, version
COMPUTER FRAUD & 01989 Elsevier Science Puhlkhers Ltd., England./89/$0.00 + 2.20 No part of this puhlicatjon ma be re reduced. stored in a retrieval R
SECURITY BULLETIN h r
any means, elec(son~c, met L P anlca , photocopying, recording or ot h. stem, or transmitted by any form or enwe, wthoul the prtor permission
o the publishers. (Readers in the U.S.A.-please see special regulation5 listed on back cover.)
Vol. 11, No.9, Page 15
4.5) I promised to write a future article
detailing any problems found after extensive
use of this package. This would not come
from a one-off technical evaluation, but from general use of the software (I already
frequently used a much older version of the
Norton Utilities).
This article will not be published for the
simple reason that I have nothing further to
report. The software works, and I have no
criticisms beyond the comments in my original
technical evaluation article (CFSB February
1989).
What more can one ask of a software package?
PUBLICATIONS
COMPUTERS & SECURITY JOURNAL
Elsevier Advanced Technology, the publisher of Computer Fraud and Security Bulletin, also publishes the major international journal Computers & Security Eight issues are produced each year.
Each issue contains refereed articles on relevant subjects, special features, summaries of articles published elsewhere and an events calendar. There is also a section, Random Bits and Bytes, by Editor-$-Chief Dr Harold Joseph Highland which gives up-to-date and in-depth analysis of issues facing the computer security community.
The June issue contains articles on security in local area network design, computational aspects of computer viruses, the internet worm, viruses and worms, prerequisites for data control and disaster
recovery.
For a free sample copy of Computers & Security contact Paul Evans, Elsevier
Advanced Technology, Mayfield House, 256 Banbury Road, Oxford OX2 7DH, UK; tel: +44-(0)865-512242; fax: +44-(0)865-310981.
EVENTS
SYSTEMS DESIGN
A seminar is to be held 12-l 4 July on Industrial Security Systems - Conceptual Design and Application at the University of
Wisconsin, Milwaukee, WI 53203, USA. For more information call John T. Snedeker on (414) 227-3120.
COMPSEC ‘89
This year the sixth Compsec conference will be held in conjunction with the EDP Auditors Association in London, UK. The programme includes a three hour special
presentation on the computer virus threat, seminars on auditing, insurance, risk analysis, countering computer fraud, data protection, smart cards, open systems interconnection security, electronic data interchange and systems security in a variety of banking, commercial and governmental environments. It runs 1 l-l 3 October.
Write, telephone or fax for full details to: Penny Moon, Elsevier Seminars, Mayfield
House, 256 Banbury Road, Oxford OX2 7DH, UK; tel: +44-(0)865-512242; fax: +44-(0)865-310981.
I FI P/SEC ‘90
The sixth international conference and exhibition on information security is to be held from 23-25 May 1990 in Espoo, Finland.
COMPUTER FRAUD 81 01989 Elsevier Science Publishers Ltd., England./89/$0.00 + 2.24) No part of this publication ma be re
SECURITY BULLETIN b r
any means, electronic, met r, . P reduced, stored in a retrieval s stem, or transmitted by any form or
amca , photocopying, recording or o x. erase. w&out the prmr permission o the publishers. (Readers in the U.S.A.-please see special regulatiom listed on back cover.)
![David Hume [David Fate Norton, Mary J. Norton]](https://img.pdfslide.us/doc/110x75/5695d4c71a28ab9b02a2baa7/david-hume-david-fate-norton-mary-j-norton.jpg)
