Re: Protecting the Operating System

Sebastian Gottschalk wrote:

Regarding point 1, it takes a fair level of technical skill to write one's
own MBR to splice into the chain.

No, it's trivial.

Let's just assume for a second that your fantasy bears some small
resemblance to reality, and you're really not just a bag of wind. If
it's "trivial" to code and install a custom MBR, then it's an order of
magnitude more trivial to simply replace it with a good one. Your
"threat" is so easily countered it's pointless and insignificant.

That obvious fact aside, have you ever actually tried replacing
bootstrap code on an encrypted drive, or are you talking out your ass
as usual? Would you be real shocked to find out that there's no
mainstream whole disk encryption software available today that doesn't
do a considerable amount of integrity- and self-testing? Doesn't take
great pains to safeguard what little there is left out in the open.

I suggest you actually *try* your hair brained theory before you make
yourself look any more foolish. You're in for a rude awakening.

Moreover, unless the modified MBR can do
wnhat it wishes *as well as return control to the original encrypted boot
process* all within one track, then it will have to put its malware
elsewhere on the HD.

You just need one little modification of the original boot program, that is
to store the entered password or the derived key somewhere. Just due to the
512 Byte alignment, you usually already have enough space available. And
what about optimizing the original program to reduce its size? Trivial.

Riiiiiight.... that's why boot sector viruses are still so prevalent
today. Because it's so much more easy to hide things in an MBR than
poke holes in networking protocols and software. That's why boot sector
viruses were never detected or anything, huh?



Relevant Pages

  • Re: Bootkit bypasses TrueCrypt hard disk encryption
    ... article right, someone could install "Stoned" into the MBR, boot the ... "whole disk" encryption clear. ...
  • Re: Boot problems afther reinstall windows
    ... >> Is it posible to boot one OS if you only have the MBR? ... > the boot sector that the MBR loads and jumps to. ... Now windows overwrites the MBR. ...
  • Re: grub problem
    ... It checks the MBR (master boot record, aka "boot sector") of each ... This data resides as a standard file in some kind of filesystem. ... not a "partition"; it is installing the stage1 code into the MBR. ...
  • Re: Cant Get Rid Of Unwanted Reference In MBR
    ... >> John Thow ... Safe Mode is not the same as Recovery Console. ... >them should be able to rewrite the MBR and boot sector. ...
  • Re: How to fix MBR for Vista
    ... MBR doesn't seem to be transferring control to boot loader on partition 1. ... It is interesting that bootmgr and other files are from 04/09/2009 and my original Vista DVD is from 2/12/2007. ... then either the boot sector is bad or the MBR ...